Fragmented Rules, Shared Markets: The Evolution of Digital Financial Services Regulation in East Africa

A REPORT examining how national and regional regulators in East Africa are responding to rapid growth in the digital financial services (DFS) ecosystem.

Abstract

This report examines how national and regional regulators in East Africa are responding to rapid growth in the digital financial services (DFS) ecosystem. It analyses regulatory frameworks and policy trends in EAC and COMESA member states, focusing on the evolution of multi-layered regulations governing mobile money services, digital lending, and data privacy.

Our findings highlight that most EAC and COMESA states have formalized mobile money and payment services, with regulatory frameworks converging around common licensing and oversight of mobile payment providers.  For example, initiatives like interoperable payment systems and sandbox regimes have spread from Kenya to the rest of the region. Data protection laws have also emerged region-wide, with varied adoption across member states evidenced by Kenya and Uganda in 2019, Rwanda in 2021, Tanzania in 2022 and Ethiopia in 2024. This reflects a broader trend of incorporating privacy and cybersecurity safeguards into financial regulation.  

Despite this progress, fragmentation of regulations poses a significant barrier. Inconsistencies across e-commerce regulation, consumer protection, and digital ID laws across countries create enforcement gaps. Key digital economy rules such as electronic signatures and data rights are not harmonized, limiting cross-border adoption. 

The main takeaway is that DFS regulation in East Africa is gathering momentum, with the new frameworks addressing significant gaps. However, divergent rules and emerging risks, notably cyber threats and privacy violations persist. To fully realize regional financial inclusion and integration, policymakers will need to align standards through a coordinated regional approach.

Introduction 

East Africa’s DFS landscape is transitioning from a narrative of inclusion to one of complex integration. Once the global pioneer of mobile money, the region’s platforms have scaled massively; one major provider alone now processes an annualised transaction value approaching $200 billion. This success, however, is breeding new complexity. The region now confronts a wave of next-generation regulatory challenges, from the boom in digital credit to the advent of open finance.

Given the rapid movement of digital financial services across the region, this analysis is imperative. The sector's rapid expansion beyond payments into digital banking, savings, and unsecured FinTech credit, has created a dual reality. This diversification is undeniable. In Kenya, by June 2025 the Central Bank’s new licensing framework governed 5.5 million loans valued at KSh 76.8 billion. However, this explosive growth is accompanied by systemic risks that national frameworks are ill-equipped to manage. Regulators, who once adopted a ‘test-and-learn’ approach, now face a mandate complicated by widespread public concerns over predatory practices, unethical debt collection, and the misuse of personal data.

The balance between innovation and stability defines the current phase of development Cybersecurity and data privacy are no longer abstract risks. According to PwC, 74% of organisations in East Africa now identify cyber risks as their top concern, a figure significantly above the global average. This highlights the acute vulnerability of the region's burgeoning digital economy. Furthermore, as fintech firms become systemically important, the lack of regulatory harmonisation across the East African Community (EAC) creates tangible friction. This fragmentation is a key barrier to a single digital market, prompting the EAC to approve a new Cross-border Payment System Masterplan in 2025 to tackle high transaction costs and fragmented frameworks.

This report traces the evolution of DFS regulation across key EAC markets. It identifies the principal, data-backed risks and gaps that threaten sustainable growth. This report argues that the region is at a critical inflection point. The ad hoc, national-level regulatory fixes of the past are no longer sufficient. The road ahead demands a strategic shift towards harmonisation, resilience, and consumer-centric governance. As this report will detail, the countries that successfully harmonise their frameworks will not only mitigate systemic risk but will ultimately attract the next wave of fintech investment and set the standard for Africa’s financial future.

Methodology 

We used a comparative case-study approach focusing on five East African countries: Kenya, Rwanda, Ethiopia, Uganda, Tanzania. This selection covers diverse regulatory experiences from Kenya’s early M-Pesa leadership to Ethiopia’s recent liberalization. We conducted an extensive literature review of official policy documents, regulatory texts, and industry reports covering the period from the launch of M-Pesa in 2007 to the present dispensation. This included central bank and finance ministry publications, data protection statutes and regional policy papers from the East African Community (EAC), Common Market for Eastern and Southern Africa (COMESA) and African Union (AU). 

Key analytical tools included comparative matrices and timelines. We catalogued country regulatory features such as licensing regimes, permitted DFS models, consumer protection rules in a matrix to highlight similarities and differences. Major policy milestones such as the enactment of a Payment Systems Act or Data Protection Act were plotted on timelines for each country. We also developed risk maps to identify unaddressed challenges, such as cybersecurity vulnerabilities and compliance gaps, that arise from regulatory fragmentation. Data sources ranged from government gazettes and central bank reports to regional strategy documents and fintech sandbox data.

Our analysis triangulated insights across these qualitative sources and regulatory events. By cross-referencing official legislation with industry trends and expert commentary for example law firm briefings and NGO reports, we validated each finding. This multi-source approach helped ensure that our conclusions about convergence – shared mobile money licensing regimes – and divergence – varying data localization rules – are robust. In summary, we combined country case studies with cross-country comparison, using a range of source to draw a comprehensive picture of DFS regulatory evolution in East Africa.

This methodology contributes to existing literature by synthesising credible sources to provide fresh insights into how the East African region is adapting to the growth of its digital financial services. It identifies critical gaps and opportunities to mobilise investment in the region’s digital finance space, positioning it to inform both policy and practice in the development of digital finance strategies.

Continue reading the full report by clicking HERE.