When an AI system supports a diagnosis in Lagos, Nairobi, Accra, or Johannesburg, who controls the data, who validates the algorithm, and who is accountable when the system fails? This question is increasingly urgent as African health systems adopt AI-enabled diagnostic technologies to respond to rising disease burdens, workforce shortages, and unequal access to specialist care.

In this article, AI-enabled diagnostic technologies are defined as digital tools that use machine learning or related artificial intelligence techniques to analyse clinical, imaging, laboratory, audio, genomic, electronic medical record, or patient-reported symptom data in order to support, augment, or partially automate diagnostic decision-making. These systems may be embedded in telemedicine platforms, electronic medical records, radiology workflows, point-of-care testing, or mobile health applications. Their outputs can include risk scores, triage recommendations, disease classifications, abnormality detection, or suggested clinical pathways.

Over the past decade, debates on AI diagnostics in Africa have evolved from optimism about technological leapfrogging to more critical reflection on power, dependency, and governance. Early discussions emphasised AI as a response to shortages of health professionals, weak referral systems, and limited diagnostic infrastructure.1,2 More recent scholarship has questioned whether these technologies can reproduce existing inequalities when they are trained on non-African datasets, hosted on foreign cloud infrastructure, governed through opaque proprietary systems, and deployed in health systems with limited regulatory capacity.3–8 The question is therefore no longer only whether AI can improve diagnostic performance, but whether African patients, clinicians, regulators, and innovators can govern the systems that increasingly shape diagnostic decisions.

The problem is not abstract. Patients in under-resourced settings may suffer from misclassification, delayed referral, inappropriate treatment pathways, or diagnostic tools that perform poorly for local epidemiological profiles. Frontline clinicians may become dependent on decision-support systems whose assumptions, limitations, and update cycles are not transparent. Public regulators may be unable to audit algorithms or enforce accountability when data storage, model training, and model updates occur outside their jurisdiction. Local innovators may also face dependency on foreign platforms and training data, while African health systems risk losing economic value from data generated by their own populations.

The social and economic costs are significant. Clinically, poorly validated AI diagnostics can undermine patient safety and trust. Economically, dependence on externally governed cloud infrastructure may lock ministries, insurers, and providers into recurring costs while limiting domestic AI capacity building. Socially, weak data governance may intensify data extraction, where African health data improve externally controlled models without equivalent reinvestment in local infrastructure, skills, or public health priorities. These dynamics could create a new digital divide in which AI expands access for some while deepening structural dependency for others.

This paper examines the political economy of AI-enabled diagnostic innovation in Africa through a multi-case analysis of Helium Health, Ubenwa, Neural Labs Africa, and Envisionit Deep AI. It asks how cloud infrastructure choices, cross-border data flows, and fragmented regulatory regimes shape diagnostic sovereignty. The study addresses two gaps in the literature: first, limited analysis of data sovereignty as a foundation for diagnostic equity; and second, limited attention to how global market forces, platform power, and geopolitical interests structure control over AI diagnostic infrastructures. The significance of the study lies in reframing AI diagnostics as a governance question: equitable AI in African health systems requires not only ethical algorithms, but public and regional capacity to govern data, infrastructure, models, and validation systems.

Theoretical Framework: Political economy of AI-enabled diagnostics in Africa

The political economy of technology examines how political, economic, and social forces structure the development, diffusion, ownership, and control of technological systems.9–11 Applied to AI-enabled diagnostics, this perspective shifts attention from model accuracy alone to the institutional and infrastructural conditions under which diagnostic systems are built, deployed, governed, and monetised.

Three dimensions are particularly relevant. First, state power and geopolitical competition shape where digital infrastructures are built, who finances them, and whose strategic priorities they serve. Cloud services, data centres, and communication networks function as geopolitical assets that can extend influence and structure dependency.12–14 Second, corporate concentration allows a small number of technology firms to control layers of the AI value chain, including cloud infrastructure, data standards, computational resources, and platform interfaces.5,7,10,15 Third, political economy perspectives highlight how technological systems reproduce inequalities in access and value capture, especially where Global South actors supply data and markets while Global North actors retain control over infrastructure, intellectual property, and monetisation pathways.5,7,16,17

The analytical pathway used in this study is therefore: global platform control over cloud and compute infrastructure shapes data location and model governance; data location and model governance influence regulatory auditability and local retraining capacity; and auditability and retraining capacity affect diagnostic equity, accountability, and sovereignty. This framework guides the coding of four dimensions across cases: cloud dependency, data ownership and location, model validation and retraining, and regulatory exposure.

