HOME/All Jurisdictions/RW

RW — Country Profile

Rwanda

20TOTAL
19OFFICIAL SOURCES
2TOPIC AREAS
Law / Act2
Executive Order7
National Strategy3
Other8
16 OCT 2025 · Other

Plans to develop cybersecurity regulations on Secure Financial APIs in Financial Sector Development Strategy (2025 - 2030)

On 16 October 2025, Ministry of Finance and Economic Planning published information on a strategic initiative concerning Cybersecurity Regulation on Secure Financial APIs in the Financial Sector Development Strategy (2025 - 2030). This regulation aims to enhance data security by implementing token-based authentication and enforce TLS/SSL encryption for data transfers within the Fintech industry. The initiative involves establishing a national API governance framework, which will include regul...

National Strategyminecofin.gov.rw ↗
22 SEP 2024 · Other

AI Playbook for Small States

Official source record dated 22 September 2024 for Rwanda concerning AI Playbook for Small States. See the linked imda.gov.sg source for the authoritative text, procedural context, and implementation details.

✓ OfficialNational Strategyimda.gov.sg ↗
04 SEP 2024 · Other

DPO guide on contractual provisions for processing of personal data

On 9 April 2024, the Data Protection and Privacy Office (DPO) in Rwanda issued the "Guide on Contractual Provisions for Processing of Personal Data," outlining mandatory requirements for data processing agreements under Law N. 058/2021 of 13 October 2021 on personal data protection. The law mandates that Data Controllers and Data Processors formalise their processing activities through legally binding agreements, and the guide outlines provisions such as the scope of processing, data subject ...

✓ OfficialNational Strategydpo.gov.rw ↗
28 JUL 2024 · Executive Order

NCSA Minimum Cybersecurity Standards for Essential Service Providers

On 28 July 2024, the Minimum Cybersecurity Standards for Essential Service Providers (ESPs) entered into force. These standards define baseline cybersecurity requirements to ensure the confidentiality, integrity, and availability of critical infrastructure, ICT systems, and stakeholders’ data handled by ESPs in Rwanda. The regulation applies to ESPs operating within Rwanda and introduces a tiered approach, dividing requirements into three categories based on service criticality and user impac...

✓ OfficialNational Strategycyber.gov.rw ↗
21 MAR 2024 · Executive Order

Presidential Order on Accession to Budapest Convention on Cybercrime

On 21 March 2024, Presidential Order No 020/01 was published in the Official Gazette of Rwanda, approving the accession to the Budapest Convention on Cybercrime, established on 21 November 2001, and its Additional Protocol on the criminalisation of acts of racist and xenophobic nature committed through computer systems from 28 January 2003. The Convention serves as a framework that enables hundreds of practitioners from member parties to exchange experiences and build partnerships on cybercri...

✓ OfficialNational Strategyminict.gov.rw ↗
07 FEB 2024 · Other

Data Protection and Privacy Office Guide on Designation of a Representative

On 2 July 2024, the Data Protection and Privacy Office (DPO) released the "Guide on Designation of a Representative," which outlines the requirements for Data Controllers and Data Processors based outside Rwanda to appoint a representative in Rwanda if they process personal data of individuals within the country. The representative must be a registered corporate body or legal entity in Rwanda, capable of understanding the designating party's operations, and handling data protection and privac...

✓ OfficialNational Strategydpo.gov.rw ↗
23 JAN 2024 · Executive Order

Content moderation regulation in Ministerial Order No. 001/MINICT/2024 on the protection of children online

On 23 January 2024, Ministerial Order No. 001/MINICT/24 came into force. The order requires the implementation of content filtering tools and content labelling to limit minors' access to harmful content. The order defines harmful online content as any material that could negatively influence a child's development, such as child sexual abuse content, depictions of human sexual organs, or material exposing children to sexual acts or bestiality through images, videos, or audio. In particular, di...

✓ OfficialContent Moderationminijust.gov.rw ↗
02 JAN 2024 · Executive Order

DPO Standard Contractual Clauses for Personal Data Transfer Outside Rwanda under the Law No. 058/2021 of 13/10/2021

On 1 February 2024, the Data Protection and Privacy Office (DPO) issued the Standard Contractual Clauses (SCCs) for Personal Data Transfer Outside Rwanda under the Law Nº 058/2021 of 13/10/2021. These clauses ensure compliance with Article 49 of the law, applying to both the Discloser and the Recipient of the data. Provisions include implementing technical and organisational measures for data protection, purpose limitation, transparency, accuracy, data minimisation, storage limitation and sec...

✓ OfficialNational Strategydpo.gov.rw ↗
20 APR 2023 · Executive Order

Measures establishing a Presidential Council on AI in National AI Policy

On 20 April 2023, the National AI Policy has been approved. The policy includes recommendations to facilitate AI integration within the private sector. These encompass identifying high-potential AI use cases aligned with national goals, conducting AI meetups and demonstrations to raise awareness, and establishing a Presidential Council on AI to offer strategic advice to both government and private entities. To strengthen the emerging AI ecosystem, the policy introduces the “Rwanda AI Program”...

✓ OfficialNational Strategyminict.gov.rw ↗
05 APR 2023 · Other

DPO guidance on personal data inventory and readiness checklist tools

On 4 May 2023, the Data Protection and Privacy Office (DPO) issued guidance on personal data inventory and readiness checklist tools under Law N. 058/2021 of 13 October 2021. The guidance provides tools to support organisations in meeting legal requirements for personal data protection, including mapping personal data categories, establishing lawful processing bases, setting retention periods, and ensuring compliance with data protection standards. It outlines obligations related to data subj...

