An African framework for international peace and security in cyberspace

The challenge

International peace and security in cyberspace have increasingly become a concern for states, especially, following the recent efforts by the United Nations Security Council to prioritise a mandate on the international peace and security aspects of cybersecurity. Cyber threats are a major and growing challenge to the peace and security of the African Union and its member states. They pose challenges to peaceful relations between states, as well as the security, economic wellbeing and sovereign rights of all member states. It is now widely accepted that cyber has become a new domain of conflict and there have been incidences of malicious state and non-state cyber activity as the African region increasingly digitises and cyber capabilities grow. In order to build and maintain peace and security in cyberspace, a proper African Framework for International Peace & Security in Cyberspace is needed.

Spearheaded by the Political Affairs, Peace and Security (PAPS) Department at the African Union Commission (AUC), PAPS is responsible for leading peace and security efforts in African countries across all domains, including cyberspace. The project will contribute to the AU's 'Agenda 2063', which has cybersecurity as one of its flagship projects.

The outcome

In a world shaped by technology, maintaining African regional security is dependent upon the region's resilience to malicious and irresponsible cyber activity. This includes both the capacity to defend African cyberspace when under attack, as well as rules, norms, and guidance for states to maintain peace and security in cyberspace in the first place.

PAPS and the Peace and Security Council (PSC) have made notable progress in enhancing peace, democracy and security on the continent – including the PSC's Common African Position on the Application of International Law to Cyberspace. This project develops an AUC and PAPS led African Framework For International Peace & Security in Cyberspace. The framework adapts the UN framework on international peace and security in the use of ICTs and responsible state behaviour for the African context. It will help guide AU member states and Africa in developing and enhancing their cyber resilience. It will provide pathways, develop norms and confidence building measures African countries can adopt to uphold peace and security in African cyberspace.

The project delivered a framework based around three key areas:

• African Union Guidelines on Norms of Responsible State Behaviour in Cyberspace and Confidence Building Measures to maintain peaceful relations in Cyberspace. The framework includes guidance that provides a detailed explanation of the United Nations Norms of Responsible State Behaviour in Cyberspace with practical best practices on implementation for AU Member States, taking in mind regional contexts and capabilities. The guideline will assist African cybersecurity policymakers on principles and standards for demonstrating the application and implementation of UN norms of responsible state behaviour in cyberspace.

• African Union Declaration on Peace and Security in Cyberspace - Following the UN Security Council's Open-Debate on Cybersecurity on 20 June 2024 at the UN Headquarters, where the UN Security Council debated on measures to fulfil its primary responsibility of maintaining international peace and security in the era of expanding cyberthreats. This event led to approximately one-third of the United Nations member states issuing a “Joint Statement on the Use of Information and Communications Technology in the Context of International Peace and Security”. While this marks the first affirmation of its kind in the history of the UN Security Council, only four (4) African countries are represented in the Joint Statement, further highlighting the need for awareness of the peace and security dimensions on cybersecurity in the African region. The declaration like other AU Declarations will serve as a tool for enhancing a commitment by African States to ensure peace and security in cyber-related matters. This means in matters such as cyber warfare, cyber-attacks, cyber aggression, use of force in cyberspace (as may be defined through international law interpretations, tackling mis/disinformation, as well as ensuring the security of critical infrastructure in times of war in accordance with international humanitarian law.

• AU Mapping Report on Proliferation and Irresponsible Use of Commercial Cyber Intrusion Capabilities in Africa. During the UN Security Council Debate on Cybersecurity, the Presidency of the Security Council – South Korea noted that “Sophisticated and intrusive malicious cyber activities are raising serious concerns for international peace and security”. The African Union (AU) is a signatory to The PALL MALL PROCESS: Tackling the Proliferation and Irresponsible Use of Commercial Cyber Intrusion Capabilities. Africa continues to face a high level of penetration of commercially available cyber intrusion tools, with for example, a high level of ransomware scourge which presents immense local and international security challenges. The Mapping report provides a working definition in accordance with an African regional perspective, including mapping the legal and social policy issues, challenges and recommendations for mitigating the Proliferation and Irresponsible Use of Commercial Cyber Intrusion Capabilities in the Region.

Our approach

In February 2024, the AU adopted the Common African Position on the Application of International Law to Cyberspace alongside, decisions and pronouncements on peace and security and cybersecurity in Africa, particularly Communiqué [PSC/PR/COMM.1196 (2024)] adopted at its 1196th meeting held on 29 January 20204, Communiqué [PSC/PR/COMM.1171 (2023)] adopted at its 1171st meeting held on 24 August 2023, Communiqué [PSC/PR/COMM.1148 (2023)] adopted at its 1148th meeting held on 13 April 2023, and Communiqué [PSC/PR/COMM.1120 (2022)] adopted at its 1120th meeting held on 9 November 2022. Furthermore the AU PSC in its 1233rd Meeting held on 25 Sept 2024 requested AU for the integration of cybersecurity into its conflict prevention frameworks and encourages Member States to collaborate to bolster digital resilience, counter cyber threats and mitigate the risks posed by disinformation and digital threats.

