Politics & Society
Your social media feed is changing democracy
Developing countries are writing AI laws they cannot enforce
Bangladesh, Ghana, Rwanda and Indonesia are racing to regulate artificial intelligence, but the institutions needed to make those laws work are still nowhere in sight
Published 29 April 2026
Imagine that a government builds a five-star airport without any roads leading to it. The terminal is immaculate, the runway is regulation length – but there is simply no way to get there.
This is roughly what is happening with artificial intelligence (AI) governance across much of the developing world.
Bangladesh’s new national AI policy, released in early 2026, proposes seven regulatory bodies, mandatory impact assessments for high-risk AI systems, a national large language model and an independent oversight committee with quasi-judicial powers.
It reads like something Brussels – the administrative heart of the European Union – might produce.
Bangladesh has a per capita income of roughly US$2800. Current technical capacity means major government databases cannot talk to each other. Its rural internet penetration is 38 per cent.
We are both former Bangladesh civil servants, now studying AI at the University of Melbourne. A decade inside these bureaucracies gives you a particular view of what ambitious policy documents look like when they meet the people expected to implement them.
A template that travels
The EU AI Act, the world’s first comprehensive AI law, was three years in the making and still will not be fully operational until 2027.
It’s supported by a dedicated AI Office made up of around 140 staff, market surveillance authorities across all 27 member states and data protection law in force since 2018.
Even the EU is struggling and this is a bloc with decades of regulatory infrastructure behind it.
The Act required that all 27 EU member states hit an August 2025 deadline for a series of governance milestones. But only eight of 27 member states had got as far as formally designating national enforcement bodies.
The technical standards companies that need to prove compliance with the law missed their own deadline and are now targeting late 2026.
So, if the EU can’t keep pace, let’s consider what is happening elsewhere in the world.
In October 2023, Ghana launched its National AI Strategy – although cabinet only approved in February 2026, more than two years later.
The Responsible AI Office the strategy promised still does not exist.
Rwanda’s National AI Policy was approved in April 2023. Implementation will cost an estimated US$76.5 million over five years. As of 2023, US$1.2 million had been mobilised and the Responsible AI Office has yet to open its doors.
Sciences & Technology
Ethics, privacy and the perils of 'deepfake geography'
Indonesia launched its AI strategy in 2020, covering five sectors through to 2045. The AI Ethics Council the strategy called for still does not exist.
In 2024, Indonesia suffered a major breach of its National Data Centre while simultaneously rolling out facial recognition for law enforcement without any legal framework.
It’s fair to say there are some rather large gaps.
When the regulated write the rules
The AGILE Index 2025, which tracks AI governance capacity across 40 countries, finds a gap of more than 40 percentage points between high-income and middle-income countries in their ability to actually implement regulation.
That gap is not a matter of political will. It’s structural.
In Bangladesh, new regulatory bodies begin with officials on temporary assignment from other ministries, rather than specialist hires.
The proposed National Data Governance Authority will likely start with a dozen officials from the Information and Communication Technology (ICT) Division, most with no background in machine learning.
That’s not a criticism, only a description of how the government works.
But there is a harder question – who is actually writing these policies?
Nigeria’s 2025 AI Strategy was explicitly guided by a Google corporate report recommending cloud-first adoption, a policy that directly benefits Google Cloud.
As the digital law and policy journal, Just Security, reported – Google committed US$2.1 million to the strategy’s development.
When regulated companies help design their own regulation, the conflict of interest does not vanish. It just gets a friendlier name: ‘multi-stakeholder collaboration’.
Ghana, Rwanda and Bangladesh all worked with GIZ, Germany's federal development agency, and the United Nations Educational, Scientific and Cultural Organization (UNESCO) – drawing on their expertise in AI ethics frameworks and digital governance.
That expertise is real, but borrowing a governance architecture is not the same as having the foundations to hold it up.
Getting the foundations right
Rwanda’s policy focuses on specific problems rather than trying to govern everything at once: things like healthcare access, agricultural productivity and rural services.
It has backed this with real investment. Internet penetration rose from 26 per cent in 2020 to 62 per cent by 2024.
Rwanda also hosted 2022’s International Conference on Learning Representations, the world’s premier machine learning conference – making it the first time the event was held in Africa.
In fact, research has found that Rwanda is taking a genuinely protective stance on data sovereignty rather than a performative one, despite the fact its Responsible AI Office is still not operational.
Health & Medicine
We built AI friends but forgot the safeguards
The numbers behind its funding situation tell the story.
You cannot run an impact assessment without staff who know how. The governance framework has to be built on something real. The foundation has to come before the roof.
AI governance that cannot be enforced is not governance
None of this means developing countries should wait. The harms from unregulated AI are real and accumulating now.
Algorithmic bias distorts credit decisions. Deepfakes are used for gender-based violence. Facial recognition operates without legal authority across the Global South. These are not future risks.
Four foundational commitments need to come first: interoperable government data, one well-funded regulatory body with real authority, civil servant training before AI is deployed and a focus on two or three sectors rather than the whole economy.
The people most exposed to ungoverned AI are rural women, informal workers and people whose languages most AI systems cannot understand. These people are also the least likely to ever invoke the protections that AI policy promises.
A governance framework that cannot be enforced is not a neutral document.
It tells citizens protection exists when it does not. It tells investors a regulatory environment is stable when there is no functioning regulator. And it lets governments appear AI-ready while their databases still cannot talk to each other.
These countries deserve AI governance that actually works for them – not documents that promise readiness while protection fails to arrive.