<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE article PUBLIC "-//NLM//DTD JATS (Z39.96) Journal Publishing DTD v1.2 20190208//EN" "http://jats.nlm.nih.gov/publishing/1.2/JATS-journalpublishing1.dtd"><article xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink" article-type="research-article" dtd-version="1.2" xml:lang="en">
    <front>
        <journal-meta>
            <journal-id journal-id-type="pmc">F1000Research</journal-id>
            <journal-title-group>
                <journal-title>F1000Research</journal-title>
            </journal-title-group>
            <issn pub-type="epub">2046-1402</issn>
            <publisher>
                <publisher-name>F1000 Research Limited</publisher-name>
                <publisher-loc>London, UK</publisher-loc>
            </publisher>
        </journal-meta>
        <article-meta>
            <article-id pub-id-type="doi">10.12688/f1000research.182539.1</article-id>
            <article-categories>
                <subj-group subj-group-type="heading">
                    <subject>Research Article</subject>
                </subj-group>
                <subj-group>
                    <subject>Articles</subject>
                </subj-group>
            </article-categories>
            <title-group>
                <article-title>Building Digital Trust in East Africa: The Role of National ID and ICT Policy in Somalia&#x2019;s Digital Transformation</article-title>
                <fn-group content-type="pub-status">
                    <fn>
                        <p>[version 1; peer review: awaiting peer review]</p>
                    </fn>
                </fn-group>
            </title-group>
            <contrib-group>
                <contrib contrib-type="author" corresp="yes">
                    <name>
                        <surname>Isak</surname>
                        <given-names>Mohamed Adam</given-names>
                    </name>
                    <role content-type="http://credit.niso.org/">Conceptualization</role>
                    <role content-type="http://credit.niso.org/">Data Curation</role>
                    <role content-type="http://credit.niso.org/">Formal Analysis</role>
                    <role content-type="http://credit.niso.org/">Investigation</role>
                    <role content-type="http://credit.niso.org/">Methodology</role>
                    <role content-type="http://credit.niso.org/">Project Administration</role>
                    <role content-type="http://credit.niso.org/">Resources</role>
                    <role content-type="http://credit.niso.org/">Software</role>
                    <role content-type="http://credit.niso.org/">Supervision</role>
                    <role content-type="http://credit.niso.org/">Writing &#x2013; Original Draft Preparation</role>
                    <role content-type="http://credit.niso.org/">Writing &#x2013; Review &amp; Editing</role>
                    <uri content-type="orcid">https://orcid.org/0009-0000-6813-7810</uri>
                    <xref ref-type="corresp" rid="c1">a</xref>
                    <xref ref-type="aff" rid="a1">1</xref>
                </contrib>
                <contrib contrib-type="author" corresp="no">
                    <name>
                        <surname>Mohamud</surname>
                        <given-names>Abdulkadir Jeilani</given-names>
                    </name>
                    <role content-type="http://credit.niso.org/">Methodology</role>
                    <role content-type="http://credit.niso.org/">Project Administration</role>
                    <role content-type="http://credit.niso.org/">Validation</role>
                    <role content-type="http://credit.niso.org/">Visualization</role>
                    <role content-type="http://credit.niso.org/">Writing &#x2013; Original Draft Preparation</role>
                    <role content-type="http://credit.niso.org/">Writing &#x2013; Review &amp; Editing</role>
                    <xref ref-type="aff" rid="a1">1</xref>
                </contrib>
                <aff id="a1">
                    <label>1</label>Computer Science, Somali National University, Mogadishu, Banaadir, Somalia</aff>
            </contrib-group>
            <author-notes>
                <corresp id="c1">
                    <label>a</label>
                    <email xlink:href="mailto:mohamed.isak@snu.edu.so">mohamed.isak@snu.edu.so</email>
                </corresp>
                <fn fn-type="conflict">
                    <p>No competing interests were disclosed.</p>
                </fn>
            </author-notes>
            <pub-date pub-type="epub">
                <day>30</day>
                <month>6</month>
                <year>2026</year>
            </pub-date>
            <pub-date pub-type="collection">
                <year>2026</year>
            </pub-date>
            <volume>15</volume>
            <elocation-id>1029</elocation-id>
            <history>
                <date date-type="accepted">
                    <day>12</day>
                    <month>6</month>
                    <year>2026</year>
                </date>
            </history>
            <permissions>
                <copyright-statement>Copyright: &#x00a9; 2026 Isak MA and Mohamud AJ</copyright-statement>
                <copyright-year>2026</copyright-year>
                <license xlink:href="https://creativecommons.org/licenses/by/4.0/">
                    <license-p>This is an open access article distributed under the terms of the Creative Commons Attribution Licence, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.</license-p>
                </license>
            </permissions>
            <self-uri content-type="pdf" xlink:href="https://f1000research.com/articles/15-1029/pdf"/>
            <abstract>
                <p>Trusted digital identities sit at the heart of any modern, inclusive financial system. This paper investigates Somalia&#x2019;s transition from a fragmented digital landscape to a secure, integrated ecosystem through the lens of a &#x201c;Three Pillars&#x201d; framework: Robust Digital Identity, Comprehensive ICT Policy, and Proactive Cybersecurity Safeguards. Utilizing a qualitative multi-method approach, the study triangulates fifteen semi-structured interviews with regulators, financial experts, and civil society against a rigorous analysis of foundational policies, including the Data Protection Act (2023) and the Cybersecurity Law (2026).</p>
                <p>Results indicate that Somalia&#x2019;s digital identity ecosystem&#x2014;comprising e-Aqoonsi, HUBIYE, and the Certificate Delivery System (CDS)&#x2014;serves as a technical anchor for financial inclusion, significantly bolstered by a July 2025 Central Bank mandate requiring National IDs for all banking transactions. These tools are supported by legal scaffolding under the Data Protection Authority and proactive security guardrails provided by the Somalia Computer Incident Response Team (SOMCIRT).</p>
                <p>However, comparative analysis reveals that while Somalia has achieved technical parity with East African Community (EAC) peers in biometric capabilities, it remains an outlier due to its reliance on foreign data hosting, which poses risks to national data sovereignty. To realize Somalia&#x2019;s Centennial Vision 2060, the study concludes that the nation must bridge implementation gaps in rural digital literacy and technical capacity while transitioning toward local data infrastructure. The paper proposes a strategic roadmap for regional harmonization and enhanced institutional coordination to sustain public trust in the emerging digital economy.</p>
            </abstract>
            <kwd-group kwd-group-type="author">
                <kwd>Digital Identity</kwd>
                <kwd>ICT Policy</kwd>
                <kwd>Cybersecurity</kwd>
                <kwd>Somalia&#x2019;s Digital Transformation</kwd>
                <kwd>E-government.</kwd>
            </kwd-group>
            <funding-group>
                <funding-statement>The author(s) declared that no grants were involved in supporting this work.</funding-statement>
            </funding-group>
        </article-meta>
    </front>
    <body>
        <sec id="sec1" sec-type="intro">
            <title>Introduction</title>
            <p>Across East Africa, the rapid growth of digital financial services is transforming how people save, transact, and access credit&#x2014;especially among populations previously excluded from formal financial systems (
                <xref ref-type="bibr" rid="ref34">World Bank, 2025</xref>). Mobile money platforms, agent banking, and digital wallets have become powerful tools for economic empowerment (
                <xref ref-type="bibr" rid="ref3">East African Community Secretariat, 2021</xref>). Yet, behind this progress lies a critical concern: the issue of digital trust (
                <xref ref-type="bibr" rid="ref22">OECD, 2020</xref>). Many East African countries still struggle with fragmented identity verification systems, inconsistent cybersecurity protections, and mismatched regulatory frameworks (
                <xref ref-type="bibr" rid="ref33">World Bank, 2023</xref>). In Somalia, the situation is even more complex. Prolonged instability and limited infrastructure have slowed the development of a secure, inclusive digital identity ecosystem (
                <xref ref-type="bibr" rid="ref1">Centre for Internet and Society, 2023</xref>), although the Data Protection Act (2023) and the newly established Data Protection Authority now provide a legal framework to enhance trust and privacy protections (
                <xref ref-type="bibr" rid="ref8">Federal Republic of Somalia, 2017</xref>, 
                <xref ref-type="bibr" rid="ref9">2019</xref>).</p>
            <p>Recognizing this, both national and regional actors are working to reverse course. The East African Community (EAC), for instance, is pushing for broader digital integration through strategic initiatives like the World Bank-supported Eastern Africa Regional Digital Integration Project (EARDIP) (
                <xref ref-type="bibr" rid="ref34">World Bank, 2025</xref>). These efforts highlight a critical understanding: for digital systems to succeed, they must not only be technologically sound, but also rooted in local realities, human rights principles, and user trust.</p>
            <p>In Somalia, tangible progress is underway through the National ICT Policy &amp; Strategy 2019&#x2013;2024 (
                <xref ref-type="bibr" rid="ref9">Federal Republic of Somalia, 2019</xref>), the National Communications Law 2017 (
                <xref ref-type="bibr" rid="ref8">Federal Republic of Somalia, 2017</xref>), and the ICT Regulatory Transformational Strategy 2023&#x2013;2027 (
                <xref ref-type="bibr" rid="ref16">National Communications Authority, 2025</xref>). These documents collectively aim to expand affordable internet access, promote e-Government services, reinforce regulatory frameworks, introduce enforceable data protection measures under Law No. 005/2023, and establish secure digital ID systems. Prominent initiatives such as e-Aqoonsi, HUBIYE, and the Certificate Delivery System (CDS) illustrate this commitment (
                <xref ref-type="bibr" rid="ref13">IDTechWire, 2025</xref>).</p>
            <p>Importantly, these digital reforms align with Somalia&#x2019;s Centennial Vision 2060, the nation&#x2019;s long-term strategy to become a stable, inclusive, and middle-income country by the time it reaches its 100th year of independence. Vision 2060 places digital transformation and institutional trust at the heart of economic development, emphasizing the role of ICT in service delivery, governance, and citizen empowerment. However, achieving these ambitions depends on addressing foundational issues&#x2014;such as fragmented identity systems, weak cybersecurity infrastructure, and low public trust&#x2014;which this paper seeks to explore.</p>
            <p>This paper proposes that the construction of digital trust in Somalia is built upon three essential pillars: Robust Digital Identity, Comprehensive ICT Policy, and Proactive Cybersecurity Safeguards.
                <list list-type="bullet">
                    <list-item>
                        <label>&#x25aa;</label>
                        <p>Pillar 1: Digital Identity serves as the foundation, utilizing systems like e-Aqoonsi, HUBIYE, and the Certificate Delivery System (CDS) to authenticate users and reduce fraud.</p>
                    </list-item>
                    <list-item>
                        <label>&#x25aa;</label>
                        <p>Pillar 2: ICT Policy provides the legal scaffolding, primarily through the Data Protection Act (2023), which ensures the lawful processing of personal information.</p>
                    </list-item>
                    <list-item>
                        <label>&#x25aa;</label>
                        <p>Pillar 3: Cybersecurity acts as the security guardrail, operationalized by the Cybersecurity Law (2026) and the Somalia Computer Incident Response Team (SOMCIRT) to protect critical infrastructure.</p>
                    </list-item>
                </list>
            </p>
            <p>This paper examines how these three pillars, when integrated and aligned with regional efforts, can contribute to building digital trust and enabling financial inclusion&#x2014;not only in Somalia but throughout the East African region.</p>
        </sec>
        <sec id="sec2">
            <title>I. Literature Review</title>
            <sec id="sec3">
                <title>A. Financial Inclusion and Digital Payments in the EAC</title>
                <p>Mobile money platforms, notably Kenya&#x2019;s M-PESA, have significantly broadened financial access for the unbanked (
                    <xref ref-type="bibr" rid="ref29">Vodafone Group, 2025</xref>). In Somalia, local mobile payment services such as EVC Plus by Hormuud Telecom and E-Dahab by Dahabshiil also play a crucial role in daily financial transactions. These platforms are widely adopted across the country, enabling users to send and receive money, pay bills, top up airtime, and access small-scale digital finance. Their accessibility&#x2014;even in remote areas&#x2014;has made them essential tools for driving financial inclusion in fragile settings.</p>
