Procurement is Policy: How Governments Quietly Decide Their Digital Future
27 March 2026
Data Ecosystem and Policy
margaret-hammond
GovTech
Digital Sovereignty
Tech Policy
Procurement
Open Source
Tied Aid
Africa Tech
Procurement is Policy: How Governments Quietly Decide Their Digital Future
African governments frequently outsource critical digital public services to global tech monopolies. While politicians give grand speeches about digital independence, restrictive procurement contracts quietly hand over control of citizen data, create decades of vendor lock-in, and lock out local innovators.
A national highway without a map is barely owned. Yet, this is the reality most African governments accept when they adopt turnkey projects to digitise public services. These contracts come with an indelible tag. The foreign company owns the toll booth and owns the only set of keys. In this scenario, it doesn’t really matter whose flag flies at the entrance. Thus, a procurement contract signed under these terms is a subtle loss of digital sovereignty.
Governments in developing countries allocate approximately 30% of GDP to procuring goods and services, a figure so significant demanding intense scrutiny. In a quest to leverage external expertise, many have outsourced critical digital public services to global technology monopolies. A common method used is the turnkey model. Initially, the foreign entity executes the project and then hands it over to the host country. However, this seemingly beneficial term poses major constraints in the form of structural dependency and mounting financial tail. Even after the keys are handed over, they more often than not find themselves unable to seamlessly make administrative changes, such as integrating a new local payment gateway into a project they supposedly own and are trapped by annual proprietary licensing fees, mandatory system updates and specialised maintenance costs. This scales into a crisis of digital sovereignty, contradicting the African Union’s Data Policy Framework, which emphasises the need for member states to have an absolute right to formulate digital rules aligned with their national security interests and long-term digital sovereignty.
A nation relying heavily on turnkey projects eventually finds its digital sovereignty trapped in what is termed as Vendor Lock-in. In this landscape, the host country becomes structurally dependent on a foreign provider’s proprietary technology, which is often unique and non-interoperable. Data gathered within these closed systems becomes unexportable, and in some cases, vital public records are returned as unreadable ‘flat files’ that are incompatible with any other system. As a result, the financial and operational costs of switching vendors become prohibitive. This raises a fundamental question: does the host country truly achieve digital sovereignty, or merely data residency?
A critical consideration of global hyperscalers such as Amazon (AWS) and Microsoft Azure, which dominate the market with projected AI facility investments of about $600B+ is the allure of immediate, scalable storage. They offer ready-made solutions that bypass the stress of building from scratch. To a politician eager for the ribbon cutting-ceremony, the hyperscaler presents an excellent choice. However, the ribbon merely conceals the subscription fees, proprietary updates and most critically, the forfeiture of digital sovereignty. Because these foreign clouds are close systems, the providers often maintain ultimate control over vital national datasets. While local infrastructures are only a fraction of their global counterparts, a state must make a choice between its true digital sovereignty , and continuously subscribing for mere residence of its data.
This is further complicated by weak standards on cross-border data flows, leaving citizens’ data susceptible to exploitation. While local developers should be the natural alternative, the procurement process creates an artificial barrier to entry. By demanding decades of corporate history, proprietary technical certifications, and massive upfront capital bonds, the system penalises the local software developer or startup. This hands an advantage to the global provider who possesses the standardised tender-ready credentials that local innovators, even with brilliant open-source alternatives, cannot match.
Although the risks are significant, the situation is not beyond repair. Several stakeholders have proposed frameworks for reforms. The World Bank, for instance, proposes the use of state-controlled ‘data lakes’ to store real-time civic data. This ensures that data is constantly accessed by the government for administrative strategies.
Similarly, the African Union, in its data policy framework, also suggests the use of strategic, politically neutral partnerships to govern critical infrastructure instead of using blanket data localization which might alter digital trade. The AU advises that localisation should be specific, stakeholder-driven and technology-neutral. Additionally, to alleviate the burden of proprietary licensing, developing states should prioritise open-source software. Open-source software, where open-source code is readily available for modification without the threat of digital lockout or the recurring subscription fees of foreign clouds.
While these public services are capital-intensive and require expert vendors, inclusivity is important. By unbundling monolithic software contracts into smaller ones, the procurement process can become accessible to highly capable but undercapitalised local startups to easily participate in bids.
Specifically, the African region has increasingly relied on turnkey projects for major national digital initiatives. Over the past decade, countries like Ghana have digitised national identification systems, integrating them with voter records and health insurance data. This represents vital information for a population of over 30 million. For projects of this scale, it demands asking if regulators like the National Information Technology Agency enforced open standards.
History suggests cause for concern. For instance, in Liberia, sensitive biometric and geographic datasets were solely controlled by a foreign vendor in a traffic management concession without ensuring data repatriation rights. Similarly, Uganda was forced to halt a digital traffic penalty system after systemic procurement irregularities allowed a foreign company to secure 80% fine revenue with little investment.
Ghana is not immune to these vulnerabilities, especially in the tendering evaluation stage. While the introduction of the Electronic Procurement System (GHANEPS) aims to curtail corruption through transparency, the challenge persists. Although the public procurement law offers a 15%-20% margin of preference for local goods and services, the Public Procurement Authority (PPA) must review its restrictive requirements to create an advantage for local startups over their foreign counterparts.
Often, however, the procurement process has minimal influence before its commences. Many digital public services are funded by international donor grants, where the adoption of foreign software is a condition of the grant. In these cases, tax and health systems are pre-packaged by the donor using systems that are familiar to the foreign consultants the donor brings onboard. What is termed as ‘Tied aid’ takes away the choice of sovereignty. Governments find themselves tied to these systems because, once they are handed over, local developers are without the source code required for modifications. To avoid the total abandonment of a critical donated system, the state is forced to continue paying for expensive foreign licenses and subscriptions, costs that often are more than what it would have taken local developers to build a new solution.
Fortunately, local initiatives like the one seen in Tanzania demonstrate that change is possible. Tanzania built a customised, locally owned transactional system after abandoning an incompatible foreign e-procurement platform. The local alternative now empowers 62,000 public buyers. Drawing from the Liberia and Uganda experiences, it is clear that intellectual property must remain the exclusive property of the government. This should be a non-negotiable term in all state contracts backed by strict legal clauses.
The need for the inclusion of local developers or startups cannot be reiterated enough. Therefore, governments should issue waivers on upfront capital requirements and simplify the application procedures of domestic firms. Finally, African states must leverage harmonised continental data protection policies and shared cloud infrastructures. By doing so, they not only benefit from shared resources but also gain the collective bargaining power to resist global monopolies.
Ultimately, to ensure the goalposts are not shifted, we must recognise a fundamental truth: the politician delivering a speech is not the true architect of a nation’s digital future but the procurement committee signing the contract is. It is this board of individuals that decides whether to trade away a state’s digital sovereignty or protect it. Every turnkey contract begins with a signature that determines ownership or falls into a trap. A step towards autonomy will not be found in eloquent speeches but decisions in the procurement office.
Key Takeaways:
- Sovereignty over residency - Hosting data in a country is not the same as its ownership. True digital sovereignty requires ownership of infrastructure, the source code and legal jurisdiction.
- Unbundling for Inclusivity - Procurement contracts should be unbundled into smaller components to allow highly capable but undercapitalised local startups, developers to participate in building national solutions.
- Procurement as Architecture - Procurement committees are the true architects through their decisions. Therefore, procurement processes such as tender evaluations and procurement laws should be reviewed to support the shift towards sovereignty.