The Enforcement Gap: Why Africa's AI Regulations Need Runtime Enforcement
The Case for Runtime Compliance Infrastructure in African AI Agent Deployments
Omotayo, O. (2026, July 12). The enforcement gap: Why Africa's AI regulations need runtime enforcement. Comply54 Research Working Paper No. 1. Zenodo. https://doi.org/10.5281/zenodo.21324303
The accountability gap no one is talking about
Africa's AI regulatory landscape is more developed than most builders assume. The Nigerian Data Protection Act 2023, Kenya's Data Protection Act 2019, South Africa's POPIA, Egypt's PDPL No. 151/2020, Ghana's AI Governance and Development Policy 2025, the NIMC Act 2026, and the African Union's Continental AI Strategy collectively impose specific, enforceable obligations on AI systems operating across the continent.
The problem is not a lack of law. It is a lack of mechanism. AI agents — systems that make thousands of decisions per second across payments, identity verification, healthcare, and credit — have no native capability to evaluate these obligations before they act. Compliance, where it exists at all, depends on a language model's recall of statute text embedded in a prompt. That is not compliance. It is a well-intentioned guess, repeated at inference speed.
This paper names that gap: the enforcement gap — the space between a regulation's existence and an AI agent's ability to honour it in real time. We document it with specific failure modes drawn from Nigerian fintech deployments and other regulated sectors, showing how standard agent architectures expose operators to regulatory liability that no amount of model fine-tuning, RAG-based statute retrieval, or prompt engineering can reliably close.
We then describe runtime enforcement infrastructure as the solution: a persistent compliance layer that evaluates agent actions against machine-readable policy rules before execution, produces cryptographically signed audit evidence, and integrates into existing agent architectures without requiring rewrites. We demonstrate this through comply54, an open-source implementation encoding obligations from twelve African jurisdictions into evaluable policy packs — deployed into LangGraph, CrewAI, and AutoGen workflows within hours.
The conclusion is direct. Encoding African law into policy that an AI agent can correctly interpret is work that cannot be outsourced to foundation model providers or imported from Western compliance tooling. It requires infrastructure built for this continent, by people who understand its regulatory environment. This paper is an argument for that infrastructure — and a first implementation of it.
"Africa does not have an AI regulation gap. It has an accountability gap."
— The Enforcement Gap, p. 3Seven sections · 26 pages
- § 1
Africa's AI Moment and Its Governance Paradox
The continent is deploying AI at scale while building regulatory infrastructure in parallel — a sequence unlike any prior wave of technology adoption.
- § 2
What Africa Actually Has: The Regulatory Reality
NDPA 2023, KDPA, POPIA, PDPL, GAID 2025, NIMC Act 2026, and the AU Continental AI Strategy together constitute a substantive body of enforceable law.
- § 3
How AI Agents Currently Operate in African Regulated Sectors
Standard agent architectures — LangGraph, CrewAI, AutoGen, OpenAI Agents SDK — have no native mechanism for regulatory evaluation before action execution.
- § 4
Why Existing Solutions Don't Close the Gap
Fine-tuning, RAG-based statute retrieval, and system-prompt instructions all share the same fundamental failure mode: they rely on a language model's recall, not policy evaluation.
- § 5
Runtime Enforcement: What the Solution Looks Like
A persistent compliance layer that evaluates actions against machine-readable rules before execution, produces signed audit evidence, and integrates without architectural rewrites.
- § 6
Implications for Builders, Fintechs, and Regulators
What runtime enforcement evidence means for operator liability, regulatory audit, and the developer experience of building compliant AI agents in Africa.
- § 7
The Way Forward
A research agenda for extending runtime enforcement to new jurisdictions, sectors, and agent architectures — and an open invitation to the African AI developer community.
"Compliance that depends on a language model's recall of a statute is not compliance. It is a well-intentioned guess, repeated thousands of times a day."
— The Enforcement Gap, § 412 jurisdictions examined
Citation formats
Omotayo, O. (2026, July 12). The enforcement gap: Why Africa's AI regulations need runtime enforcement. Comply54 Research Working Paper No. 1. Zenodo. https://doi.org/10.5281/zenodo.21324303
@article{omotayo2026enforcementgap,
author = {Omotayo, Oluwajuwon},
title = {The Enforcement Gap: Why Africa's AI Regulations Need
Runtime Enforcement},
year = {2026},
month = jul,
publisher = {Zenodo},
note = {Comply54 Research Working Paper No. 1. Preprint.},
doi = {10.5281/zenodo.21324303},
url = {https://doi.org/10.5281/zenodo.21324303}
}The compliance infrastructure Africa's AI agents need exists.
comply54 is open source, Apache 2.0, and ready to integrate. The paper makes the case — the code makes it real.