Trends Analysis (2021-2025)
e-Government
We dive into the five-year performance trajectories (2021–2025) of the evaluated companies and entities in the e-Government Sector. By analysing historical trends and core metrics, this section reveals key patterns, competitive advantages, and priority improvement areas providing actionable insights into compliance drivers and hurdles to empower better decision-making and forward-thinking planning.
Trends in performance of assessed companies over time in the e-Government Sector
Performance Trends for Assessed Government Agencies over the Years (2024-2025) in Rwanda
An assessment of data protection and privacy compliance performance across selected public service institutions in Rwanda indicates mixed progress between 2024 and 2025, with varying levels of compliance maturity and consistency.
IremboGov recorded a modest improvement, increasing from 33.0% in 2024 to 35.0% in 2025. This incremental progress suggests gradual strengthening of privacy practices, likely reflecting improvements in governance processes and awareness of data protection obligations. However, the relatively moderate score indicates that while foundational measures may be in place, further enhancement is required to ensure robust protection of personal data, particularly given the platform's role in handling large volumes of citizen information.
Rwanda Social Security Board (RSSB) demonstrated a notable improvement, rising from 37% in 2024 to 49% in 2025. This significant increase indicates strengthened data protection and privacy controls, possibly driven by improved policy implementation, better oversight, and enhanced handling of sensitive personal and financial data. The upward trend reflects growing alignment with data protection requirements, although additional efforts are needed to reach higher levels of compliance maturity.
Rwanda Revenue Authority (RRA) showed only a marginal increase, from 4.0% in 2024 to 5.0% in 2025. Despite the slight improvement, the overall performance remains very low, highlighting persistent gaps in data protection and privacy compliance. Given the highly sensitive nature of taxpayer data managed by the institution, this level of performance presents significant compliance, security, and reputational risks, underscoring the need for urgent and comprehensive remedial action.
Rwanda Information Society Authority (RISA) maintained a static performance of 24.0% in both 2024 and 2025. This lack of progress suggests stagnation in strengthening privacy practices and may indicate limited prioritization of data protection improvements during the period under review. While baseline controls may exist, the absence of measurable advancement highlights the need for renewed focus on compliance monitoring, policy updates, and capacity building.
Overall, the data reveals uneven progress in data protection and privacy compliance across the assessed institutions. Improvements by RSSB and, to a lesser extent, IremboGov demonstrate the positive impact of targeted investments in data governance and compliance oversight. Conversely, the persistently low or stagnant performance of RRA and RISA raises concerns regarding exposure to regulatory non-compliance, data breaches, and erosion of public trust. These findings underscore the importance of sustained institutional commitment to data protection, particularly for entities managing large volumes of sensitive personal data. Continuous improvement through regular compliance assessments, staff training, strengthened governance frameworks, and effective enforcement of privacy policies will be critical to ensuring regulatory alignment, safeguarding citizen data, and enhancing public confidence in digital public services.
Performance Trends for Assessed Government Agencies over the Years (2024-2025) in Tanzania
An assessment of data protection and privacy compliance performance among selected public digital platforms and regulatory authorities in Tanzania indicates persistently low levels of compliance maturity between 2024 and 2025, with limited evidence of improvement across most institutions.
e-Immigration Tanzania recorded a static performance of 9.0% in both 2024 and 2025. The absence of improvement suggests stagnation in the implementation of data protection and privacy controls. Given the platform's role in processing highly sensitive personal and biometric data, this consistently low score raises concerns about exposure to data protection risks and highlights the need for enhanced governance, security controls, and compliance oversight.
Tanzania Civil Aviation Authority (TCAA) similarly maintained a score of 9.0% across both years. This unchanged performance indicates limited progress in strengthening privacy practices despite the authority's handling of personal and operational data related to aviation safety and regulation. The findings point to potential gaps in policy implementation, staff awareness, and data security mechanisms.
Tanzania Communications Regulatory Authority (TCRA) experienced a slight decline, decreasing from 10.0% in 2024 to 8.0% in 2025. This reduction suggests challenges in sustaining even basic compliance measures and may reflect insufficient prioritization of data protection initiatives. As a regulator in the communications sector, the decline is particularly concerning and underscores the need for renewed focus on internal data governance and compliance leadership.
