To Certify or Not, NITA-U in the Dock

She broadcast the message onto one of Uganda’s largest online platforms for IT professionals, the I-Network Uganda and it read:

Please find link to read and know about Regulations that support the Certification process. These Regulations include: the National Information Technology Authority, Uganda (Authentication of Information Technology Training) Regulations 2016 and the National Information Technology Authority, Uganda (Certification of Providers of Information Technology Products and Services) Regulations, 2016.”

Within minutes, responses to the thread were flowing in. One of those that briefly summarised the general mood went as follows;

They do not account for experience.

They do not account for online courses.

They do not account for interning/mentoring.

They do not account for self taught prodigies and IT savants (PC whisperers).”

What are these regulations all about? The National Information Technology Authority – Uganda has come up with regulations that it wants passed in order to regulate the ICT industry. These regulations affect Individual and Corporate service/product providers as well as Training institutions. Information Technology is one of those industries that has largely grown organically with very minimal regulation.

On a fora dominated by more youthful ICT practitioners, comments were as follows;

Eh! Above requirements in document are going to bite all experienced players in contrast to those who have proffessional qualifications.

It might also spur employment of jobless professionals by the experienced players. Either way, I am emigrating.”

Shouldn’t the SMEs and startups put on evil smiles? All those ‘experienced’ chaps getting kicked out are theirs for the taking”

An unregulated market is how everyone loses out : Profit flight, Uganda being a supermarket for everyone to come and sale, Low levels of skill, Low tax bases, Those kinds of things

On I-Network, a forum dominated by middle aged first and second generation ICT practitioners, the discourse was dominated by such responses below;

I perused through the document and I kept desiring to throw up my breakfast. I request clarification on the documents shared above. Are they specific to individuals and organisations that intend to work with government or do they include people relating with private businesses. The documents seem to only aim to make the Authority relevant and to also increase its revenues through an unnecessary six month certification (taxation).

We appreciate the initiative by NITA-U to protect customers’ interests but I think rather than making it mandatory and making it criminal if you are not certified by NITA. An even more prudent approach is make it optional and spend all the resources educating customers on how to look out for a “suitable” IT solutions supplier. This is achievable and requires less resources to implement.

There is a reason that training is done . You have been doing the work but you don’t have the qualifications to do the work. ‎As a regulator there should be precedence as to what qualifies someone to do/offer a service. We can’t continue to run on try and error because it has worked in the past. If you haven’t studied the subject what principles do you use to do the work

Very interesting debate and dialogue going on here. I am still struggling with the ‘spirit’ of these regulations? How will these regulations enhance competence that is so lacking? So if my University is certified as a service provider and continues to churn the products it is delivering what is the value of this certification?

Let’s look at this as trying to streamline and provide some customer protection. It’s not a surprise that most people that don’t support this are service providers. May be tell us what you are trying to run away from.”

These regulations can form the start of the MRA’s (Mutual Recognition Agreements) for the ICT sector in Uganda. I hear the issue of the professionals with no formal education. What is needed is to work with NITA and have this category amended. Because as we stand today those people would not be able to get a work permit anywhere outside Uganda. Our ability to cover them in the proposed regulations would create a starting point for this category.”

I took time to read through the proposed regulations and from those targeting Service Providers and noted the following:

Part II 3(a) A person shall not provide information technology products or services unless that person is certified in accordance with the Act and these Regulations.

I believe this is a good provision. We are always complaining of poor service provision in our industry and being undercut by people who hardly have a clue about what to deliver. It is not strange finding a Fish Processing firm winning tenders in ICT only to later subcontract the work to a little known firm with the skills but then again pay them measly sums.

There are individuals who have specialised in these brokerage services and always win tenders due to their underhand methods of operation. Fifteen years ago, the Electoral Commission was involved in phoney dealings with a self styled Computer Expert, a one Frank Katusiime that saw the organisation spend over 3 Million dollars on ICT related consultancies that saw some consultants bag US$ 2000 per day. Do we want to maintain the status-quo?

We have lots of youths who have various ICT qualifications but are lacking work to do. This is an opportunity for them to team with the money bags to either run businesses together or work for them in order to ensure that their operations are compliant.

