Woman executive working on Surface Hub 2S in Whiteboard with Surface Hub 2 Pen

Navigating your way to the Cloud
Rwanda

A Journey of Digital Transformation
An Interactive Guide for Legal and Compliance Professionals

INTRODUCTION TO CLOUD IN RWANDA

Digital transformation is about reimagining how you bring together people, data, and processes to create value for your customers and maintain a competitive advantage in a digital-first world. The Rwandan government has released a plan for Rwanda’s social and economic development, with the goal of being a more prosperous nation by 2020. The Vision 2020 plan is centered on a prosperous knowledge-based economy. The plan contains six "pillars" and four “cross-cutting domains”, one of which is science and technologies, including information and communication technologies (ICTs). The government recognizes its key role as promoter of the ICT development of the country and seeks to modernize the Rwandan economy and society using ICTs as tools for accelerated development, economic growth, national prosperity and global competitiveness.1

At Microsoft, we agree. We believe that hyper-scale cloud services, in particular, can play a pivotal role in helping Rwanda unlock its key socio-economic objectives while ensuring a safer, more secure and more effective environment, which adheres to accepted international technical standards.

Many have already realised the obvious benefits of cloud services, including efficiencies, cost savings, cyber-resilience and secure access. Increasingly, those looking to future-proof their business are also recognising that to fully harness the potential of technologies like artificial intelligence, machine learning, Internet of Things and augmented or virtual reality, they will likely need to rely on the hyper-scale cloud and the scalability it can offer. Use of cloud services can also provide a competitive edge.

All clouds are not created equal. As more Rwandans recognise the power and importance of cloud driven technologies, the selection of a trusted cloud service provider with a long history of delivering on privacy and security commitments in a compliant and transparent manner, now more than ever, is a critical part of the cloud journey for any customer. In a time when technology is changing almost every aspect of our lives, and the change is also causing disruption and uncertainty, Microsoft continues to draw from its past as we seek the right answers to questions about how best to realize opportunities ahead and create a trusted, responsible, and inclusive cloud.

Microsoft has been a contributor to the cloud technology revolution in Rwanda. Its solutions such as Microsoft Azure, Office 365 and Microsoft Dynamics 365 power many different customers across the MEA region, including SMEs, large global corporates, public sector and non-profit organisations. These are just some of the Microsoft cloud services driving the digital transformation across the globe as we seek to empower every individual and every organisation on the planet to achieve more in a safe, secure and legally compliant manner, whether by using public, private or hybrid cloud.

Microsoft is proud to confirm that it meets regulatory and compliance requirements for use of the cloud in some of the most highly regulated industries across the globe, and can help you to achieve compliance with the regulatory and compliance requirements applicable in your sector.

THE REGULATORY LANDSCAPE

  • Cloud computing in Rwanda is not specifically regulated. However, some laws and regulations may be of indirect application to cloud computing, such as the ICT Law2 ("ICT Law") and certain industry-specific regulations3. Furthermore, the right to privacy is created by the supreme law of Rwanda which calls for respect of a person’s privacy.4 To the extent that a move to the cloud is regulated, any applicable regulator5 will likely seek to ensure that any such move addresses security and privacy concerns so as to ensure safe and secure use of cloud services. Regulators such as the National Bank of Rwanda and Rwanda Utilities Regulatory Authority appear to recognise the need for innovation and growth, and are actively evaluating new technologies, such as the cloud.

    At Microsoft, we welcome these positive developments and are pleased to have participated in a number of compliance conversations with customers and regulators across sectors. As a result, we have developed these materials to help our customers in Rwanda move to the cloud in a way that meets their regulatory requirements.

  • In Rwanda there is no specific law on cloud computing. However, the ICT Law and related laws and other laws and regulations in Rwanda contain provisions which may be relevant to a customer's move to cloud computing, including:

    • ICT Law;
    • National Data Revolution Policy of April 2017;
    • Access to Information Law of 2013;
    • Law establishing the National Cyber Security Authority and determining its mission, organisation and functioning6;
    • Law on prevention and punishment of cyber-crimes7; and
    • Law determining offences and penalties in general8.

    There are also industry-specific regulations which may be relevant, such as in the banking sector which has specific regulations impacting a bank's outsourcing9 and cybersecurity.10

    • In Rwanda, data privacy is protected under the supreme law the Constitution of Rwanda.11 It is one of the main rights provided for in the Constitution. The ICT Law and criminal law/code also contain other provisions protecting data privacy in Rwanda. To the extent that a move to the cloud impacts on the processing of personal information, data privacy issues may need to be considered.