                <p>The transformative impact of mobile money on financial inclusion has been extensively documented in Kenya. 
                    <xref ref-type="bibr" rid="ref14">Jack and Suri (2014)</xref> found that M-PESA reduced transaction costs, improved risk-sharing among households, and enhanced financial resilience, particularly among low-income populations. These findings demonstrate the broader potential of mobile money platforms to promote inclusive economic participation and provide valuable lessons for other East African countries, including Somalia.</p>
                <p>However, despite this progress, regional interoperability and regulatory inconsistencies continue to hinder cross-border financial integration (
                    <xref ref-type="bibr" rid="ref5">East African Community Secretariat, 2024</xref>). The Eastern Africa Regional Digital Integration Project (EARDIP) aims to address these barriers by harmonizing payment systems and e-commerce regulations across the region (
                    <xref ref-type="bibr" rid="ref34">World Bank, 2025</xref>).</p>
                <p>In Somalia, digital finance is underpinned by the National ICT Policy &amp; Strategy 2019&#x2013;2024, which prioritizes affordable ICT access and digital literacy as prerequisites for financial inclusion (
                    <xref ref-type="bibr" rid="ref9">Federal Republic of Somalia, 2019</xref>). Complementary reports, including the ICT Sector Investment Study (
                    <xref ref-type="bibr" rid="ref27">Somalia Investment Promotion Office, 2022</xref>) and the World Bank Digital Economy Report (
                    <xref ref-type="bibr" rid="ref32">World Bank, 2022</xref>), stress the importance of regulatory reform, public-private partnerships, and digital infrastructure investment to unlock inclusive financial services.</p>
                <p>Launched in 2007, M-PESA remains the region&#x2019;s most successful fintech innovation. With more than 60 million users across eight countries&#x2014;including Kenya, Tanzania, Ghana, and Ethiopia&#x2014;M-PESA enables mobile-based transactions such as money transfers, bill payments, and credit access through a network of over 660,000 agents (
                    <xref ref-type="bibr" rid="ref29">Vodafone Group, 2025</xref>). Its success offers insights for replication and scaling across the Horn of Africa, particularly in fragile markets like Somalia.</p>
            </sec>
            <sec id="sec4">
                <title>B. National ID Systems as a Tool for Trust</title>
                <p>Robust national ID systems are critical for secure identity verification and trusted access to public and private services (
                    <xref ref-type="bibr" rid="ref30 ref31">World Bank, 2019a, 2019b</xref>). Countries such as Rwanda and Uganda have implemented successful digital ID frameworks through platforms like IREMBO and NIRA, which enable biometric-based authentication for a range of services (
                    <xref ref-type="bibr" rid="ref23">Republic of Rwanda, 2015</xref>), (
                    <xref ref-type="bibr" rid="ref24">Republic of Uganda, 2015</xref>).</p>
                <p>Somalia&#x2019;s National Identification Number (NIN) initiative seeks to emulate and localize these models by linking digital IDs with financial services. The National ICT Policy &amp; Strategy 2019&#x2013;2024 underscores digital identity as central to e-Government and financial inclusion (
                    <xref ref-type="bibr" rid="ref9">Federal Republic of Somalia, 2019</xref>), while the National Communications Law 2017 (
                    <xref ref-type="bibr" rid="ref8">Federal Republic of Somalia, 2017</xref>) and the Somalia Data Protection Act 2023 provide a legal basis for consumer protection, data privacy, and lawful processing of personal information in ID-linked services.</p>
                <p>A major regulatory shift occurred in July 2025, when the Central Bank of Somalia (CBS), in partnership with the National Identification and Registration Authority (NIRA), mandated that all individuals must present a government-issued National ID to open or renew bank accounts, effective 1 September 2025. This directive establishes a standardized identity verification framework across all financial institutions and closes long-standing gaps in digital trust and user authentication (
                    <xref ref-type="bibr" rid="ref25">Somali National News Agency [SONNA], 2025a</xref>).</p>
            </sec>
            <sec id="sec5">
                <title>C. Cybersecurity in Digital Finance</title>
                <p>As digital financial ecosystems expand, exposure to cyber threats&#x2014;including fraud, data breaches, and system disruptions&#x2014;also increases (
                    <xref ref-type="bibr" rid="ref22">OECD, 2020</xref>). Weak cybersecurity frameworks can discourage user trust and limit the adoption of digital financial services. Regional initiatives such as the Eastern Africa Regional Digital Integration Project (EARDIP) emphasize the importance of strengthening cybersecurity and data governance across the EAC (
                    <xref ref-type="bibr" rid="ref8">Federal Republic of Somalia, 2017</xref>).</p>
                <p>In Somalia, earlier assessments identified major gaps in cyber readiness, prompting reforms and incident response planning (
                    <xref ref-type="bibr" rid="ref6">Federal Government of Somalia, 2020</xref>). This has advanced with the Cybersecurity Law (2026), which establishes a national framework for protecting infrastructure, securing systems, and managing cyber incidents (
                    <xref ref-type="bibr" rid="ref17">National Communications Authority [NCA], 2026a</xref>). The law also defines institutional roles and response mechanisms.</p>
                <p>Complementing this, Somalia has operationalized the Somalia Computer Incident Response Team (SOMCIRT) as the national center for detecting and responding to cyber threats (
                    <xref ref-type="bibr" rid="ref18">National Communications Authority [NCA], 2026b</xref>), marking a shift toward a more coordinated approach.</p>
                <p>However, challenges remain, including limited technical capacity, shortage of skilled professionals, and weak institutional coordination. Addressing these gaps is essential to ensure secure digital financial systems and sustain public trust.</p>
            </sec>
            <sec id="sec6">
                <title>D. Gaps in Literature</title>
                <p>Although digital ID systems and financial technologies have been widely studied, few academic works focus on the intersection of ID systems and cybersecurity in fragile contexts such as Somalia. Regional strategies like the EAC E-Commerce Framework and Somalia&#x2019;s e-Government Strategy Terms of Reference call for deeper research into public service digitization and citizen participation&#x2014;areas still underrepresented in scholarly literature (
                    <xref ref-type="bibr" rid="ref22">OECD, 2020</xref>).</p>
            </sec>
        </sec>
        <sec id="sec7">
            <title>II. Conceptual Framework</title>
            <p>The conceptual framework for this study posits that digital trust is not a standalone technological achievement but a multi-dimensional construct emerging from the convergence of three foundational pillars: Robust Digital Identity, Comprehensive ICT Policy, and Proactive Cybersecurity Safeguards. In the context of a fragile state like Somalia, these pillars provide the necessary technical, legal, and operational infrastructure required to move from a cash-based, informal economy to an inclusive digital financial ecosystem.</p>
            <sec id="sec8">
                <title>Pillar 1: Robust Digital Identity (The Foundation)</title>
                <p>At the base of the framework is Digital Identity, which serves as the primary mechanism for establishing &#x201c;who is who&#x201d; in the digital realm. In Somalia, this is operationalized through the National Identification and Registration Authority (NIRA) and its ecosystem of platforms:
                    <list list-type="bullet">
                        <list-item>
                            <label>&#x25aa;</label>
                            <p>e-Aqoonsi: Provides biometric-based authentication (facial recognition and fingerprints) to ensure unique identity and reduce fraud. The platform allows citizens to access services remotely, including bank accounts, SIM registration, and welfare programs (
                                <xref ref-type="bibr" rid="ref26">SONNA, 2025b</xref>; 
                                <xref ref-type="bibr" rid="ref19">NIRA, 2024a</xref>).</p>
                        </list-item>
                        <list-item>
                            <label>&#x25aa;</label>
                            <p>HUBIYE: Acts as a real-time verification gateway, allowing financial institutions and government agencies to validate identities against the national database. The platform supports user-consented data sharing and is designed for interoperability, fostering trust in cross-sectoral digital transactions (
                                <xref ref-type="bibr" rid="ref26">SONNA, 2025b</xref>; 
                                <xref ref-type="bibr" rid="ref19">NIRA, 2024a</xref>).</p>
                        </list-item>
                        <list-item>
                            <label>&#x25aa;</label>
                            <p>Certificate Delivery System (CDS): Ensures the authenticity of foundational documents, such as birth certificates, which are necessary for tiered Know-Your-Customer (KYC) processes. It incorporates features like QR codes and digital signatures to ensure document authenticity and reduce forgery risks, improving public sector transparency and service delivery (
                                <xref ref-type="bibr" rid="ref15">MoIFAR, 2023</xref>). The framework views these tools as the &#x201c;anchor&#x201d; for trust, particularly following the 2025 Central Bank mandate requiring a National ID for all banking transactions.</p>
                        </list-item>
                    </list>
                </p>
            </sec>
            <sec id="sec9">
                <title>Pillar 2: Comprehensive ICT Policy (The Legal Scaffolding)</title>
                <p>The second pillar provides the legal scaffolding necessary to protect user rights and regulate the behavior of digital actors. Without enforceable laws, technological tools like digital IDs can lead to privacy concerns or data misuse. This study focuses on:
                    <list list-type="bullet">
                        <list-item>
                            <label>&#x25aa;</label>
                            <p>The Data Protection Act (2023): This law establishes the legal basis for the lawful processing of personal information and creates the Data Protection Authority to oversee compliance.</p>
                        </list-item>
                        <list-item>
                            <label>&#x25aa;</label>
                            <p>National ICT Policy &amp; Strategy 2019&#x2013;2024: This framework prioritizes affordable access and digital literacy as prerequisites for trust.</p>
                        </list-item>
                        <list-item>
                            <label>&#x25aa;</label>
                            <p>ICT Regulatory Transformational Strategy 2023&#x2013;2027: This aligns domestic goals with regional standards, ensuring that Somalia&#x2019;s digital growth remains compatible with the broader East African Community (EAC).</p>
                        </list-item>
                    </list>
                </p>
            </sec>
            <sec id="sec10">
                <title>Pillar 3: Proactive Cybersecurity Safeguards (The Security Guardrail)</title>
                <p>The third pillar acts as the security guardrail, protecting the system from external threats and system disruptions that could otherwise erode public confidence. The framework identifies two critical components recently introduced in Somalia:
                    <list list-type="bullet">
                        <list-item>
                            <label>&#x25aa;</label>
                            <p>Cybersecurity Law (2026): This provides the legal mandate for protecting critical national infrastructure and defines the institutional roles for managing cyber incidents.</p>
                        </list-item>
                        <list-item>
                            <label>&#x25aa;</label>
                            <p>Somalia Computer Incident Response Team (SOMCIRT): This serves as the operational center for detecting, preventing, and responding to threats such as phishing and data breaches. By transitioning from a reactive to a proactive security stance, Somalia aims to mitigate the risks associated with foreign-hosted data systems and enhance national data sovereignty.</p>
                        </list-item>
                    </list>
                </p>
                <p>Digital trust emerges through the systematic integration of three pillars as shown in 
                    <xref ref-type="fig" rid="f1">Figure 1</xref>: Digital Identity as a technical anchor, ICT Policy as legal scaffolding for data rights, and Cybersecurity as a protective guardrail. This convergence facilitates Somalia&#x2019;s transition to an inclusive digital financial ecosystem. Harmonizing these reforms with EAC standards and Vision 2060 enables expanded access to Sharia-compliant finance and remittances for marginalized groups. Thus, digital transformation establishes a trusted foundation for economic empowerment and national data sovereignty.</p>
                <fig fig-type="figure" id="f1" orientation="portrait" position="float">
                    <label>
Figure 1. </label>
                    <caption>
                        <title>Temple of Trust model.</title>
                        <p>