Methods

This study uses an exploratory multi-case analysis supported by a targeted review of academic and grey literature. It applies a political-economy framework to publicly available secondary data on four African health AI firms. Because no primary data were collected and no internal firm documentation was accessed, the findings should be interpreted as evidence of publicly observable patterns rather than definitive verification of internal infrastructure configurations or compliance practices.

Country and case selection

Nigeria, Kenya, and South Africa were selected because they represent active digital health environments with variation in market size, regulatory capacity, and digital infrastructure. Four firms—Helium Health, Ubenwa, Neural Labs Africa, and Envisionit Deep AI—were purposively selected18 based on: (i) maturity and visibility through active deployment or advanced pilots; (ii) technological variety, including electronic medical records, AI-supported triage, sound-based diagnostics, and medical imaging; and (iii) geographic and regulatory diversity across the three countries. This approach prioritises analytical relevance over representativeness.

Data sources and search strategy

The final dataset comprised 36 documents: 26 academic sources, 6 policy or regulatory documents, and 4 firm-level sources. Documents were identified through searches of Google Scholar, PubMed, and Scopus using terms including ‘artificial intelligence AND Africa AND health’, ‘health AI AND data sovereignty’, ‘digital health AND cloud infrastructure AND Africa’, and ‘AI governance AND Global South’. Grey literature and policy documents were retrieved from the African Union, national data protection authorities, the World Health Organization, and relevant official websites. Firm-level sources were retrieved from company websites and publicly available product or technical descriptions. Searches were conducted between November 2025 and January 2026. Documents were included if they were published between 2017 and 2025, addressed AI, digital health, data governance, cloud infrastructure, or relevant political-economic dynamics, and were available in English. Documents were excluded if they were purely clinical or technical without relevance to governance, data infrastructure, or political economy.

Coding and analysis

Thematic coding combined deductive and inductive procedures. Deductive codes were developed from the political-economy framework and included data ownership, cloud dependence, regulatory jurisdiction, cross-border data transfer, model validation, model retraining, value capture, and infrastructural control. Inductive coding identified additional themes emerging from the documents, including infrastructural lock-in, externalised regulatory authority, scalability-sovereignty trade-offs, and governance asymmetry. Each case was analysed along comparable dimensions: cloud provider, infrastructure function, data location or movement, model validation and retraining evidence, and regulatory exposure.

Evidence standards

A claim was retained as a finding only when it was supported by at least one firm-level source and contextualised by policy, regulatory, or academic sources. Where public documentation did not provide evidence of a practice, the manuscript uses cautious language such as ‘no publicly available evidence was identified’ rather than treating absence of documentation as proof that the practice does not exist. Claims about AWS, Google Cloud, offshore processing, and model retraining therefore refer to publicly observable evidence, not independently audited infrastructure records. This distinction is important because firm websites, public product descriptions, and regulatory documents cannot fully reveal contractual arrangements, internal compliance procedures, or technical architecture.