The only amendment I would propose to this regulation is that it should be paraphrased as;A person shall not commercially provide information technology products or services unless that person is certified in accordance with the Act and these Regulations.” This will give a breather to my 15 year old son who is already interning in my business operations learning how to fix computers and software.

Part III 7. (2)Without limiting the general effect of subregulation (1), a person intending to provide information technology products or services shall-

(a) in the case of a legal person, be registered in accordance with the law;

(b) abide by the standards for the provision of information technology products or services;
(c) demonstrate financial viability, where necessary;
(d) put in place and maintain a sound quality management system;

(e) have in place policies and procedures to govern the provision of information technology products or services;
(f) where applicable, employ competent and qualified staff to provide information technology products or services;

(g) provide appropriate infrastructure and equipment required to provide information technology products or services.

This regulation serves the purpose of facilitating the industry to address;

a) Fly by night business operators who have no interest whatsoever to observe the laws of the land hence operating but in an unregistered manner thereby defrauding the state of money through tax dues.

b) Unprofessional service providers that have no intention whatsoever to offer services in accordance with generally accepted standards.

c) Reduction of the prevalence of those service providers who are merely brokers. They specialise in clinching the deal and then pass it on to other financially capable players whose service provision may be questionable.

d&e) Unprofessional market players since having a professional setup in place is conducive when it comes to effective customer care.

f) The rampant joblessness of our youths many of whom have high qualifications.

Part III 8. (4)For the avoidance of doubt, the Authority shall assess every application to ascertain that the application-
(a) complies with applicable administrative, legal and technical
requirements issued by the Authority from time to time;
(b) demonstrates experience in the provision of information technology products or services;
(c) complies with applicable standards relating to the provision of
information technology products or services.

I foresee this netting those Fish Processing businesses that pose as ICT vendors. They have to pass all the hurdles indicated here. This provision while kind of scary for the small business or start-up, it should be looked at as a necessity. The small businesses in ICT have an opportunity to up their game, conform and then have a field day.

Part III 9. Grant or refusal of certification

(1)The Authority shall within forty five days after the receipt of an application grant or refuse certification.


(4)Where the Authority rejects or refuses an application for certification, the Authority shall give reasons and the registrar shall notify the applicant of the rejection or refusal within thirty days after the decision.

The commitment to a speedy handling of applications is a good sign since it shall not keep practitioners second guessing their status for mote than two months. If this is implemented as is, then few will complain of the process. However, after interacting with some NITA-U officials, I learnt that their goal is to set up an online engine that shall enable all applicants engage in the registration process without having to leave their offices. The engine shall have ensure full transparency of the process as the applicant will have frequent feedback on the status of the application. This addresses the fears expressed by some of having to make visits to the NITA-U offices from up-country.

Part III 11. Suspension or revocation of a certificate

(1)The Authority may suspend or revoke the certification to provide information technology products or services where the Authority is satisfied that–

(a) the person is operating in contravention of the Act or these Regulations;

(b) the capacity of the person to provide information technology products or services has diminished in a manner that affects the certification.

The beauty of this regulation is that it will be a continuous check for quality service provision as well as ethical behaviour. If customers are empowered to report unscrupulous registered albeit bogey providers, using this regulation could render them redundant.

Part IV 18. Products not in conformity with standards

Where the Authority refuses an application because the information technology products do not conform to approved standards for information technology products, the Authority shall take appropriate action including seizing and destroying the products at the cost of the applicant.

Scary as it may seem, this one serves to deter especially those that are into importation of fake products expecting to dupe our gullible consumers. The act of destroying all the stock is to ensure that it is not offloaded onto the black market.

I do hope that this regulation can be amended to exclude local innovators’ products that are testing the market. My proposal is to paraphrase it as; Where the Authority refuses an application because the information technology products do not conform to approved standards for information technology products, the Authority shall take appropriate action including seizing and destroying the products at the cost of the applicant. This shall however, not apply to local innovations that are a Work In Progress.

Part V 20. Persons providing information technology products and service prior to coming into force of these Regulations

(1) A person providing information technology products or services immediately before the coming into force of these Regulations shall apply for certification in accordance with the Act and these Regulations.

(2) The application under subregulation (1) shall be made within 90 working days after the coming into force of these Regulations.