                            <italic toggle="yes">Note</italic>: Conceptual framework developed by the author; visualization generated with assistance from Google Gemini (
                            <xref ref-type="bibr" rid="ref12">Google, 2025</xref>).</p>
                    </caption>
                    <graphic id="gr1" orientation="portrait" position="float" xlink:href="https://f1000research-files.f1000.com/manuscripts/201492/80c39f2d-c056-406b-b64d-cbbe13392bbd_figure1.gif"/>
                </fig>
            </sec>
        </sec>
        <sec id="sec11">
            <title>III. Data and Methodology</title>
            <p>This study utilizes a qualitative, multi-method approach to capture the technical and social complexities of digital trust in Somalia. By combining primary insights from key stakeholders with a rigorous analysis of policy documents, the research provides a comprehensive view of how identity systems and regulations intersect to foster financial inclusion.</p>
            <sec id="sec12">
                <title>A. Research Design</title>
                <p>The researchers followed a qualitative, multi-method approach, combining semi-structured interviews with document analysis, to capture firsthand insights and policy trends shaping digital trust in Somalia, within the broader East African context.</p>
            </sec>
            <sec id="sec13">
                <title>B. Data collection</title>
                <p>

                    <list list-type="alpha-lower">
                        <list-item>
                            <label>a.</label>
                            <p>

