Namibia has taken a decisive step towards strengthening its national cybersecurity posture with the launch of its National Cybersecurity Incident Management Guidelines (2026), a milestone that reflects both national urgency and the tangible impact of African regulatory collaboration under iPRIS.

This achievement traces back to the fourth iPRIS cohort, where Namibia’s delegation identified critical cybersecurity gaps and committed to addressing them through a Change Initiative that has now moved from concept to implementation. This fourth cohort was an all-female delegation, consisting of Ella-Betty Chapoto, Mirjam Mungungu, Magano Katoole, and Charley Cloete. 

Read more about the fourth cohort’s discussions after their full iPRIS cycle here

A clear problem, a targeted response

During their first engagement in Sweden, the Namibia team, now iPRIS alumni, highlighted a rapidly evolving threat landscape.

The scale of these incidents pointed to a structural gap: while digital adoption was accelerating, coordinated national mechanisms for managing cyber incidents remained underdeveloped. In response, the team advanced a Change Initiative focused on strengthening incident response frameworks, laying the foundation for what would become the national guidelines.

Building a cyber-resilient ecosystem

The launch of the guidelines marks a shift from reactive responses to a coordinated, risk-based national cybersecurity approach. Developed by the Communications Regulatory Authority of Namibia (CRAN) in collaboration with the Namibia Cybersecurity Incident Response Team (NAM-CSIRT), the guidelines provide:

• A national framework for detecting, reporting, and responding to cyber incidents
• Clear protocols for coordination across government, private sector, and critical infrastructure operators
• Standardised processes for incident management, communication, and recovery
• A foundation for continuous improvement and adaptive response in a rapidly evolving threat landscape

Importantly, the guidelines emphasise that cybersecurity is not a standalone technical function, but a shared responsibility across institutions and individuals. As highlighted during the launch:

Cyber threats are not hypothetical; they are real, evolving, and require continuous preparedness, coordination, and learning.

From policy gaps to practical tools

In the absence of a fully enacted cybersecurity law, the guidelines serve as a critical operational bridge, enabling institutions to act now rather than wait for legislation. They introduce practical mechanisms such as:

• Defined incident response lifecycles (from detection to recovery and post-incident learning)
• Mandatory and recommended incident reporting timelines
• Structured roles and responsibilities across organisations
• Emphasis on cyber hygiene, staff training, and awareness

Data-driven urgency and real-world scenarios

The launch also reinforced the urgency of action with concrete national data and examples:

• Namibia experienced multiple ransomware attacks within the first months of the year, averaging nearly one per month
• Common vulnerabilities include misconfigured systems, outdated software, and weak access controls
• Cyber risks increasingly extend through third-party and supply chain dependencies

To translate policy into practice, the event included live simulations demonstrating real-world threats such as:

• Phishing and social engineering attacks
• Fraud through remote access tools
• Risks associated with public Wi-Fi and digital behaviour

These examples underscored a central message: cybersecurity resilience depends on preparedness, awareness, and rapid response, not prevention alone.

Strengthening regional and global cooperation

The guidelines also position Namibia within a broader ecosystem of regional and international collaboration.

They align with and leverage cooperation through platforms such as:

• SADC cybersecurity frameworks
• AFRICA CERT and international incident response networks
• Global standards including ISO and NIST frameworks

This reflects a core iPRIS principle: cross-border collaboration is essential, as cyber threats do not respect national boundaries.

iPRIS in action: From discussions to national impact

The Namibia case demonstrates how iPRIS moves beyond knowledge exchange to institutional transformation.

What began as a cohort discussion in Stockholm and Swakopmund has resulted in:

• A nationally adopted cybersecurity framework
• Strengthened institutional coordination through NAM-CSIRT
• Increased national awareness and stakeholder engagement
• A scalable model for other regulators facing similar challenges

The initiative highlights the value of peer learning and structured change processes in enabling regulators to respond to complex, fast-evolving challenges. While the guidelines mark significant progress, they are designed as a living framework, continuously evolving alongside emerging threats, technologies, and national priorities.