Bearing in mind the inherent cross-cutting nature of regional peace and security threats emanating from cyberspace, the African Union (AU), through its Political Affairs, Peace and Security (PAPS) Department, and in alignment with Agenda 2063 and the AU Digital Transformation Strategy for Africa (2020–2030), decided to undertake the development of a comprehensive Framework on Peace and Security in Cyberspace, with the support of the United Kingdom Foreign and Commonwealth Development Office (FCDO).

The draft framework with Leeds Beckett University's Professor Nnenna Ifeanyi-Ajufo as principal investigator has been developed through a consultative process involving African Union Member States, Regional Economic Communities (RECs), civil society organizations, the private sector, and regional and international partners.

Roundtable on Responsible Governance of Commercial Cyber Intrusion Capabilities in Africa

The roundtable was aimed at

1. Defining a conceptual understanding of the permeation of commercially available cyber intrusion capabilities in Africa.
2. Elaborating the existing mechanisms (if any) for addressing and mitigating commercially available cyber intrusion capabilities in Africa.
3. Enhancing the understanding of the PALL MALL Process within the context of the African region and amongst the African Union Member States.
4. Initiating the development of effective frameworks for responsible acquisition, development, and use of commercially available cyber intrusion capabilities tailored to African realities.
5. Creating a multi-stakeholder platform for ongoing dialogue and collaboration between governments, private sector entities, civil society organizations, and academic institutions on tackling commercially available cyber intrusion capabilities in the African region.

The roundtable laid the foundation for the final African Union Mapping Report on Proliferation and Irresponsible Use of Commercial Cyber Intrusion Capabilities in Africa.

Expert Meeting to Review the African Union Framework for Peace and Security in Cybersecurity and Raise Awareness of Security Governance Issue Linked to Emerging Technologies Such As Artificial Intelligence (AI) and Their Role in Illicit Arms Proliferation.

An expert meeting was held on 17-18 November 2025 at the African Union Headquarters, Addis Ababa, Ethiopia to validate the developed framework. The objective of the meeting was to review the draft African Union Framework on Peace and Security in Cyberspace to finalise stakeholder input and ensure alignment with existing regional instruments.

The specific objectives of the validation meeting were:

1. To present and review the draft components of African Union Framework on Peace and Security in Cyberspace;
2. To validate the strategic priorities, legal principles, and implementation modalities proposed in the draft components of the framework;
3. To collect final inputs and consensus from stakeholders across the continent and strengthen ownership and alignment with existing continental and regional instruments on peace, security, and digital governance;
4. To introduce and discuss the inception of the Artificial Intelligence component of the framework, especially, the launch of the intuitive to develop an African Union Common Position on Artificial Intelligence and outline a roadmap for development, adoption, operationalization, and monitoring of the component.

Post project delivery

The project was delivered to the FCDO and the African Union Commission on 31 March 2025. Such projects go through various processes at the African Union including validation meeting and expert meetings, presentation to AU Member States.

The expert meeting lays the foundation that will lead to:

• Consensus among AU Member States and stakeholders on the contents of the Framework;
• A validated version of the Framework ready for submission to the AU relevant Specialized Technical Committees and Executive Council;
• Recommendations for implementation mechanisms, including coordination roles for RECs, Member States, and AU organs;
• Identification of key areas for technical assistance, capacity building, and partnership support.
• Artificial Intelligence (AI) in Governance, Peace and Security promoted

Project participants

• Representatives from AU Member States Experts (Ministries of ICT, Defense, Interior, Foreign Affairs);
• AU advisory group on Artificial Intelligence
• Regional Economic Communities (RECs);
• AU Commission Departments (especially Peace and Security, Political Affairs, ICT and Innovation, and Legal Counsel);
• African Union Centre on Counter Terrorism (AUCT), African Union Mechanism for Police Cooperation (AFRIPOL), African Standby Force, and Committee of Intelligence and Security Services of Africa (CISSA); Economic, Social and Cultural Council (ECOSOCC).
• Civil society, academia, and think tanks with expertise in cybersecurity and cyber- peacebuilding;
• AU International and development partners.
• Private sector actors (e.g., telecoms, cybersecurity firms, digital infrastructure providers)