                                <bold>Semi-Structured Interviews</bold>
                            </p>
                        </list-item>
                    </list>
                </p>
                <p>To capture nuanced perspectives on digital trust, fifteen key informants&#x2014;including consultants, IT engineers, digital finance experts, bank staff, and civil society representatives&#x2014;were interviewed between June 2025 and Jan 2026, via in-person and virtual formats using a conversational style with open-ended questions. To ensure the integrity and candor of the data, all participants provided informed consent regarding anonymity and confidentiality, with interviews held in neutral, private settings. Researchers&#x2019; bias was mitigated through the systematic documentation of reflections in detailed field notes.
                    <list list-type="alpha-lower">
                        <list-item>
                            <label>b.</label>
                            <p>

                                <bold>Policy review</bold>
                            </p>
                        </list-item>
                    </list>
                </p>
                <p>Primary interview data was triangulated with a rigorous review of foundational Somali legal and strategic frameworks. This included the National ICT Policy &amp; Strategy 2019&#x2013;2024, National Communications Law 2017, and ICT Regulatory Transformational Strategy 2023&#x2013;2027. Critically, the review also examined the Data Protection Act (2023) and the Cybersecurity Law (2026) to evaluate the legal scaffolding of the digital ecosystem. These documents were analyzed alongside comparative features of other East African Community (EAC) national ID frameworks, as summarized in 
                    <xref ref-type="table" rid="T1">
Table 1</xref>.</p>
                <table-wrap id="T1" orientation="portrait" position="float">
                    <label>
Table 1. </label>
                    <caption>
                        <title>Comparative Analysis of National Digital Identity Systems in Somalia and Selected East African Countries.</title>
                    </caption>
                    <table content-type="article-table" frame="hsides">
                        <thead>
                            <tr>
                                <th align="left" colspan="1" rowspan="1" valign="top">Country</th>
                                <th align="left" colspan="1" rowspan="1" valign="top">Introduced</th>
                                <th align="left" colspan="1" rowspan="1" valign="top">Biometrics</th>
                                <th align="left" colspan="1" rowspan="1" valign="top">Smart Card</th>
                                <th align="left" colspan="1" rowspan="1" valign="top">Mobile ID</th>
                                <th align="left" colspan="1" rowspan="1" valign="top">Data Protection Law</th>
                                <th align="left" colspan="1" rowspan="1" valign="top">Cybersecurity Law</th>
                                <th align="left" colspan="1" rowspan="1" valign="top">Financial Integration</th>
                                <th align="left" colspan="1" rowspan="1" valign="top">Data Hosting</th>
                                <th align="left" colspan="1" rowspan="1" valign="top">Cross-Border Interoperability</th>
                            </tr>
                        </thead>
                        <tbody>
                            <tr>
                                <td align="left" colspan="1" rowspan="1" valign="top">Somalia</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">2022 (Pilot)</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">Yes</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">Yes</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">Yes</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">Yes</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">Yes</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">Full</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">Foreign</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">Planned</td>
                            </tr>
                            <tr>
                                <td align="left" colspan="1" rowspan="1" valign="top">Kenya</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">2013</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">Yes</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">Yes</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">Yes</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">Yes</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">Yes</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">Full</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">Local</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">Yes</td>
                            </tr>
                            <tr>
                                <td align="left" colspan="1" rowspan="1" valign="top">Uganda</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">2014</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">Yes</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">Yes</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">No</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">Yes</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">Yes</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">Full</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">Local</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">Yes</td>
                            </tr>
                            <tr>
                                <td align="left" colspan="1" rowspan="1" valign="top">Rwanda</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">2015</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">Yes</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">Yes</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">Yes</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">Yes</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">Yes</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">Full</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">Local</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">Yes</td>
                            </tr>
                            <tr>
                                <td align="left" colspan="1" rowspan="1" valign="top">Tanzania</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">2013</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">Yes</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">Yes</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">No</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">Yes</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">Yes</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">Full</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">Local</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">Yes</td>
                            </tr>
                            <tr>
                                <td align="left" colspan="1" rowspan="1" valign="top">Burundi</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">2016</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">Yes</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">No</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">No</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">No</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">No</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">Partial</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">Local</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">Planned</td>
                            </tr>
                            <tr>
                                <td align="left" colspan="1" rowspan="1" valign="top">South Sudan</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">2017 (Pilot)</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">Yes</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">No</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">No</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">No</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">No</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">Partial</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">Foreign</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">Planned</td>
                            </tr>
                            <tr>
                                <td align="left" colspan="1" rowspan="1" valign="top">DRC</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">2018 (Pilot)</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">Yes</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">No</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">No</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">Draft</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">No</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">Partial</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">Local</td>
                                <td align="left" colspan="1" rowspan="1" valign="top">Planned</td>
                            </tr>
                        </tbody>
                    </table>
                    <table-wrap-foot>
                        <p>

                            <italic toggle="yes">Notes:</italic> Biometrics&#x00a0;=&#x00a0;fingerprint, facial recognition, or iris data used in identity verification.</p>
                        <p>
Mobile ID&#x00a0;=&#x00a0;availability of digital identity services through mobile applications or mobile-based credentials.</p>
                        <p>
Financial Integration&#x00a0;=&#x00a0;linkage with banking services, SIM card registration, digital payments, and government services.</p>
                        <p>
Local Hosting&#x00a0;=&#x00a0;data stored within national data centers; Foreign Hosting&#x00a0;=&#x00a0;data stored outside the country.</p>
                        <p>
Cross-Border Interoperability refers to the ability of national digital ID systems to integrate with regional identity frameworks such as the East African Community (EAC), COMESA, or ECCAS initiatives.</p>
                        <p>