With ongoing efforts to advance cybersecurity legislation, expand capacity building, and strengthen coordination, Namibia is positioning itself for a more secure and resilient digital future. As the iPRIS journey continues, this milestone stands as a clear example of what is possible when insight, collaboration, and implementation come together.

Watch highlights from the fourth iPRIS cohort below

iPRIS is coordinated and implemented by SPIDER in strategic and technical partnership with the Swedish Post and Telecom Authority (PTS) and Institut luxembourgeois de régulation (ILR), as well as ARTAC, CRASA, EACO, and WATRA.

iPRIS is funded by the European Union, Sweden, and Luxembourg as part of the Team Europe Initiative “D4D for Digital Economy and Society in Sub-Saharan Africa” (Code: 001).

Regional cooperation on roaming is moving from ambition to implementation, with West African regulators actively shaping practical, context-driven frameworks for more affordable and transparent cross-border connectivity.

Today, the majority of citizens rely on mobile connectivity not only for communication but also for banking, media consumption, commerce, and access to public services. Yet the cost of using a phone outside one’s home country remains prohibitively high. International Telecommunication Union (ITU) reports indicate that roaming charges in Sub‑Saharan Africa can reach $3 per megabyte of data, a price that places everyday digital activities beyond the reach of many households. Affordable roaming is therefore more than a convenience; it is a foundation for regional integration, enabling people and businesses to stay connected, lowering trade barriers, and supporting the growth of a unified digital economy across the West African region. As of August 2025, 13 bilateral MOUs had been signed across 8 West Africa Telecommunications Regulators Assembly (WATRA) member states, with 9 already active (WATRA, 2025).

Read more insights concerning roaming in Sub-Saharan Africa from SPIDER Director Prof Caroline Wamala-Larsson here

At the 2026 Annual General Meeting of the West Africa Telecommunications Regulators Assembly (WATRA) in Lomé, Togo, regulators from across West Africa convened to address one of the region’s most persistent challenges: the high cost and complexity of mobile roaming. Held from April 20 to 24, 2026, the AGM convened national regulatory authorities (NRAs), field stakeholders, and development partners to advance the telecom landscape in the region.

The capacity-building workshop on roaming brought together NRAs to examine viable regulatory models, informed by international experience but grounded in regional realities. This workshop follows a recent online roaming workshop convened by WATRA, in partnership with the iPRIS project, organised by EY Baltic, and coordinated by SPIDER, on 19th February.

From principles to practical models

The workshop focused on translating global roaming frameworks into actionable pathways for West Africa. Experts from EY Baltic, including Paulius Žostautas, Olga Nodarou, Ioanna Choudalaki, and Andrejs Dombrovskis, presented regulatory approaches shaped by European and other international experiences. A central insight emerged clearly: there is no single model for roaming regulation. Instead, regulators must balance three critical dimensions:

• Consumer protection and affordability
• Operator cost recovery and sustainability
• Regional harmonisation and simplicity

Discussions explored different regulatory approaches, including benchmarking, cost-based models, and phased harmonisation strategies. Importantly, regulators examined how these models could evolve progressively, starting with simpler price caps and moving towards more advanced, cost-informed frameworks.

Addressing complexity with context

Across the sessions, West African regulators emphasised a key concern: global models must be adapted to regional and local market realities.

For example, discussions highlighted the limitations of “roam-like-at-local” approaches, which can introduce pricing complexity and reduce transparency for consumers. In contrast, more harmonised models, such as simplified price caps, were recognised as more user-friendly and predictable.

At the same time, regulators raised valid implementation challenges:

• High technical and financial requirements for cost modelling
• Diverse market structures across ECOWAS countries
• The need for phased, realistic transition pathways

In response, the experts outlined practical alternatives, including benchmarking against comparable markets to reduce implementation burden while still moving towards harmonisation.