      Privacy and data protection is key in Rwanda. Under the ICT Law, every subscriber or user’s voice or data communications carried by means of an electronic communications network or services, must remain confidential to that subscriber and or user for whom the voice or data communication is intended.12

      Privacy in Rwanda is also protected by the law determining offences and penalties in general13 which creates several related offences, including for malicious invasion of the privacy of another person by secretly listening and making known to the public a private statement without consent, or taking a picture or audio-visual recording without permission and collection of individuals’ personal information in computers.14

    • There is specific law on cybercrimes15 and cyber security, and other basic laws that create bodies responsible for monitoring ICT in Rwanda.

      Rwanda has established the National Cyber Security Authority (NCSA). The mission of NCSA is to build skills and capacities in cyber security with a view to ensuring the protection of national integrity and security in order to achieve economic and social development.16

      The law on cybercrimes provides for procedures on prevention, investigation, liability of service providers, offences and penalties relating to cybercrimes.

  • The Data Revolution Policy outlines the principle of national data sovereignty requiring Rwanda to retain exclusive rights on her national data. However, the policy also states that Rwanda will be open under agreed terms and as governed by Rwanda laws to host sovereign data in a cloud or collocated environment in data centres within national premises or outside of Rwanda.17

  • This checklist provides a detailed look into the legal obligations that may affect your usage of Microsoft Cloud Services.

    Click here to download the checklist.

  • In addition to general laws, industry-specific requirements may apply such as in the banking sector which has specific regulations impacting on a bank’s outsourcing. You can find out more about the requirements that apply in your industry sector by selecting from Industries below.

    Financial Services

    Financial Services

    Government

    Government


    • 1Information and Communication Technology Policy in Rwanda (ICT Policy) available at http://www.mitec.gov.rw/policies-publications/policies-and-regulations/ict-laws/
    • 2Law No. 24/2016 of 18/06/2016 governing information and communication technologies published in Official Gazette No. 26 of 27/06/2016
    • 3 Such as regulations impacting on outsourcing by banks (including Regulation No. 03/2018 of 24/01/2018 of the National Bank of Rwanda on outsourcing, published in Official Gazette No. 6bis of 05/02/2018)
    • 4Article 23 of the Constitution of the Republic of Rwanda of 2003 revised in 2015 (Official Gazette No. Special of 24/12/2015)
    • 5Such as the National Bank of Rwanda (BNR) for financial institutions and the Rwanda Utilities Regulatory Authority (RURA) for ICT services
    • 6Official Gazette No. 10 of 06/03/2017
    • 7Official Gazette No. Special of 25/09/2018
    • 8Official Gazette No. Special of 27/09/2018
    • 9Regulation n° 03/2018 of 24/01/2018 of National Bank of Rwanda on outsourcing
    • 10Regulation nº 02/2018 of 24/01/2018 of National Bank of Rwanda on cybersecurity
    • 11Article 23 of the Constitution of the Republic of Rwanda of 2003 revised in 2015 (Official Gazette No. Special of 24/12/2015)
    • 12Article 124 of Law governing Information and Communication Technologies Official Gazette No. 26 of 27/06/2016
    • 13Law No. 68/2018of 30/08/2018 determining offences and penalties in general published in Official Gazette nº Special of 27 September 2018
    • 14Article 156, 159, 160 and 162 of the law referenced in footnote 13
    • 15Law No. 60.2018 of 22/08/2018 on prevention and punishment of cybercrimes published in Official Gazette No. Special of 25/09/2018
    • 16Article 3 & 4 of Law No. 26/2017 of 31/05/2017 establishing the National Cyber Security Authority and determining its mission, organization and functioning, Official Gazette No. 27 of 03 July 2017
    • 17National Data Revolution Policy of April 2017

WE BUILD OUR TRUSTED CLOUD ON FOUR FOUNDATIONAL PRINCIPLES

Security

Security

We build our services from the ground up to help safeguard your data

Learn more
Privacy

Privacy

Our policies and processes help keep your data private and in your control

Learn more
Compliance

Compliance

We provide industry-verified conformity with global standards

Learn more
Transparency

Transparency

We make our policies and practices clear and accessible to everyone

Learn more

INDUSTRY RESOURCES

INDUSTRY RESOURCES

INDUSTRY RESOURCES

INDUSTRY RESOURCES

RECOMMENDED RESOURCES

CUSTOMER STORIES

 
 
SEE MORE STORIES

CUSTOMER STORIES

 
 
SEE MORE STORIES

CUSTOMER STORIES

 
 
SEE MORE STORIES
*EXPLANATORY NOTE AND DISCLAIMER: This website is intended to provide a summary of key legal obligations that may affect customers using Microsoft cloud services. It indicates Microsoft’s view of how its cloud services may facilitate a customer's compliance with such obligations. This website/document is intended for informational purposes only and does not constitute legal advice nor any assessment of a customer's specific legal obligations. You remain responsible for ensuring compliance with the law. As far as the law allows, use of this website/document is at your own risk and Microsoft disclaims all representations and warranties, implied or otherwise.