                            <italic toggle="yes">Source:</italic> Compiled by the authors from official government digital identity programs, national ICT policies, and regional digital governance reports (2025).</p>
                    </table-wrap-foot>
                </table-wrap>
            </sec>
            <sec id="sec14">
                <title>C. Ethical Considerations</title>
                <p>This study was conducted in accordance with established ethical principles for research involving human participants, including voluntary participation, confidentiality, participant autonomy, and responsible data management. The research was designed as a minimal-risk qualitative study based on expert interviews addressing digital trust, cybersecurity, and financial inclusion within the Somali context.</p>
                <p>In accordance with the institutional research guidelines applicable to the authors&#x2019; affiliated institution, formal ethical approval was not required for this study, as it involved non-sensitive expert perspectives, did not include vulnerable populations, and posed no foreseeable risk to participants. Nonetheless, the study was conducted with strict attention to ethical responsibility, ensuring the protection, dignity, and rights of all participants throughout the research process.</p>
                <p>Prior to participation, all respondents were fully informed about the objectives, scope, and academic purpose of the study, as well as the voluntary nature of their involvement. Participants were also informed that interviews would be audio-recorded solely for research and transcription purposes.</p>
                <p>Informed verbal consent was obtained from all participants before each interview. Verbal consent was selected over written consent due to the specific nature of this research, which involved discussions of institutional, policy, and governance-related issues in Somalia. Many participants held professional positions in government or affiliated institutions, and requesting signed consent documents could create hesitation or perceived professional risk when expressing their views. Such formality could also affect the openness and depth of responses, which were critical for capturing authentic expert perspectives. Given that the study did not involve personal or sensitive individual data and relied on high-level professional insights, verbal consent was considered the most appropriate approach to ensure both ethical compliance and participant trust.</p>
                <p>To ensure transparency and accountability, verbal consent was explicitly confirmed and documented at the beginning of each interview through audio recording and researchers&#x2019; field notes. Participants provided consent for participation, audio recording, and the use of anonymized data for academic research and publication.</p>
                <p>Interviews were conducted in secure and neutral settings, and no personally identifiable information was included in the analysis or reporting of findings. Audio recordings, transcripts, and field notes were securely stored and accessed only by the researchers for academic purposes. Participants were informed of their rights, including the right to decline participation, refuse to answer any question, or withdraw from the study at any time without consequence.</p>
            </sec>
            <sec id="sec15">
                <title>D. Data Analysis</title>
                <p>Audio-recorded interviews were transcribed and systematically analyzed using NVivo software through a specialized two-phase coding process. First, thematic coding was applied to extract nuanced stakeholder perspectives on the &#x201c;Three Pillars&#x201d; of digital trust: identity authentication (e-Aqoonsi/HUBIYE), proactive cybersecurity (SOMCIRT), and public trust in Sharia-compliant financial systems. Concurrently, foundational policy documents&#x2014;including the Data Protection Act (2023) and the Cybersecurity Law (2026)&#x2014;underwent structural coding to map regulatory objectives against identified implementation gaps, specifically regarding data sovereignty and rural digital literacy. Finally, the synthesis of primary interview data and secondary policy analysis was triangulated with regional comparisons from the East African Community (EAC) to yield evidence-based, context-sensitive recommendations aligned with Somalia&#x2019;s Centennial Vision 2060.</p>
            </sec>
        </sec>
        <sec id="sec16" sec-type="results|discussion">
            <title>IV. Results and Discussion</title>
            <p>Synthesizing results from stakeholder interviews and comprehensive analysis of policy documents, this section evaluates Somalia&#x2019;s digital transition through the established three-pillar framework.</p>
            <sec id="sec17">
                <title>Pillar 1: Digital Identity as a Technical Anchor</title>
                <p>National ID systems are widely regarded as essential infrastructure for secure digital transactions across the East African Community (EAC) (
                    <xref ref-type="bibr" rid="ref11">Gelb &amp; Diofasi Metz, 2018</xref>; 
                    <xref ref-type="bibr" rid="ref28">UNECA, 2019</xref>). In Somalia, the launch of e-Aqoonsi marked a significant turning point in accessibility; as noted by a Somali IT engineer in 2025, &#x201c;The e-Aqoonsi app has enabled remote communities to obtain digital IDs without traveling to cities&#x201d;. While biometric authentication and real-time verification through HUBIYE have enhanced institutional trust, stakeholder interviews indicated that public awareness of these capabilities remains notably low in rural areas.</p>
                <p>A critical regulatory milestone occurred in July 2025, when the Central Bank of Somalia mandated the use of a government-issued National ID for all banking transactions, effective September 2025,. This directive standardized identity verification across the financial sector and addressed long-standing authentication gaps. Finally, the Certificate Delivery System (CDS) streamlines the issuance of official documents, utilizing digital signatures and QR codes to reduce opportunities for corruption and exclusion (
                    <xref ref-type="bibr" rid="ref11">Gelb &amp; Diofasi Metz, 2018</xref>; 
                    <xref ref-type="bibr" rid="ref28">UNECA, 2019</xref>), (
                    <xref ref-type="bibr" rid="ref19">NIRA, 2024a</xref>). Together, these platforms establish the technical &#x201c;anchor&#x201d; necessary for expanding financial inclusion and building a resilient digital economy.</p>
            </sec>
            <sec id="sec18">
                <title>Pillar 2: ICT Policy as Legal Scaffolding</title>
                <p>The research highlights a critical shift from policy drafting to active legal enforcement, providing the &#x201c;scaffolding&#x201d; necessary to protect user rights.</p>
            </sec>
            <sec id="sec19">
                <title>The Data Protection Framework</title>
                <p>The enactment of the Data Protection Act (Law No. 005/2023) and the establishment of a functional Data Protection Authority have created a legal basis for the lawful processing of personal information. This aligns Somalia with regional standards and addresses long-standing privacy concerns by introducing enforceable measures. Emphasizing the practical application of these protections, a NIRA staff member noted: &#x201c;Consent features in the e-Aqoonsi app help build trust, but ongoing education is still needed&#x201d;.</p>
            </sec>
            <sec id="sec20">
                <title>Alignment with Vision 2060</title>
                <p>These reforms are central to Somalia&#x2019;s Centennial Vision 2060, which prioritizes digital transformation as a means of governance and citizen empowerment. By placing institutional trust at the heart of economic development, the policy framework ensures that technology serves the broader goal of national stability. A Somali regulator underscored the importance of this human-centric approach, stating: &#x201c;The success of e-Aqoonsi hinges not just on technology
                    <bold>,
</bold> but on whether citizens believe their data is safe and that the system works in their favor&#x201d;.</p>
            </sec>
            <sec id="sec21">
                <title>Regional Interoperability</title>
                <p>As shown in 
                    <xref ref-type="table" rid="T1">
Table 1</xref>, while Somalia has historically lagged behind East African Community (EAC) peers like Kenya and Rwanda, its recent legislative surge has significantly narrowed the regulatory gap,. However, challenges remain as cross-border interoperability and recognition of digital credentials currently remain in the &#x201c;planned&#x201d; phase rather than being fully active.</p>
            </sec>
            <sec id="sec22">
                <title>Pillar 3: Proactive Cybersecurity as a Guardrail</title>
                <p>The transition from a &#x201c;reactive&#x201d; to a &#x201c;proactive&#x201d; security stance is marked by the introduction of institutional safeguards designed to protect critical infrastructure. As a cybersecurity expert reported during the research: &#x201c;Without a proactive cybersecurity policy, we&#x2019;re always reacting to threats like phishing and SIM swaps&#x201d;.</p>
                <p>Legislative and Operational Launch: The Cybersecurity Law (2026) provides the legal mandate for securing information systems, while the Somalia Computer Incident Response Team (SOMCIRT) serves as the operational center for detecting and responding to national cyber threats. This shift allows Somalia to complement regional efforts within the East African Community (EAC), where countries have made significant strides in establishing CERTs and consumer protections.</p>
                <p>The Data Sovereignty Concern: A recurring theme in stakeholder interviews is the risk associated with foreign-hosted data systems, which leaves the digital ecosystem vulnerable to external data misuse. An advisor at the Ministry of Communications and Technology emphasized that: &#x201c;Ongoing efforts toward data localization, including the development of local data hosting infrastructure, are expected to strengthen national cybersecurity by reducing reliance on foreign-hosted systems and improving control over sensitive information&#x201d;. Experts emphasized that until Somalia develops local data centers, its national sovereignty remains directly impacted by this technical reliance.</p>
                <p>The findings suggest that digital trust in Somalia is not merely a byproduct of technology but is built through the alignment of these three pillars. As summarized in 
                    <xref ref-type="table" rid="T1">
Table 1</xref>, Somalia has successfully matched its EAC peers in biometric and mobile ID capabilities. However, the study concludes that the final step toward a resilient digital economy requires moving from foreign hosting to local data sovereignty and ensuring that rural citizens believe their data is safe through ongoing education. As a Somali regulator emphasized: &#x201c;The success of e-Aqoonsi hinges not just on technology, but on whether citizens believe their data is safe and that the system works in their favor&#x201d;. This trust is further reinforced by transparent &#x201c;consent features&#x201d; within platforms like e-Aqoonsi, which NIRA staff noted &#x201c;help build trust, but ongoing education is still needed&#x201d;.</p>
            </sec>
            <sec id="sec23">
                <title>Comparing EAC National ID Systems</title>
                <p>A comparative review indicates that Somalia has historically trailed its East African peers in data protection, cybersecurity regulations, and cross-border interoperability (see 
                    <xref ref-type="table" rid="T1">
Table 1</xref>). While nations such as Kenya (
                    <xref ref-type="bibr" rid="ref20">NIRA, 2024b</xref>), Uganda (
                    <xref ref-type="bibr" rid="ref23">Republic of Rwanda, 2015</xref>), (
                    <xref ref-type="bibr" rid="ref24">Republic of Uganda, 2015</xref>), Rwanda (
                    <xref ref-type="bibr" rid="ref23">Republic of Rwanda, 2015</xref>), the Democratic Republic of Congo (DRC) (
                    <xref ref-type="bibr" rid="ref30">World Bank, 2019a</xref>), (
                    <xref ref-type="bibr" rid="ref31">World Bank, 2019b</xref>), and Tanzania (
                    <xref ref-type="bibr" rid="ref27">Somalia Investment Promotion Office, 2022</xref>), (
                    <xref ref-type="bibr" rid="ref10">Gelb &amp; Clark, 2013</xref>) are actively piloting interoperable digital ID systems, Somalia&#x2019;s regulatory environment remained in a developmental drafting phase for a prolonged period.</p>
