A Few Things You Should Know about Kenya’s Cyber Policy Landscape

The term policy very likely puts off a lot of folks. It probably evokes images of old men in suits and spectacles droning on about something or other. I, on the other hand, am fascinated by (public) policy. The most basic definition of policy is “a course or principle of action adopted or proposed by a government, party, business, or individual.” Policies help in shaping laws and regulations that govern various actors in a jurisdiction.

In an increasingly interconnected world, there is an emerging realm of cyber policy that is exciting as it is challenging. Safety, security, privacy, autonomy, freedom of expression are some of the aspects that now need to be rethought in the context of the cyber space. If you currently conduct any activity online, it definitely matters how the space is regulated, and what plans are in place to uphold your fundamental rights, as well as technological innovations that you leverage for work or leisure.

So what is the government of Kenya envisioning as protections and measures to underpin fundamental rights and freedoms online for its citizens? Which actors are involved? What laws are in place, and which ones are needed?

Equally, which non-state actors are in the forefront of these deliberations? Who is articulating citizens’ concerns in shaping our cyber policies?

A few things you should know:

i)  laws, regulations and policies pertaining to cybersecurity in Kenya largely approach it from the perspective of curbing cybercrime, and to a much lesser extent safeguarding the rights of citizens as they translate to an increasingly interconnected and inescapable digital realm.

Some of the laws in place include the Kenya Information Communications Act (KICA), Chapter 411A and the the Computer and Cybercrimes Bill (2016).

ii)  there exists a Computer Incident Response Team Coordination Centre (KE-CIRT/CC), whose role is to facilitate coordination and collaboration in response to cybersecurity incidents. This is to whom you can report a vulnerability or cyber-related incident that harms you or others.

iii) Our constitution, in Article 31, guarantees the right to privacy, including the right to not have information relating to one’s family or private affairs unnecessarily revealed, and to not have the privacy of one’s communications infringed.


a crucial piece of legislation to enforce is yet to be adopted. The Data Protection Bill, 2013 was formulated to give effect to this constitutional provision. It articulates requirements for electronic personal information collection, storage, protection/security, access, disclosure, and misuse.

iv)  Cyber policy needs thinkers, lawyers, geeks…(trying very hard not to use the hackneyed term ‘capacity’, but there you have it). Unchartered territories, where issues like sovereignty, Internet jurisdiction, protection of freedoms online and offline, national security all make for very interesting questions with no easy answers. Kenya is a lighthouse country in the region, and her people are sharp thinkers and doers who should explore this space a bit more!

For other insights, check out the report here.

Alternatively, you can listen to this podcast summary of the report.

This report was commissioned by Global Partners Digital, in a series designed to help civil society actors navigate the cyber policy landscape in four countries: Chile, India, Indonesia, and Kenya. It was co-authored by Tyrus Kamau and Juliet Maina

By Nanjira

Perched at the intersection of tech & governance, media, culture.