Current players have been given upto three months to apply and that too is a fair deal since they definitely need some time to compile their paperwork as well as beef up their teams if compliance necessitates so.

Application Form

This deserves separate attention as it has generated a lot of debate and created fear among those practitioners who have no formal qualifications to justify them as ICT professionals.

Part 5 reads as:


(c) Indicate the qualifications in information technology of the staff as follows —

(i) Ph. D. holders

(ii) Masters

(ii) Bachelors

(iv) Diploma

(v) Certificate

(vi) Other Professional Certification

There are many competent ICT practitioners that are self taught and lack formal qualifications. I was one of those for a long time till I begun raking up various professional certifications with the aim of proving to those considering to engage me that I knew what I was doing. However, many have not toed my line and are not about to. They now are faced with the possibility of being stripped of a lifeline.

After my investigations with the NITA-U officials again, I realised that they have already catered for this group only that they could have erred by not indicating it in the application form. They plan to use the Skills Framework for the Information Age (SFIA).

SFIA offers a skills based description approach to Information and Technology roles being handled by professionals. It gives individuals and organisations a common language to define skill, abilities and expertise in a consistent way. As opposed to the theoretical curriculums that many institutions are bound to give you which are then based upon to judge your level, SFIA looks at what you can do and through a well defined process, you get rated.

The output of the SFIA analysis is categorised in seven levels:

  1. FollowWorks under supervision; Has minimal influence; Performs routine activities; Uses basic information systems.
  2. AssistWorks under routine direction; Interacts with many and may influence immediate colleagues; Performs a range of varied work; Demonstrates a rational and organised approach to work.
  3. ApplyWorks under general direction; Interacts with and influences department / project team members; Performs a broad range of complex and non routine work; Demonstrates an analytical and systematic approach to problem solving.
  4. EnableWorks under general direction within a clear framework of accountability; Influences team and specialist peers internally; Performs a broad range of complex technical or professional work activities; Demonstrates an analytical and systematic approach to problem solving.
  5. Ensure, Advise Works under broad direction and tasks are usually self initiated; Influences organisation, peers, customers, suppliers and partners in areas of own speciality; Performs an extensive range and variety of complex technical and/or professional work activities; Advises on available standards, methods, tools and applications relevant to own speciality.
  6. Initiate, Influence Has defined authority and responsibility for a significant area of work including technical, financial and quality aspects; Influences policy formation on the contribution of own speciality to business objectives; Performs highly complex work activities covering technical, financial and quality aspects; Absorbs complex technical information and communicates effectively at all levels to both technical and non technical audiences.
  7. Set Strategy, Inspire, MobiliseHas authority and responsibility for all aspects of a significant area of work, including policy formation and application; Makes decisions critical to organisational success and influences developments within the IT industry at the highest levels; Leads on the formulation and implementation of strategy; Has a full range of strategic management and leadership skills. Understands, explains and presents complex technical ideas to both technical and non-technical audiences at all levels up to the highest in a persuasive and convincing manner.

For those who thought you were affected, do you now realise that using the SFIA approach you can still get high ratings for your experience based skill-sets? You can learn more from the SFIA 5 Framework Reference.

The Ugandan ICT industry in my view needs some form of regulation if it’s to nurture players with serious potential as opposed to the fly by night deal makers that currently typify it. With lots of innovative individuals as well as local businesses attempting to break in, the spirit of this move by NITA-U is aimed at not only protecting the consumer but in the process giving genuine players an opportunity to blossom.


2 responses to “To Certify or Not, NITA-U in the Dock

  1. Pingback: Hon. Minister Sir, This is what I wanted to say | The Wire Perspective

  2. This sounds good but I think that in practice, it’ll tremendously slow down the industry. It is asking a bit much for someone to wait 45 days for approval of a commercial android application which Google Play will accept in minutes. For applications that are supposed to compete with some global players without similar incumberances, it is a huge blow.

    It is a good initiative that should be optional; consumers can be educated on the benefits of using only ‘NITA certified’ products and suppliers – and using everything else ‘at their own risk’.

    This will meet the goal of protecting consumers (which I believe was the spirit of the regulation) without muzzling our competitiveness, especially globally


Please Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.