The Bank of Tanzania (BoT) has published the draft Cloud Computing Guidelines for Financial Service Providers, 2025, inviting final comments from bankers. The consultation window closes on December 31, 2025.
The main debate centers on two perspectives: bankers’ interest in leveraging technological developments, particularly affordability and efficiency, and the central bank’s priority of safeguarding the country’s critical financial infrastructure.
In the early consultation matrix prior to the release of the draft guideline, one of the most contentious issues is the definition of mission-critical systems.
“The definition of mission-critical systems is very wide, covering the majority of banking systems. Some of these systems would perform better on the cloud compared to on-premises computing,” stakeholders commented.
While stakeholders proposed reclassifying certain systems to allow cloud adoption, the BoT stood firm, stating:
“The definition of a mission-critical system is comprehensive and well-articulated. It aligns with similar definitions adopted by other SADC member states as well as India and Mauritius.”
The draft guidelines prohibit hosting mission-critical systems on cloud infrastructure located outside Tanzania. A mission-critical system is defined as one essential to the survival of a financial service provider.
Another area of contention is the requirement that non-mission-critical systems, which may be hosted either domestically or abroad, still require prior BoT approval.
Stakeholders argued that a simple notification should suffice, warning that delays in the approval process could prevent financial service providers from realizing the timely benefits of cloud computing. The BoT responded that approvals are necessary to assess associated risks.
The guidelines also address pre-existing systems. Financial institutions already using cloud services before the guidelines take effect must apply for written approval from the BoT within 12 months of commencement.
Additionally, all cloud computing arrangements must be formalized through a written contract, subject to BoT approval before implementation. This provision has raised concerns among international banks operating in Tanzania:
“For international financial service providers, it is more efficient for such contracts to be managed at group level rather than country level, in order to realize benefits such as economies of scale,” stakeholders noted.
The BoT, however, insists on country-specific agreements: “For services contracted at group level, financial service providers are still required to maintain separate agreements that comply with these guidelines.”
The guidelines outline several enforcement mechanisms, including civil monetary penalties, restrictions on cloud usage, suspension of access to BoT credit facilities, suspension of lending and investment operations, limits on capital expenditure, and sanctions against individual officials.
The debate comes amid a global shift toward cloud computing and AI-driven services, with many companies relying on global technology giants that heavily invest in research and data centers.
At the same time, rising geopolitical tensions have heightened concerns about national sovereignty. Governments worldwide are pushing for domestic innovation, strengthening alliances with ideologically aligned nations, and restricting foreign technologies, sometimes at their own economic cost.
In Tanzania, the largest data center is government-owned and developed by Huawei; there are also several privately operated data centers in the country.