Strengthening transparency and trust in the market

A recurring theme was the role of transparency in enabling effective regulation. Cost modelling, while complex, was presented as a tool to:

• Provide regulators with visibility into actual operator costs
• Strengthen regulatory decision-making
• Build trust when implementing stricter pricing rules

Equally, transparency for consumers, through clear pricing and communication, was identified as essential to improving user experience and adoption of roaming services.

Building the foundations for regional integration

Beyond pricing, the workshop addressed the broader technical and regulatory ecosystem required for a functional regional roaming framework. This included:

• Quality of service standards and monitoring
• Interoperability between operators
• Fraud mitigation and risk management
• Reference offers to standardise inter-operator agreements

A key takeaway was that regional roaming is not only a pricing issue, but a system-wide coordination challenge, requiring alignment between regulators, operators, and policymakers.

Peer learning and regional progress

The workshop demonstrated the value of iPRIS as a platform for peer exchange, where African regulators are not passive recipients of global models but active contributors shaping solutions for their context. As noted by Bengt G. Mölleryd, the strength of the session lay in its interactivity and relevance, connecting international expertise with the lived realities of West African markets.

Hosted with the support of ARCEP Togo, the convening also underscored the importance of national leadership in advancing regional agendas. The Lomé discussions signal a growing momentum towards a more integrated West African roaming space. The path forward is iterative, requiring:

• Phased implementation
• Continuous stakeholder engagement
• Strong regional coordination through platforms such as WATRA

For iPRIS, this engagement reinforces a core objective: supporting African regulators to lead, design, and implement reforms that improve connectivity outcomes across the continent.

iPRIS is coordinated and implemented by SPIDER in strategic and technical partnership with the Swedish Post and Telecom Authority (PTS) and Institut luxembourgeois de régulation (ILR), as well as ARTAC, CRASA, EACO, and WATRA.

iPRIS is funded by the European Union, Sweden, and Luxembourg as part of the Team Europe Initiative “D4D for Digital Economy and Society in Sub-Saharan Africa” (Code: 001).

From 13 April to 29th April, iPRIS hosted its 8th cohort in Stockholm, Sweden, for a two-and-a-half-week comprehensive peer-to-peer learning program. The knowledge-exchange sessions, which marked the end of the first round in the iPRIS cycle, brought together African National Regulatory Authorities (NRAs), Regional regulatory Authorities (RROs), implementing partners, including the Swedish Post and Telecom Authority (PTS) and the Swedish Program for ICT in Developing Regions (SPIDER), and European partners. They all convened to advance and strengthen the Change Initiatives(CIs) of the African National Regulatory Authorities. The cycle covered key areas of institutional strengthening, capacity building, regulatory collaboration, and knowledge exchange to strengthen regulatory capacity and drive inclusive digital transformation in Sub-Saharan Africa. The eighth cohort included NRAs from Liberia Telecommunications Authority(LTA), Information and Communications Technologies Authority (ICTA), Communications Regulatory Authority of Namibia (CRAN), National Communications Authority (NatCA), Tanzania Communications Regulatory Authority (TCRA), and Postal & Telecommunications Regulatory Authority of Zimbabwe (POTRAZ).  RRO representatives from WATRA, EACO and CRASA also joined the NRAs to help advance their CIs and contribute to regional cooperation. The success of the first cycle of the eighth iPRIS cohort marks a key step in shaping a connected, inclusive, and digitally empowered future. 