Table 1.Transparency matrix of the 36 coded documents
No. Document/source Type Coding role
1 Etori et al. (2023), What we know so far: AI in African healthcare Academic/preprint AI health context in Africa
2 Korom et al. (2025), AI-based clinical decision support for primary care Academic/preprint Clinical decision-support context
3 Arakpogun et al. (2021), Artificial intelligence in Africa Academic chapter AI opportunities and structural challenges
4 De Freitas (2025), Digital sovereignty and data colonialism Policy paper Digital sovereignty and Global South context
5 Couldry and Mejias (2019), The Costs of Connection Academic book Data colonialism and value extraction
6 Martin (2021), Geopolitics and digital sovereignty Academic chapter Digital sovereignty and geopolitical framing
7 Birhane (2020), Algorithmic colonization of Africa Peer-reviewed article Algorithmic colonialism and African AI governance
8 Gwagwa et al. (2022), Ubuntu and global AI inclusion discourse Peer-reviewed article African-centred AI ethics
9 Bijker et al. (1987), Social Construction of Technological Systems Academic book Technology and society framework
10 Srnicek (2017), Platform Capitalism Academic book Platform concentration and infrastructural control
11 Farrell and Newman (2019), Weaponized interdependence Peer-reviewed article Geopolitical dependency in networked infrastructure
12 Herr (2020), Four myths about the cloud Policy report Cloud geopolitics
13 World Economic Forum (2025), AI geopolitics and data centres Policy commentary Data centres and AI geopolitical rivalry
14 Crawford (2021), Atlas of AI Academic book Material and political costs of AI
15 Mohamed et al. (2020), Decolonial AI Peer-reviewed article Decolonial AI theory
16 Zuboff (2019), Age of Surveillance Capitalism Academic book Surveillance capitalism and data value capture
17 Andreoni and Roberts (2022), Governing digital platform power Peer-reviewed article Digital platform power and industrial policy
18 African Union/Pan-African Parliament (2025), Data sovereignty and ethical AI Policy statement Continental data sovereignty policy context
19 Alaran et al. (2025), AI in African health space Peer-reviewed article Challenges and opportunities in African health AI
20 The Future Society (2022), AI in Healthcare in Africa Policy report African AI health ecosystem
21 WHO/ITU AI for Health programme Policy/technical source AI for health governance and standards context
22 Kwet (2019), Digital colonialism Academic/preprint Digital colonialism and Global South dependency
23 Kasy (2024), Political economy of AI Working paper Democratic control of predictive systems
24 Andigema et al. (2025), AI in African healthcare Preprint Structural challenges and innovation
25 Moleka (2023), Diagnostic sovereignty in African health systems Grey/academic source Diagnostic sovereignty framing
26 Monahan (2008), Surveillance and inequality Peer-reviewed article Surveillance and inequality
27 Tajik et al. (2024), Purposive sampling Peer-reviewed article Case-selection justification
28 Nigeria NDPR Implementation Framework (2021) Regulatory document Nigeria cross-border data and compliance context
29 Kenya Data Protection (General) Regulations (2021) Regulatory document Kenya cross-border data transfer rules
30 South Africa POPIA, Section 72 Regulatory document South Africa transfer of personal information
31 African Union Data Policy Framework (2022) Policy framework Regional data governance and harmonisation
32 African Union Continental AI Strategy (2024) Policy strategy Africa-centred AI governance context
33 Helium Health website/about/product materials Firm-level source Case evidence: EMR, telemedicine, cloud-linked services
34 Ubenwa website/about/research materials Firm-level source Case evidence: sound-based neonatal AI diagnostics
35 Neural Labs Africa website/resources Firm-level source Case evidence: medical imaging AI and platform deployment
36 Envisionit Deep AI website/platform materials Firm-level source Case evidence: radiology AI and platform deployment

Results

Analysis of the four firms—Helium Health, Ubenwa, Neural Labs Africa, and Envisionit Deep AI—identified three recurring structural patterns: infrastructural lock-in, data sovereignty deficits, and governance asymmetry. These patterns are based on publicly available sources and should be read as indicative evidence rather than independently audited infrastructure findings.

Table 2.Publicly observable infrastructure evidence across cases
Firm Primary setting Publicly reported cloud provider Reported infrastructure function Governance implication
Helium Health Nigeria, Ghana, Kenya, Uganda, Liberia AWS and Google Cloud Platform reported in public documentation Storage, computation, EMR, telemedicine, billing and health-financing functions Cross-border processing may trigger NDPR and related data-transfer safeguards; public evidence of local model retraining was not identified.
Ubenwa Nigeria/Canada-linked research collaborations Google Cloud Platform reported in public and research-facing materials Audio data processing, AI inference, dataset storage and acoustic model training Processing of Nigerian neonatal audio data outside Nigeria may require safeguards under NDPR; public evidence of locally governed Nigerian training datasets was not identified.
Neural Labs Africa Kenya AWS reported in public resources Medical imaging AI platform deployment and scalability Offshore storage or processing may require appropriate safeguards under Kenya’s Data Protection Act and General Regulations; public evidence of local audit access was not identified.
Envisionit Deep AI South Africa AWS reported in public platform materials Radiology image analysis, algorithmic inference and cloud-based deployment Offshore processing may trigger POPIA Section 72 protections for transfers outside South Africa; public evidence of direct regulator access to model updates was not identified.