Tanzania Work Permit Application Portal recorded a consistently low performance of 4.0% in both years. This stagnation indicates significant deficiencies in data protection and privacy practices. Given the sensitive nature of personal, employment, and immigration-related data processed through the portal, the low score presents elevated risks of non-compliance, data breaches, and loss of public trust.
Overall, the data reflects a concerning lack of progress in data protection and privacy compliance among the assessed Tanzanian public digital platforms and authorities. Persistently low and stagnant scores suggest systemic weaknesses in governance structures, limited enforcement of privacy policies, and insufficient institutional capacity to address data protection obligations. These trends highlight the urgent need for comprehensive reforms, including the establishment of clear accountability mechanisms, regular compliance assessments, capacity building, and investment in secure data management systems. Without targeted interventions, these institutions remain highly exposed to regulatory, operational, and reputational risks. Strengthening data protection and privacy practices is essential not only for legal compliance but also for safeguarding sensitive personal data and maintaining public confidence in digital public services.
Performance Trends for Assessed Government Agencies over the Years (2023-2025) in Mauritius
The data protection and privacy compliance performance of the Mauritius Revenue Authority (MRA), Passport & Immigration Office, MauPass (Mauritius Personal Access), and the Information and Communications Technology Authority (ICTA) reflects a mixed trajectory between 2023 and 2025, with some institutions consolidating progress while others remain stagnant at low compliance levels. Compared with last year's analysis, the 2025 results provide clearer evidence of where improvements have been sustained and where gaps persist.
Mauritius Revenue Authority (MRA) has continued the positive trajectory identified in last year's assessment. Following its improvement from 5.6% in 2023 to 27.0% in 2024, the MRA further increased its score to 35.0% in 2025. This sustained upward trend confirms that the progress noted in the previous analysis was not transitional but indicative of a longer-term strengthening of data protection practices. The improvement suggests enhanced governance structures, better policy implementation, and increased attention to safeguarding taxpayer data. However, despite this progress, the overall score remains moderate, indicating that further investment is needed to achieve higher compliance maturity and alignment with international best practices.
The Passport & Immigration Office has shown no improvement since last year's analysis. The score remained at 10.0% in 2024 and 2025, following 5.6% in 2023. While the initial increase between 2023 and 2024 suggested some foundational steps toward compliance, the lack of further progress in 2025 indicates stagnation. Given the highly sensitive nature of identity, travel, and biometric data handled by this office, the persistently low score highlights ongoing weaknesses in privacy controls and underscores the urgent need for targeted interventions to strengthen data protection frameworks and operational safeguards.
MauPass (Mauritius Personal Access) demonstrates the most dramatic improvement among the assessed institutions. After scoring 8.0% in 2024, the platform recorded a substantial increase to 40.0% in 2025. This sharp rise suggests a significant strengthening of privacy and data protection practices, likely reflecting focused efforts to address earlier gaps, enhance system security, and improve governance over citizen digital identity data. The 2025 performance marks a clear shift toward greater compliance maturity, although continued efforts will be required to sustain and deepen these improvements.
In contrast, the Information and Communications Technology Authority (ICTA) recorded a low and static performance of 9.0% in 2025, with no measurable improvement reported. This lack of progress suggests limited advancement in strengthening internal data protection practices. As a key authority with oversight responsibilities in the ICT sector, this stagnation raises concerns about leadership in privacy compliance and the ability to model best practices for regulated entities.
Overall, the 2025 results show a divergence in compliance maturity across Mauritian public institutions. Compared with last year's analysis, the Mauritius Revenue Authority and MauPass have demonstrated sustained and, in the case of MauPass, accelerated improvement, indicating that focused investment and institutional commitment can yield measurable compliance gains. Conversely, the continued stagnation of the Passport & Immigration Office and ICTA highlights persistent structural and governance challenges.
These findings underscore the importance of moving beyond initial compliance measures toward continuous improvement, particularly for institutions managing large volumes of sensitive personal data. Sustained progress will require stronger accountability mechanisms, regular compliance assessments, staff capacity building, and consistent enforcement of data protection policies. Institutions that fail to advance risk increased regulatory exposure, potential data breaches, and erosion of public trust, while those demonstrating improvement are better positioned to meet evolving data protection obligations and enhance confidence in digital public services.
Performance Trends for Assessed Government Agencies over the Years (2023-2025) in Zimbabwe
The assessment of data protection and privacy compliance performance across selected e-government platforms in Zimbabwe, namely the eVisa Zimbabwe system, NSSA Self-Service Portal, Zimbabwe Revenue Authority (ZIMRA), and the Electronic Government Procurement (eGP) System, reveals uneven progress between 2023 and 2025. Compared with last year's analysis, the 2025 results provide clearer insight into the sustainability of earlier gains and emerging compliance challenges.