According to GSMA (2024), mobile broadband coverage in Sub‑Saharan Africa now reaches over 87% of the population.  However, significant gaps remain, as another GSMA (2024) report highlights that Sub-Saharan Africa remains the region with the lowest connectivity levels and the most extensive coverage and usage gaps, with 27% connected, a coverage gap of 13%, and a usage gap of 60%. These two reports highlight that, despite growth in mobile broadband coverage, usage gaps persist within network coverage, while the digital divide continues to affect rural and underserved communities. While mobile broadband networks have expanded significantly across Sub-Saharan Africa, the greater challenge now lies in converting coverage into meaningful usage. The eighth iPRIS cohort training aimed to address this challenge by strengthening the NRAs’ capacity through sessions including spectrum management, cybersecurity, regulatory frameworks, and Diversity, Equity, and Inclusion. 

Week 1: Strengthening institutions and advancing digital inclusion

Week One of the program focused on grounding participants in their CIs, strengthening regulatory capacity, and enhancing peer learning among NRAs. The week supported practical implementation through exposure to project management, DEI frameworks and international regulatory practices. The CIs, being the cornerstone of the iPRIS program, were the main focus of the first day of the round, with each NRA presenting on their area of policy development and implementation within the ICT sector. The CIs included quality of service, Digital inclusion for people with disabilities, Cybersecurity, Market regulation, and Spectrum management. Through peer reviews and expert input from PTS and SPIDER, each NRA strengthened its core focus, identified gaps and challenges, and clarified its scope. The participants focused on designing initiatives rooted in clear needs, practical solutions, and measurable impact. 

As highlighted in the discussions on institutional strengthening under iPRIS, 

Telecom experts from SPIDER and PTS reinforced participants' regulatory capacity by sharing institutional best practices, policy frameworks, and practical implementation tools. Malena Liendholm Ndounou (SPIDER) equipped the participants with the project management plan, a tool to help ensure the effective execution of these projects so they not only meet their objectives but also advance digital inclusivity in Sub-Saharan Africa.

Building on that, she introduced a structured seven-stage project cycle that guides participants through problem identification, objective setting, outcome definition, indicator selection, resource planning, stakeholder mapping, implementation, and Monitoring, Evaluation, Accountability and Learning (MEAL). A key factor noted during this presentation was the need to incorporate Diversity, Equity and Inclusion (DEI) throughout the implementation stages of a project.

Per Andersson, Antonia Wopenka, Jesper Svedberg, Per-Erik Vitasp and Gustav Söderlind, telecom experts from PTS, led JEO institutional and technical knowledge exchange sessions, which provided exposure to European regulatory frameworks, digital governance models, cybersecurity practices, and inclusive digital development approaches. The JEO sessions highlighted that while technology has advanced toward a more integrated, user-friendly digital ecosystem, there has been an increase in cybersecurity threats, fraud, and digital exclusion. The PTS experts highlighted the regulatory frameworks put in place to build resilience and curb these risks. This was one of the key takeaways that the NRAs could also apply in their authorities in similar cases.

The first week with the cohort strengthened their CIs with a strong analytical basis and gave them a clear picture of how regulatory frameworks can enable equitable digital markets.

Read more about week 1 sessions here 

Week 2: From frameworks to real-world regulatory impact 

In the second week, the sessions shifted from systems thinking and institutional frameworks to practical discussions on harmonisation, broadband mapping, spectrum management, project evaluation, and regional collaboration. Led by experts from PTS and SPIDER, participants engaged in discussions on end-user protection and DEI. Lisa Gurner of PTS walked the cohort through frameworks and initiatives by the European authority responsible for protecting end users, including the European Electronic Communications Code (EECC). 

A key thread throughout the discussions was that regulation must go beyond market structure and explicitly address vulnerability, institutional bias, and digital exclusion. Emphasising the responsibility of regulators, Caroline Wamala Larsson of SPIDER noted that: 

 As participants refined their CIs, they were challenged to rethink inclusion not as a policy add-on, but as a core regulatory outcome that must be embedded from the first stage through structured planning and implementation. 