Infrastructural lock-in

Across the four cases, publicly available documentation indicates reliance on foreign hyperscale cloud providers for key infrastructure functions. Helium Health is associated with AWS and Google Cloud Platform for clinical and financial services. Ubenwa is associated with Google Cloud-based pipelines for audio processing and model training. Neural Labs Africa and Envisionit Deep AI are associated with AWS for imaging platform deployment and diagnostic inference. These observations were coded under cloud dependence and regulatory jurisdiction.

The result is not that the firms necessarily lack agency or that foreign cloud services are inherently harmful. Rather, the pattern suggests that essential layers of AI diagnostic functionality—storage, compute, training, inference, and updates—may be located outside domestic regulatory reach. This creates a potential lock-in problem: local service delivery depends on external infrastructure, and regulators may not have direct access to the systems needed to audit clinical performance or model changes.

Data sovereignty deficits and clinical relevance

Publicly available sources did not identify systematic local retraining or locally governed datasets across the four cases. This does not prove that such practices are absent; rather, it indicates a transparency gap. In AI diagnostics, the absence of publicly documented local validation is consequential because diagnostic performance depends on whether models are tested against the demographic, epidemiological, linguistic, and clinical characteristics of the populations in which they are deployed.

Regulatory documents show that cross-border health data flows are subject to different requirements across Nigeria, Kenya, and South Africa. Nigeria’s NDPR framework permits transfers subject to safeguards, Kenya’s Data Protection Regulations require appropriate safeguards and regulatory processes for cross-border transfers, and South Africa’s POPIA Section 72 requires that transferred personal information receive adequate protection. These differences create compliance complexity for firms operating across borders and may constrain the pooling of African clinical datasets needed for locally relevant model development.

Governance asymmetry

The four cases show a recurring asymmetry between local service delivery and external infrastructure control. Clinical triage, hospital management, neonatal screening, and radiology support are delivered within African health systems, but core infrastructure functions may be hosted through AWS or Google Cloud. This separates the site of clinical impact from the site of technical control.

This asymmetry matters because diagnostic sovereignty depends on more than data ownership. It requires the capacity to inspect datasets, test model performance, audit updates, govern cross-border transfers, and require corrective action when models underperform. Across the four cases, no publicly available evidence was identified showing direct regulatory access to externally hosted model training or update environments.

Discussion

The three patterns identified—infrastructural lock-in, data sovereignty deficits, and governance asymmetry—point to a form of structural dependency that may limit the capacity of African health systems to govern diagnostic AI in the public interest. The issue is not merely that diagnostic data may cross borders. Rather, the concern is that data, compute, model training, inference, validation, and update systems can be distributed across jurisdictions in ways that make domestic regulatory authority difficult to exercise.

The reliance of the selected firms on AWS or Google Cloud is consistent with broader literature on hyperscaler dominance in Global South technology ecosystems.5,7,10,19 Platform capitalism concentrates control over algorithms, standards, data infrastructures, and computational resources within a small number of global firms. In African health AI, this can position local innovators as deployers of externally governed infrastructures rather than full governors of the diagnostic systems they build.

The policy challenge is therefore layered. Data localisation alone is insufficient if model training, audit logs, inference engines, and update mechanisms remain externally governed. Equally, prohibiting foreign cloud infrastructure outright could restrict innovation and scalability in resource-limited settings. A more practical approach is staged sovereignty: retaining access to global cloud capacity while progressively building local and regional governance over sensitive data, validation, and audit functions.