The eVisa Zimbabwe system shows a gradual but modest improvement over the review period. Following a score of 5.6% in 2023 and a decline to 2.0% in 2024, the system improved to 10.0% in 2025. This increase indicates that some remedial actions have been undertaken since last year's assessment, partially addressing previously identified gaps. However, despite the improvement, the overall performance remains very low, suggesting that fundamental weaknesses persist in data protection governance, security controls, and compliance oversight. Given the sensitive personal and travel-related data processed by the platform, the system remains exposed to significant privacy and regulatory risks.
The NSSA Self-Service Portal demonstrates a strong and sustained upward trajectory. From 0.0% in 2023, the portal improved to 28.0% in 2024 and further to 34.0% in 2025. This continued progress suggests that the improvements noted in earlier assessments have been consolidated and expanded. The upward trend reflects strengthened data protection frameworks, improved internal controls, and increased institutional attention to safeguarding contributor and beneficiary data. While the performance has improved considerably, additional enhancements are still required to reach higher levels of compliance maturity.
In contrast, the Zimbabwe Revenue Authority (ZIMRA) experienced a regression in 2025. After a significant improvement from 0.0% in 2023 to 38.0% in 2024, ZIMRA's score declined to 31.0% in 2025. This decrease suggests challenges in sustaining the momentum highlighted in last year's analysis. While the authority still demonstrates moderate compliance relative to other entities, the decline indicates potential gaps in ongoing monitoring, policy enforcement, or adaptation to evolving data protection requirements. Sustained effort will be necessary to prevent further regression and to consolidate earlier gains.
The Electronic Government Procurement (eGP) System continued to show positive progress, improving from 29.0% in 2024 to 34.0% in 2025. This upward trend indicates strengthening data protection practices, particularly in the governance of procurement-related data and user access controls. The improvement suggests growing institutional awareness of privacy obligations and increased alignment with compliance expectations.
Overall, the 2025 results indicate mixed compliance maturity across Zimbabwe's e-government systems. Compared with last year's analysis, some platforms such as the NSSA Self-Service Portal and the eGP System have demonstrated sustained improvement, highlighting the effectiveness of targeted interventions and institutional commitment. Conversely, the regression observed at ZIMRA and the persistently low performance of the eVisa system underscore the risks associated with inconsistent implementation and insufficient governance oversight.
These findings emphasize the need for continuous compliance monitoring, regular risk assessments, and sustained investment in data protection capabilities across all e-government platforms. Entities handling highly sensitive citizen data must prioritize the institutionalization of privacy-by-design principles to ensure regulatory compliance, reduce exposure to data breaches, and maintain public trust in digital government services.
Performance Trends for Assessed Government Agencies over the Years (2023-2025) in Kenya
The data protection and privacy compliance performance of key e-government platforms in Kenya (Huduma, e-Citizen, Kenya Revenue Authority (KRA), and the Electronic Travel Authorisation (ETA) system) shows mixed trends between 2023 and 2025. Compared with last year's analysis, the 2025 results provide insight into whether the declines observed in 2024 were temporary or indicative of deeper compliance challenges.
Huduma demonstrates a notable recovery in 2025. After a decline from 5.6% in 2023 to 3.0% in 2024, as highlighted in last year's analysis, Huduma's score increased significantly to 17.0% in 2025. This improvement suggests renewed efforts to address earlier shortcomings in data protection practices, potentially through improved governance structures or strengthened controls. Despite this positive movement, the overall score remains low, indicating that Huduma is still at an early stage of compliance maturity and requires sustained intervention to adequately protect citizen data.
e-Citizen shows a partial rebound following the decline noted in the previous assessment. After decreasing from 42.0% in 2023 to 35.0% in 2024, the platform improved to 49.0% in 2025, surpassing its 2023 performance. This upward trend indicates that corrective measures may have been implemented to strengthen privacy practices and address earlier gaps. The 2025 score suggests a more established and maturing approach to data protection, although continuous improvement remains necessary given the scale and sensitivity of data processed by the platform.