The week transitioned into real-world application through industry and technical exposure. The Ericsson field visit gave participants insight into how connectivity solutions are developed in practice, highlighting the private sector’s role in driving innovation and the importance of regulatory responsiveness to emerging technologies. This was followed by intensive JEO sessions led by Bo Andersson, Andreas Wigren, Jens Ingman, Amela Hatibovic Sehic, Gustav Lenninger and Fredrik Johansson. The sessions focused on broadband deployment, broadband mapping, and spectrum management, where Sweden’s data-driven regulatory model illustrated how granular information improves decision-making, accountability, and coverage analysis. Highlighting the broader developmental impact of such data-driven approaches, Jens Ingman, Senior Analyst, PTS, noted that: 

Regional harmonisation discussions further reinforced the importance of coordinated regulatory approaches across countries. By the end of week two, participants had shifted their understanding of regulation toward effective oversight that depends on collaboration between regulators, industry, and robust data systems to ensure meaningful and equitable access to digital services. 

Read more about week 2 here

WEEK 3: Defining the way forward for change initiatives

The third week marked a key milestone in the first cycle of the program, as participants consolidated the regulatory knowledge, tools, and approaches gained over the previous weeks and translated them into forward-looking implementation plans. Following sessions on project management, DEI, intersectionality, JEO  and telecom regulation, the National Regulatory Authorities (NRAs) entered the final round of Change Initiative discussions with experts from SPIDER and PTS. Representatives from the RROs also contributed through knowledge exchange and regional perspectives, reinforcing the value of cooperation across regions. These discussions helped participants refine objectives, clarify outputs and outcomes, and assess the feasibility of implementation.

 Henrik Höglin introduced the participants to Kivra, a digital mailbox for receiving important documents, such as invoices, salary slips, yearly bank statements, and credit checks, from companies, banks, and authorities. Kivra focuses on environmental sustainability, as more users mean fewer paper letters and more digital communication, resulting in less waste. The session added practical insight into user-centred digital service delivery and regulatory adaptability.

The Way Forward presentations were the central focus of the week, with each NRA outlining how its CI would progress beyond the training phase into practical regulatory action. The presentations underscored that effective regulation requires clear, measurable, and sustainable implementation plans supported by accountability and institutional ownership. The day focused on reflection, consolidation, and closure, as participants presented their refined project plans and demonstrated progress from initial concepts to structured interventions. 

The first cycle concluded with evaluations, closing remarks, and certificate presentations, marking the transition from peer learning to implementation. In line with the iPRIS objective, Week Three equipped regulators with actionable, context-responsive tools to advance digital transformation in their respective countries.

Cohort ready for impact

Over the two and a half weeks, the 8th iPRIS Cohort progressed from foundational regulatory learning to the structured development and refinement of Change Initiatives, culminating in clear implementation plans through the Way Forward presentations. The programme advanced regulatory dialogue and peer learning among African National Regulatory Authorities, with support from European partners and implementing partners, including SPIDER and PTS. Throughout the sessions, participants moved from conceptual understanding to practical regulatory application, with continued emphasis on inclusion, meaningful project management, and effective implementation. 

This first round of the iPRIS cycle reinforced a shared commitment to resilient, inclusive, and future-ready digital ecosystems across Sub-Saharan Africa.

With their Way Forward plans in place, participants conclude the Stockholm phase with clearer regulatory roadmaps, enhanced institutional perspectives, and more developed Change Initiatives. The cohort now proceeds to the next stage of the iPRIS program, prepared to translate knowledge into action through regulatory reform, improved institutional performance, and contributions to Africa’s broader digital transformation agenda. They will convene again in six months in Nairobi, Kenya, to review their progress. 

iPRIS is coordinated and implemented by SPIDER in strategic and technical partnership with the Swedish Post and Telecom Authority (PTS) and Institut luxembourgeois de régulation (ILR), as well as ARTAC, CRASA, EACO, and WATRA.

iPRIS is funded by the European Union, Sweden, and Luxembourg as part of the Team Europe Initiative “D4D for Digital Economy and Society in Sub-Saharan Africa” (Code: 001).