Operationalising diagnostic sovereignty

Table 3.Policy pathway for governing AI-enabled diagnostics in Africa
Policy instrument Lead institutions Operational steps Time horizon Expected contribution
Tiered data sovereignty framework National data protection authorities, ministries of health, health facility regulators Classify data into tiers: raw identifiable clinical data, pseudonymised clinical datasets, metadata, model outputs, audit logs, and model weights. Require local or regional hosting for the most sensitive tiers while allowing controlled cross-border processing for lower-risk tiers. 0-24 months Clear rules on what must remain under domestic or regional jurisdiction.
Regional health data trusts African Union, Africa CDC, regional economic communities, national regulators, public universities Create governed institutions for pooling de-identified clinical datasets across countries. Include patient/community representation, ethics oversight, access committees, benefit-sharing rules, and audit requirements for firms using pooled datasets. 1-5 years Larger, more representative African datasets for model training and validation.
Tiered validation sandboxes National regulators, medical device agencies, teaching hospitals, professional councils Test AI diagnostic tools in staged environments: technical validation, retrospective clinical validation, prospective supervised deployment, and post-market monitoring. Require reporting on accuracy, bias, safety, explainability, cybersecurity, and population-specific performance. 0-36 months Faster innovation with patient-safety safeguards and regulatory learning.
Public audit infrastructure Ministries of health, data protection authorities, regional centres of excellence Require firms to provide audit logs, model cards, dataset documentation, update histories, and incident reporting. Build regulator capacity to inspect cloud-hosted systems through contractual audit rights and secure interfaces. 1-4 years Improved regulatory visibility over externally hosted models and updates.
Local capacity and procurement rules Governments, donors, development finance institutions, universities Tie public procurement and donor-funded AI projects to local skills transfer, local validation, data-access provisions, and domestic or regional compute partnerships. 1-5 years Reduced long-term dependency and stronger African AI innovation ecosystems.

These pathways are complementary. Tiered data sovereignty defines what must be governed locally or regionally; data trusts provide institutional mechanisms for responsible dataset pooling; validation sandboxes create pathways for safe and adaptive regulation; audit infrastructure gives regulators visibility over models and updates; and procurement rules convert public spending into long-term domestic capacity. Together, they move the debate from abstract sovereignty to implementable governance design.

Limitations

Several limitations must be acknowledged. First, this study relies exclusively on publicly available secondary data, including firm websites, published academic literature, public policy documents, and accessible regulatory instruments. No interviews were conducted with firm representatives, regulators, clinicians, patients, or cloud providers. The study therefore cannot independently verify internal infrastructure configurations, contractual arrangements, retraining practices, or compliance procedures.

Second, the purposive selection of four firms from three countries prioritises analytical relevance over representativeness. Firms with strong public visibility and links to foreign cloud infrastructure may be overrepresented relative to smaller, community-based, locally financed, or public-sector initiatives. The findings should therefore not be generalised to all African health AI projects.

Third, the political-economy framework foregrounds structural constraints and power asymmetries. This lens may understate firm-level innovation, adaptive strategies, and local governance practices that are not visible in public documents. Future research should combine technical audits, interviews, regulatory analysis, and patient-centred evaluation to test the patterns identified here.

Conclusions

AI-enabled diagnostics are often presented as tools for closing gaps in access to care. This article argues that they may also create a new digital divide if African health systems lack control over the data, infrastructure, models, and validation systems that shape diagnostic decisions. The central contribution of the study is to show that diagnostic sovereignty is not reducible to data ownership or data localisation. It requires the capacity to govern the full diagnostic AI pipeline: clinical data collection, storage, cross-border transfer, model training, inference, updating, validation, audit, and accountability.

The multi-case analysis identified three publicly observable patterns across four African health technology firms: infrastructural lock-in, data sovereignty deficits, and governance asymmetry. These findings are exploratory, but they indicate that local clinical deployment can coexist with external control over essential technical infrastructure. Where this occurs, the benefits of AI diagnostics may be unevenly distributed, while patients, clinicians, regulators, and public health systems bear the risks of weak validation, limited auditability, and dependency on foreign platforms.

Preventing this outcome requires a shift from narrow AI ethics to political-economic governance. African governments and regional institutions should develop tiered data sovereignty frameworks, regional health data trusts, validation sandboxes, public audit infrastructure, and procurement rules that build domestic and regional capacity. The goal is not technological isolation, but accountable interdependence: African health systems should be able to use global AI capabilities while retaining meaningful authority over the diagnostic data, infrastructures, models, and validation processes that affect their populations.

Funding

The research presented in this manuscript received no external funding.

Authorship contributions

Kopati Gbali Carl Adams and Okechukwu Ignatius Eze conceived the study. Kopati Gbali Carl Adams wrote the first draft with contributions from Francisca Arboh. Okechukwu Ignatius Eze revised the draft and checked for intellectual content. All authors approved the manuscript as submitted.

Competing interests

None declared.

Correspondence to:

Eze Okechukwu Ignatius

Teesside University International Business School, Middlesbrough, UK. Email: o.eze@tees.ac.uk