                <p>However, the enactment of the Data Protection Act (Law No. 005/2023), the establishment of a functional Data Protection Authority, and the approval of the Cybersecurity Law (2026) have significantly reinforced the legal scaffolding and security guardrails necessary for institutional trust (
                    <xref ref-type="bibr" rid="ref13">IDTechWire, 2025</xref>; 
                    <xref ref-type="bibr" rid="ref19">NIRA, 2024a</xref>, 
                    <xref ref-type="bibr" rid="ref20">2024b</xref>, 
                    <xref ref-type="bibr" rid="ref21">2024c</xref>; 
                    <xref ref-type="bibr" rid="ref25">SONNA, 2025a</xref>). This legislative progress establishes a robust foundation for personal data management, though Somalia remains the only regional actor identified as utilizing foreign data hosting rather than local infrastructure.</p>
            </sec>
            <sec id="sec24">
                <title>Implementation Gaps and Findings</title>
                <p>Despite the technical and legislative milestones achieved through the three-pillar framework, research findings identify six critical implementation gaps that hinder the full realization of digital trust in Somalia.
                    <list list-type="bullet">
                        <list-item>
                            <label>&#x25aa;</label>
                            <p>Infrastructure Inadequacy: Rural regions continue to face significant deficits in digital infrastructure, which restricts access to online identity services and limits the equitable distribution of financial tools.</p>
                        </list-item>
                        <list-item>
                            <label>&#x25aa;</label>
                            <p>Digital Literacy Deficits: Awareness regarding digital rights and the functionality of platforms like HUBIYE remains low, particularly among marginalized populations. This lack of &#x201c;digital citizenship&#x201d; creates a barrier to effective system utilization.</p>
                        </list-item>
                        <list-item>
                            <label>&#x25aa;</label>
                            <p>Biometric Enrollment Barriers: Technical challenges during the enrollment phase&#x2014;ranging from hardware malfunctions to environmental factors&#x2014;frequently affect the coverage, accuracy, and overall efficiency of the national ID database.</p>
                        </list-item>
                        <list-item>
                            <label>&#x25aa;</label>
                            <p>Regulatory Enforcement Hurdles: While the Data Protection Act (2023) and Cybersecurity Law (2026) are now in force, an implementation gap persists. Institutional coordination between the Data Protection Authority and SOMCIRT is still evolving and requires sustained investment in human capacity.</p>
                        </list-item>
                        <list-item>
                            <label>&#x25aa;</label>
                            <p>Data Sovereignty Risks: A recurring concern among stakeholders is the ongoing reliance on foreign-hosted data systems. This technical dependency raises significant national security concerns and remains a primary hurdle to achieving regional digital sovereignty.</p>
                        </list-item>
                        <list-item>
                            <label>&#x25aa;</label>
                            <p>Data Transparency Gaps: Although e-Aqoonsi registrations are increasing, comprehensive empirical data regarding its direct impact on fraud reduction and financial inclusion remains unavailable.</p>
                        </list-item>
                    </list>
                </p>
                <p>The study concludes that while Somalia shows significant promise in digital identity transformation, its overall cybersecurity readiness and legal enforcement mechanisms still lag behind its EAC neighbors. As a Somali regulator underscored, the ultimate success of these initiatives hinges not just on technology, but on whether citizens believe their data is safe. Addressing these systemic gaps is essential to move from &#x201c;digital potential&#x201d; to a resilient, integrated, and inclusive digital economy.</p>
            </sec>
        </sec>
        <sec id="sec25">
            <title>V. Conclusion and Policy Implications</title>
            <p>The findings of this study demonstrate that integrating digital identity systems with robust ICT and cybersecurity policies is both a technical and institutional imperative. Somalia&#x2019;s progress through the three-pillar framework&#x2014;specifically the deployment of e-Aqoonsi, HUBIYE, and CDS&#x2014;reflects meaningful advancement toward a secure digital ecosystem. However, the research indicates that without continued improvements in implementation capacity, digital literacy, and regional regulatory alignment, digital trust will remain limited. As a Somali regulator emphasized, the ultimate success of these initiatives hinges not just on the technology itself, but on whether &#x201c;citizens believe their data is safe and that the system works in their favor&#x201d;.</p>
            <p>The approval of the Cybersecurity Law (2026) and the establishment of SOMCIRT represent a critical milestone in transitioning the nation from a &#x201c;reactive&#x201d; to a &#x201c;proactive&#x201d; security posture. Together, these reforms provide the legal scaffolding and operational guardrails necessary for securing digital infrastructure and reinforcing public trust. Nevertheless, the long-term impact of these milestones depends on sustained investment in human capacity and institutional coordination.</p>
            <p>Based on the analysis and insights gathered from regulators, financial institutions, and civil society, the following policy recommendations are proposed:
                <list list-type="bullet">
                    <list-item>
                        <label>&#x25aa;</label>
                        <p>Accelerate Regional Harmonization: Collaborate with EAC and continental bodies to align digital ID, data protection, and cybersecurity frameworks, leveraging initiatives such as the Eastern Africa Regional Digital Integration Project (EARDIP) to ensure cross-border interoperability (
                            <xref ref-type="bibr" rid="ref8">Federal Republic of Somalia, 2017</xref>), (
                            <xref ref-type="bibr" rid="ref4">East African Community Secretariat, 2022</xref>).</p>
                    </list-item>
                    <list-item>
                        <label>&#x25aa;</label>
                        <p>Enforce National ID Mandates: Fully implement the Central Bank&#x2019;s directive to mandate National ID usage across all financial platforms&#x2014;including mobile money and fintech services&#x2014;to standardize identity verification and reduce fraud (
                            <xref ref-type="bibr" rid="ref26">Somali National News Agency [SONNA], 2025</xref>).</p>
                    </list-item>
                    <list-item>
                        <label>&#x25aa;</label>
                        <p>Operationalize Legal Frameworks: Ensure the effective enforcement of the Data Protection Act (2023) and Cybersecurity Law (2026) through the full resourcing of the Data Protection Authority and its integration with SOMCIRT&#x2019;s incident response mechanisms (
                            <xref ref-type="bibr" rid="ref2">DataGuidance, 2023</xref>), (
                            <xref ref-type="bibr" rid="ref17">National Communications Authority [NCA], 2026a</xref>), (
                            <xref ref-type="bibr" rid="ref18">National Communications Authority [NCA], 2026b</xref>).</p>
                    </list-item>
                    <list-item>
                        <label>&#x25aa;</label>
                        <p>Prioritize Rural Digital Literacy: Expand targeted literacy programs in underserved communities to bridge the &#x201c;awareness gap&#x201d; identified by stakeholders, ensuring that marginalized populations understand the consent features and protections available to them (
                            <xref ref-type="bibr" rid="ref16">National Communications Authority, 2025</xref>).</p>
                    </list-item>
                    <list-item>
                        <label>&#x25aa;</label>
                        <p>Achieve Data Sovereignty: Invest in local data centers to transition from foreign-hosted systems to local hosting. This is a prerequisite for strengthening national cybersecurity and mitigating risks associated with external data misuse (
                            <xref ref-type="bibr" rid="ref6">Federal Government of Somalia, 2020</xref>).</p>
                    </list-item>
                    <list-item>
                        <label>&#x25aa;</label>
                        <p>Strengthen Evidence-Based Policymaking: Establish monitoring and evaluation mechanisms for digital ID usage and public trust indicators. This should include tracking the impact of biometric enrollment on financial inclusion for rural women and other marginalized groups (
                            <xref ref-type="bibr" rid="ref16">National Communications Authority, 2025</xref>), (
                            <xref ref-type="bibr" rid="ref24">Republic of Uganda, 2015</xref>), (
                            <xref ref-type="bibr" rid="ref7">Federal Government of Somalia, 2023</xref>).</p>
                    </list-item>
                </list>
            </p>
            <p>Ultimately, Somalia&#x2019;s experience demonstrates that digital trust is built not only through technological innovation, but through the alignment of legal, institutional, and operational frameworks that place the citizen at the center of the digital transformation.</p>
        </sec>
        <sec id="sec26">
            <title>Ethics Approval Statement</title>
            <p>According to the institutional research guidelines of Somali National University, formal Institutional Review Board (IRB) approval was not required for this minimal-risk qualitative study involving voluntary expert interviews and non-sensitive professional perspectives. The study was conducted in accordance with internationally accepted ethical principles for research involving human participants, including voluntary participation, confidentiality, participant autonomy, and responsible data management.</p>
        </sec>
        <sec id="sec27">
            <title>Informed Consent Statement</title>
            <p>Informed verbal consent was obtained from all participants prior to the interviews and audio recordings. Verbal consent was adopted due to contextual and professional considerations associated with discussions on institutional, policy, and governance-related issues within the Somali context, where written consent could affect participants&#x2019; openness and willingness to share professional perspectives. Consent was documented through audio-recorded confirmation and researchers&#x2019; field notes. No minors or vulnerable populations were involved in the study.</p>
        </sec>
    </body>
    <back>
        <sec id="sec30" sec-type="data-availability">
            <title>Data Availability</title>
            <p>The data supporting the findings of this study are not publicly available due to confidentiality and participant privacy considerations. However, anonymized interview data may be made available by the corresponding author upon reasonable request for academic and research purposes. Requests for access to the data may be directed to:</p>
            <p>Dr. Mohamed Adam Isak, Email: 
                <email xlink:href="mailto:Mohamed.Isak@snu.edu.so">Mohamed.Isak@snu.edu.so</email>
            </p>
            <p>Access to the data is subject to ethical considerations and approval by the corresponding author to ensure participant confidentiality is maintained.</p>
        </sec>
        <ref-list>
            <title>References</title>
            <ref id="ref1">
                <mixed-citation publication-type="other">
                    <collab>Centre for Internet and Society</collab>:
                    <article-title>Data protection Africa: Policy tracker.</article-title>
                    <year>2023</year>.
                    <ext-link ext-link-type="uri" xlink:href="https://dataprotection.africa">Reference Source</ext-link>
                </mixed-citation>
            </ref>
            <ref id="ref2">
                <mixed-citation publication-type="other">
                    <collab>DataGuidance</collab>:
                    <article-title>Somalia data protection act (Law No. 005/2023).</article-title>
                    <year>2023</year>.
                    <ext-link ext-link-type="uri" xlink:href="https://www.dataguidance.com/sites/default/files/somalia_data_protection_act-2.pdf">Reference Source</ext-link>
                </mixed-citation>
            </ref>
            <ref id="ref3">
                <mixed-citation publication-type="othet">
                    <collab>East African Community Secretariat</collab>:
                    <source>