✓ OfficialNational Strategydpo.gov.rw ↗
28 OCT 2022 · Law / Act

Law No. 027/2022 establishing taxes on income expanding applicability to digital services

On 28 October 2022, Law No. 027/2022 establishing taxes on income, which includes provisions for the taxation of digital services, entered into force after being published in the official gazette. The law defines digital services to encompass online activities, including online advertising, the supply of user data, online search engines, social media platforms, digital content services, online gaming, cloud computing services, and standardised online teaching services. By incorporating these ...

✓ OfficialNational Strategyrra.gov.rw ↗
01 OCT 2022 · Other

National Cyber Security Authority guidance on right to access, object and restrict processing of personal data

On 10 January 2022, the National Cyber Security Authority (NCSA) published guidance on the right to access, object and restrict processing of personal data. The guidance states that Protection of Personal Data and Privacy Law No. 058/2021 empowers data subjects with significant rights, including the right to access personal data, the right to object to its processing, and the right to restrict processing. Right to access allows data subjects to request information about purposes of data proce...

✓ OfficialNational Strategycyber.gov.rw ↗
17 JUN 2022 · Executive Order

National Bank of Rwanda Regulation on Cyber Security in Regulated Institutions (No. 50/2022)

On 17 June 2022, the Regulation on Cyber Security in Regulated Institutions (No. 50/2022) enters into force. The regulation applies to financial institutions supervised by the National Bank and establishes mandatory requirements for cybersecurity governance, risk management, and data protection. It mandates the implementation of governance frameworks involving Boards of Directors and Senior Management to oversee cybersecurity strategies and ensures the regular assessment of risks. The regulat...

✓ OfficialNational Strategyarchive.gazettes.africa ↗
17 MAR 2022 · Other

National Cyber Security Authority guide clarifying distinctions between data controller and data processor

On 17 March 2022, the National Cyber Security Authority (NCSA) published a guide clarifying distinctions between data controller and data processor under Rwanda's personal data protection law No. 058/2021. Data controllers decide how and why personal data is processed, while data processors handle data on behalf of controllers. Organisations can determine their role by assessing who makes decisions about data collection and processing. Entities can be both controllers and processors if they p...

✓ OfficialNational Strategycyber.gov.rw ↗
15 OCT 2021 · Law / Act

Data transfer regulation in Law No. 058/2021 relating to the protection of personal data and privacy

On 15 October 2021, Law No. 058/2021, relating to the protection of personal data and privacy, entered into force. Personal data may be transferred outside Rwanda if authorised by the supervisory authority with appropriate safeguards or if specific conditions are met, including consent from the data subject, contractual necessity, public interest, legal claims, vital interests, or legitimate interests. Transfers must comply with Rwanda's ratified international instruments. Contracts are requi...

✓ OfficialNational Strategydpo.gov.rw ↗
08 JUL 2021 · Other

Revenue Authority inquiry into taxing digital economy

On 7 August 2021, the Rwanda Revenue Authority concluded its inquiry into the challenges of implementing a digital service tax for companies operating in Rwanda. The inquiry focused on the potential financial strain this tax could impose on businesses that do not achieve profitability, within the context of Rwanda's ongoing efforts towards digitisation. The report also highlighted the need to balance revenue collection with fostering an environment conducive to innovation and investment, as d...

✓ OfficialNational Strategyrra.gov.rw ↗
29 MAY 2020 · Executive Order

Regulation Governing Cybersecurity (Regulation No. 010/R/CRCSI/RURA/020)

On 29 May 2020, the Cybersecurity Regulation for Infrastructure Providers (Regulation No. 010/R/CRCSI/RURA/020) entered into force. The regulation stipulates that infrastructure providers must implement security measures. It mandates the establishment of security controls to protect networks and systems, ensuring confidentiality, integrity, and availability of data. In particular, licensees are obligated to implement an Information Security Management System (ISMS) and conduct regular securit...

✓ OfficialNational Strategyrura.rw ↗
National Strategy

Kigali Global AI Summit Outcomes (Africa Declaration on Artificial Intelligence)

AI law in Rwanda: Adopted at the Kigali Global AI Summit, the Africa Declaration on AI establishes a unified continental vision for ethical, inclusive, and sustainable AI development, emphasizing growth, innovation, and robust governance....

✓ OfficialNational Strategyminict.gov.rw ↗
National Strategy

Law No. 058/2021 Relating to the Protection of Personal Data and Privacy

AI law in Rwanda: Rwanda's comprehensive data protection legislation enacted in October 2021, establishing legal safeguards for personal data and privacy. The law designates the National Cyber Security Authority as the supervisory authority and applies to all data processing activities including those involving AI systems....

✓ OfficialNational Strategyncsa.gov.rw ↗
National Strategy

National Artificial Intelligence Policy

AI law in Rwanda: Rwanda's National AI Policy, approved by Cabinet in April 2023, establishes the country as the first in Africa to adopt a comprehensive national AI policy. The policy aims to position Rwanda as a global center for AI research and innovation while promoting responsible and inclusive AI development....

✓ OfficialNational Strategyminict.gov.rw ↗