When the European Union AI Act came into force, it was celebrated globally as a landmark moment for artificial intelligence regulation. In many ways it was. But sitting in Nairobi, working inside an insurance platform that processes thousands of policy transactions daily, I kept asking myself a question that nobody in the mainstream governance conversation seemed to be asking: who actually built this framework for us? The honest answer is that nobody did.
The European Union AI Act is built on assumptions that make perfect sense in Brussels but completely fall apart in Nairobi. It assumes that regulators possess the deep technical capacity to audit complex machine learning models. It assumes companies have dedicated legal teams to interpret algorithmic accountability, and it assumes that consumers have meaningful channels for recourse when an automated system makes a decision that harms them. In Kenya, none of these conditions are reliably true yet.
The Insurance Regulatory Authority of Kenya is doing incredibly important work, but it is regulating an industry that is simultaneously digitizing, automating, and adopting artificial intelligence far faster than any framework can keep up with. When a local insurance company deploys an AI model to score claims or assess underwriting risk, there is currently no standardized requirement to explain how that model works, what data it was trained on, or how a consumer can challenge its output.
Furthermore, European governance frameworks assume relatively clean, structured, and well-documented data. African fintech operates on a completely different data reality. In my own work building Shamba Credit, an agricultural credit scoring system, I ran into this mismatch immediately. Kenyan smallholder farmers, who are the people most in need of affordable credit, are also the individuals with the least formal financial history. They have no credit bureau records, no corporate payslips, and no collateral documentation. The data that does exist is highly fragmented, consisting of mobile money transaction histories, satellite soil quality readings, and informal market price records.
When you build an AI model on this kind of alternative data, the governance questions multiply quickly. Whose data is being used, and was consent truly meaningful? If the model denies a farmer credit, can they understand why? Can they appeal the decision, and who is ultimately liable? These are not hypothetical policy questions. They are operational realities right now in systems being built today, operating with no governance framework fit for purpose.
I am not arguing that Africa needs no AI governance. The opposite is true: it needs oversight urgently. But it needs frameworks built from the ground up with African realities in mind, rather than imported frameworks retrofitted after the fact.
A practical approach would focus on three things. First, we need proportionate regulation that acknowledges severe capacity constraints. Requiring a small Kenyan insurtech startup to meet the same explainability standards as a massive European bank is simply not realistic. However, requiring any company deploying an automated decision system to maintain a basic audit log and a human appeal process is entirely achievable. Second, we must strengthen regional cooperation. The African Union AI Strategy is a solid start, but it needs real teeth and must be driven by people who understand the specific contexts, like agricultural finance, informal trade, and mobile money, where AI is actually being deployed on the continent. Third, we must embed technical talent directly inside regulatory bodies. You cannot regulate what you do not understand. African regulators need software engineers who understand how these systems work sitting right alongside the lawyers and economists.
Ultimately, this is why I care so deeply about this space. As a software engineer, I build the very systems being governed, or left unregulated. I have spent three years inside an insurance platform watching how quickly business logic gets encoded into automated systems, and how rarely the question of what happens when the model is wrong gets asked before deployment. That gap between what engineers build and what governance frameworks cover is where real people get hurt. It results in a farmer denied credit by an algorithm she cannot challenge, or a policyholder whose claim is rejected by a system nobody can explain.
Closing that gap is what I want to spend the next chapter of my career on. I believe the people best placed to do it are the engineers who have built these systems and seen the flaws from the inside, rather than policymakers looking at the technology from the outside.
Carren Chepkorir is a Software Engineer at Turnkey Africa, building Java/Spring Boot microservices for the insurance industry in East Africa. She is currently developing Shamba Credit, an AI-powered agricultural credit scoring system for Kenyan smallholder farmers.