                        <italic toggle="yes">EAC regional payment and settlement systems integration: Master plan 2021&#x2013;2031.</italic>
</source>
                    <publisher-loc>Arusha, Tanzania</publisher-loc>:<year>2021</year>.</mixed-citation>
            </ref>
            <ref id="ref4">
                <mixed-citation publication-type="other">
                    <collab>East African Community Secretariat</collab>:
                    <source>

                        <italic toggle="yes">Treaty for the establishment of the East African Community (Revised edition).</italic>
</source>
                    <publisher-loc>Arusha, Tanzania</publisher-loc>:<year>2022</year>.</mixed-citation>
            </ref>
            <ref id="ref5">
                <mixed-citation publication-type="other">
                    <collab>East African Community Secretariat</collab>:
                    <article-title>East African Community central banks urged to adapt and embrace technology to facilitate cross-border financial transactions.</article-title>
                    <year>2024, July 23</year>.
                    <ext-link ext-link-type="uri" xlink:href="https://www.eac.int/press-releases/3169-east-african-community-central-banks-urged-to-adapt-and-embrace-technology-to-facilitate-cross-border-financial-transactions">Reference Source</ext-link>
                </mixed-citation>
            </ref>
            <ref id="ref6">
                <mixed-citation publication-type="other">
                    <collab>Federal Government of Somalia, Ministry of Finance</collab>:
                    <source>

                        <italic toggle="yes">Somalia national cybersecurity assessment report 2019&#x2013;2020.</italic>
</source>
                    <publisher-loc>Mogadishu, Somalia</publisher-loc>:<year>2020</year>.</mixed-citation>
            </ref>
            <ref id="ref7">
                <mixed-citation publication-type="other">
                    <collab>Federal Government of Somalia, Ministry of Finance</collab>:
                    <source>

                        <italic toggle="yes">Terms of reference for national CERT establishment plan.</italic>
</source>
                    <publisher-loc>Mogadishu, Somalia</publisher-loc>:<year>2023</year>.</mixed-citation>
            </ref>
            <ref id="ref8">
                <mixed-citation publication-type="other">
                    <collab>Federal Republic of Somalia</collab>:
                    <source>

                        <italic toggle="yes">National communications law.</italic>
</source>
                    <publisher-loc>Mogadishu, Somalia</publisher-loc>:<year>2017</year>.</mixed-citation>
            </ref>
            <ref id="ref9">
                <mixed-citation publication-type="other">
                    <collab>Federal Republic of Somalia, Ministry of Post, Telecommunications and Technology</collab>:
                    <source>

                        <italic toggle="yes">National ICT policy &amp; strategy 2019&#x2013;2024.</italic>
</source>
                    <publisher-loc>Mogadishu, Somalia</publisher-loc>:<year>2019</year>.</mixed-citation>
            </ref>
            <ref id="ref10">
                <mixed-citation publication-type="book">
                    <person-group person-group-type="author">

                        <name name-style="western">
                            <surname>Gelb</surname>
                            <given-names>A</given-names>
                        </name>

                        <name name-style="western">
                            <surname>Clark</surname>
                            <given-names>J</given-names>
                        </name>
</person-group>:
                    <source>

                        <italic toggle="yes">Identification for development: The biometrics revolution (Working Paper 315).</italic>
</source>
                    <publisher-name>Center for Global Development</publisher-name>;<year>2013</year>.</mixed-citation>
            </ref>
            <ref id="ref11">
                <mixed-citation publication-type="book">
                    <person-group person-group-type="author">

                        <name name-style="western">
                            <surname>Gelb</surname>
                            <given-names>A</given-names>
                        </name>

                        <name name-style="western">
                            <surname>Diofasi Metz</surname>
                            <given-names>M</given-names>
                        </name>
</person-group>:
                    <source>

                        <italic toggle="yes">Identification revolution: Can digital ID be harnessed for development?.</italic>
</source>
                    <publisher-name>Center for Global Development</publisher-name>;<year>2018</year>.</mixed-citation>
            </ref>
            <ref id="ref12">
                <mixed-citation publication-type="other">
                    <collab>Google</collab>:
                    <article-title>Gemini [Large language model].</article-title>
                    <year>2025</year>.
                    <ext-link ext-link-type="uri" xlink:href="https://gemini.google.com/">Reference Source</ext-link>
                </mixed-citation>
            </ref>
            <ref id="ref13">
                <mixed-citation publication-type="other">
                    <collab>IDTechWire</collab>:
                    <article-title>Somalia&#x2019;s digital leap: e-Aqoonsi, HUBIYE and CDS lead identity transformation.</article-title>
                    <year>2025, May</year>.
                    <ext-link ext-link-type="uri" xlink:href="https://idtechwire.com">Reference Source</ext-link>
                </mixed-citation>
            </ref>
            <ref id="ref14">
                <mixed-citation publication-type="journal">
                    <person-group person-group-type="author">

                        <name name-style="western">
                            <surname>Jack</surname>
                            <given-names>W</given-names>
                        </name>

                        <name name-style="western">
                            <surname>Suri</surname>
                            <given-names>T</given-names>
                        </name>
</person-group>:
                    <article-title>Risk sharing and transaction costs: Evidence from Kenya&#x2019;s mobile money revolution.</article-title>
                    <source>

                        <italic toggle="yes">Am. Econ. Rev.</italic>
</source>
                    <year>2014</year>;<volume>104</volume>(<issue>1</issue>):<fpage>183</fpage>&#x2013;<lpage>223</lpage>.
                    <pub-id pub-id-type="doi">10.1257/aer.104.1.183</pub-id>
                </mixed-citation>
            </ref>
            <ref id="ref15">
                <mixed-citation publication-type="other">
                    <collab>Ministry of Interior, Federal Affairs and Reconciliation (MoIFAR)</collab>:
                    <source>