The Kenya Revenue Authority (KRA) experienced a slight decline in 2025, decreasing from 47.0% in 2024 to 44.0%. While still maintaining a relatively strong compliance position, the downward trend suggests challenges in sustaining previous gains. This regression highlights the importance of continuous monitoring and reinforcement of data protection controls, particularly given the highly sensitive financial and taxpayer data handled by the authority.
The Electronic Travel Authorisation (ETA) system shows relative stability with a marginal decline from 36.0% in 2024 to 35.0% in 2025. This consistency indicates that while baseline privacy controls may be in place, progress has plateaued. Given the personal and travel-related data processed by the system, further enhancements are needed to strengthen compliance maturity and resilience against privacy risks.
Overall, the 2025 results suggest that some of the declines observed in 2024, particularly for Huduma and e-Citizen, have been partially or fully reversed, indicating responsiveness to identified compliance gaps. However, the mixed performance across platforms underscores the uneven maturity of data protection practices within Kenya's e-government ecosystem.
These trends reinforce the need for sustained investment in privacy governance, regular compliance assessments, and the institutionalization of privacy-by-design principles. Platforms that demonstrate recovery and improvement must focus on sustaining momentum, while those showing stagnation or regression risk increased exposure to regulatory scrutiny, data breaches, and erosion of public trust. Strengthening data protection and privacy practices remains critical to ensuring compliance with Kenya's data protection framework and maintaining confidence in digital government services.
Performance Trends for Assessed Government Agencies over the Years (2021-2025) in Uganda
The data protection and privacy compliance performance of Immigration Uganda, the National Identification and Registration Authority (NIRA), the Electoral Commission of Uganda, and the Uganda Bureau of Statistics (UBOS) reflects divergent trajectories between 2021 and 2025. Compared with last year's analysis, the 2025 results clarify whether earlier trends represented temporary fluctuations or more structural compliance challenges.
Immigration Uganda continues to exhibit a significant decline in compliance performance. After scoring 20% in 2021 and 22.21% in 2023, the institution dropped sharply to 3% in 2024, a trend highlighted in last year's analysis. The score remained unchanged at 3% in 2025, indicating that the regression identified previously has not been addressed. This persistent low performance suggests entrenched weaknesses in privacy governance, oversight, and implementation of data protection controls. Given the sensitive personal and biometric data handled by Immigration Uganda, the sustained decline presents serious compliance, security, and reputational risks, underscoring the need for urgent remedial action.
In contrast, NIRA has demonstrated substantial and sustained improvement. Following a decline from 20% in 2021 to 0% in 2023, NIRA improved to 17% in 2024, as noted in last year's analysis, and further increased to 51% in 2025. This marked improvement indicates that earlier corrective measures have been successfully consolidated and scaled. The 2025 performance suggests strengthened data protection frameworks, improved governance structures, and greater institutional focus on safeguarding national identity data. While continued refinement is necessary, NIRA's trajectory reflects a significant shift toward compliance maturity.
The Electoral Commission of Uganda shows consistently low and stagnant performance, recording 6% in both 2024 and 2025. Although no earlier data is available for comparison, the lack of improvement across the two most recent years suggests limited progress in strengthening data protection and privacy practices. Given the sensitive voter registration and electoral data managed by the Commission, the persistently low score raises concerns about exposure to data protection risks and the need for targeted capacity building and governance reforms.
UBOS demonstrates steady, incremental improvement. From 40% in 2024, the institution increased its score to 43% in 2025, indicating gradual strengthening of privacy practices. While the progress is modest, it suggests a level of institutional awareness and ongoing effort to improve data protection controls. However, given the volume and sensitivity of personal and statistical data handled by UBOS, further enhancements are required to reach higher compliance maturity and resilience.
Overall, the 2025 results show a divergence in compliance maturity across Uganda's e-government landscape. Compared with last year's analysis, NIRA has made exceptional progress, demonstrating that sustained institutional commitment can rapidly improve compliance outcomes. Conversely, Immigration Uganda's continued low performance confirms the severity of the regression identified previously, highlighting an urgent need for structural reform and enforcement of privacy obligations.
The stagnation observed at the Electoral Commission and the incremental progress at UBOS further emphasize the uneven pace of compliance across institutions. These findings underscore the importance of continuous compliance monitoring, leadership accountability, and investment in data protection capabilities. Institutions managing sensitive citizen data must embed privacy-by-design principles and strengthen governance frameworks to ensure regulatory compliance, mitigate data breach risks, and maintain public trust in digital government services.