                        <italic toggle="yes">Digital civil registry and certificate delivery system: Technical manual.</italic>
</source>
                    <publisher-loc>Mogadishu, Somalia</publisher-loc>:<year>2023</year>.</mixed-citation>
            </ref>
            <ref id="ref16">
                <mixed-citation publication-type="other">
                    <collab>National Communications Authority</collab>:
                    <source>

                        <italic toggle="yes">ICT regulatory transformational strategy 2023&#x2013;2027.</italic>
</source>
                    <publisher-loc>Mogadishu, Somalia</publisher-loc>:<year>2025</year>.</mixed-citation>
            </ref>
            <ref id="ref17">
                <mixed-citation publication-type="other">
                    <collab>National Communications Authority (NCA)</collab>:
                    <article-title>Somalia&#x2019;s parliament approves the cybersecurity law.</article-title>
                    <year>2026a, January 26</year>.
                    <ext-link ext-link-type="uri" xlink:href="https://nca.gov.so/somalias-parliament-approves-the-cybersecurity-law/">Reference Source</ext-link>
                </mixed-citation>
            </ref>
            <ref id="ref18">
                <mixed-citation publication-type="other">
                    <collab>National Communications Authority (NCA)</collab>:
                    <article-title>Somalia launches national cyber incident response center (SOMCIRT).</article-title>
                    <year>2026b, March 7</year>.
                    <ext-link ext-link-type="uri" xlink:href="https://nca.gov.so/somalia-launches-national-cyber-incident-response-center-somcirt/">Reference Source</ext-link>
                </mixed-citation>
            </ref>
            <ref id="ref19">
                <mixed-citation publication-type="other">
                    <collab>National Identification and Registration Authority (NIRA)</collab>:
                    <source>

                        <italic toggle="yes">e-Aqoonsi mobile app user guide.</italic>
</source>
                    <publisher-loc>Mogadishu, Somalia</publisher-loc>:<year>2024a</year>.
                    <ext-link ext-link-type="uri" xlink:href="https://nira.gov.so/eaqoonsi">Reference Source</ext-link>
                </mixed-citation>
            </ref>
            <ref id="ref20">
                <mixed-citation publication-type="other">
                    <collab>National Identification and Registration Authority (NIRA)</collab>:
                    <source>

                        <italic toggle="yes">HUBIYE: Real-time digital ID verification system.</italic>
</source>
                    <publisher-loc>Mogadishu, Somalia</publisher-loc>:<year>2024b</year>.
                    <ext-link ext-link-type="uri" xlink:href="https://nira.gov.so/hubiye">Reference Source</ext-link>
                </mixed-citation>
            </ref>
            <ref id="ref21">
                <mixed-citation publication-type="other">
                    <collab>National Identification and Registration Authority (NIRA)</collab>:
                    <source>

                        <italic toggle="yes">CDS platform overview.</italic>
</source>
                    <publisher-loc>Mogadishu, Somalia</publisher-loc>:<year>2024c</year>.
                    <ext-link ext-link-type="uri" xlink:href="https://nira.gov.so/cds">Reference Source</ext-link>
                </mixed-citation>
            </ref>
            <ref id="ref22">
                <mixed-citation publication-type="book">
                    <collab>OECD</collab>:
                    <source>

                        <italic toggle="yes">Digital security risk management for economic and social prosperity.</italic>
</source>
                    <publisher-name>OECD Publishing</publisher-name>;<year>2020</year>.</mixed-citation>
            </ref>
            <ref id="ref23">
                <mixed-citation publication-type="other">
                    <collab>Republic of Rwanda</collab>:
                    <source>

                        <italic toggle="yes">IREMBO digital platform overview.</italic>
</source>
                    <publisher-loc>Kigali, Rwanda</publisher-loc>:<year>2015</year>.</mixed-citation>
            </ref>
            <ref id="ref24">
                <mixed-citation publication-type="other">
                    <collab>Republic of Uganda</collab>:
                    <source>

                        <italic toggle="yes">National identification and registration authority (NIRA) annual report.</italic>
</source>
                    <publisher-loc>Kampala, Uganda</publisher-loc>:<year>2015</year>.</mixed-citation>
            </ref>
            <ref id="ref25">
                <mixed-citation publication-type="other">
                    <collab>Somali National News Agency (SONNA)</collab>:
                    <article-title>Somalia launches three key digital ID systems to enhance national identity infrastructure.</article-title>
                    <year>2025a, May</year>.
                    <ext-link ext-link-type="uri" xlink:href="https://sonna.so/en/somalia-launches-three-key-digital-id-systems-to-enhance-national-identity-infrastructure/">Reference Source</ext-link>
                </mixed-citation>
            </ref>
            <ref id="ref26">
                <mixed-citation publication-type="other">
                    <collab>Somali National News Agency (SONNA)</collab>:
                    <article-title>National ID enforcement in Somalia: A strategic tool for the financial disruption of terrorist funds.</article-title>
                    <year>2025b July 29</year>.</mixed-citation>
            </ref>
            <ref id="ref27">
                <mixed-citation publication-type="other">
                    <collab>Somalia Investment Promotion Office</collab>:
                    <source>

                        <italic toggle="yes">ICT sector investment study.</italic>
</source>
                    <publisher-loc>Mogadishu, Somalia</publisher-loc>:<year>2022</year>.</mixed-citation>
            </ref>
            <ref id="ref28">
                <mixed-citation publication-type="other">
                    <collab>United Nations Economic Commission for Africa (UNECA)</collab>:
                    <article-title>Digital ID and the data revolution: Opportunities and challenges for Africa.</article-title>
                    <year>2019</year>.</mixed-citation>
            </ref>
            <ref id="ref29">
                <mixed-citation publication-type="other">
                    <collab>Vodafone Group</collab>:
                    <article-title>M-PESA: Africa&#x2019;s leading mobile money service.</article-title>
                    <year>2025</year>.
                    <ext-link ext-link-type="uri" xlink:href="https://www.vodafone.com">Reference Source</ext-link>
                </mixed-citation>
            </ref>
            <ref id="ref30">
                <mixed-citation publication-type="other">
                    <collab>World Bank</collab>:
                    <article-title>Democratic Republic of Congo &#x2013; Identification for Development (ID4D) project (P167743).</article-title>
                    <year>2019a</year>.
                    <ext-link ext-link-type="uri" xlink:href="https://projects.worldbank.org/en/projects-operations/project-detail/P167743">Reference Source</ext-link>
                </mixed-citation>
            </ref>
            <ref id="ref31">
                <mixed-citation publication-type="other">
                    <collab>World Bank</collab>:
                    <article-title>Inclusive and trusted digital ID can unlock opportunities.</article-title>
                    <year>2019b, August</year>.
                    <ext-link ext-link-type="uri" xlink:href="https://www.worldbank.org/en/news/immersive-story/2019/08/14/inclusive-and-trusted-digital-id-can-unlock-opportunities">Reference Source</ext-link>
                </mixed-citation>
            </ref>
            <ref id="ref32">
                <mixed-citation publication-type="other">
                    <collab>World Bank</collab>:
                    <source>

                        <italic toggle="yes">Somalia digital economy diagnostic report.</italic>
</source>
                    <publisher-loc>Washington, DC</publisher-loc>:<year>2022</year>.
                    <pub-id pub-id-type="doi">10.1596/37786</pub-id>
                </mixed-citation>
            </ref>
            <ref id="ref33">
                <mixed-citation publication-type="other">
                    <collab>World Bank</collab>:
                    <article-title>Identification for Development (ID4D) global dataset.</article-title>
                    <year>2023</year>.
                    <ext-link ext-link-type="uri" xlink:href="https://id4d.worldbank.org/global-dataset">Reference Source</ext-link>
                </mixed-citation>
            </ref>
            <ref id="ref34">
                <mixed-citation publication-type="other">
                    <collab>World Bank</collab>:
                    <source>

                        <italic toggle="yes">Eastern Africa Regional Digital Integration Project (EARDIP): Project appraisal document.</italic>
</source>
                    <publisher-loc>Washington, DC</publisher-loc>:<year>2025</year>.</mixed-citation>
            </ref>
        </ref-list>
    </back>
</article>
