Fresh amendments to Kenya’s cybercrime laws have handed the government sweeping powers to block websites and digital platforms it considers harmful, fuelling fresh unease over state control and the shrinking space for free expression.
The Computer Misuse and Cybercrime (Amendment) Act, 2024, signed into law by President William Ruto on 15 October, grants the National Computer and Cybercrimes Coordination Committee the authority to direct internet service providers to block access to sites or apps promoting pornography, terrorism, or what it vaguely defines as “extreme religious and cultic practices.”
The committee, largely composed of security operatives, can issue such orders without seeking court approval or undergoing any public scrutiny.
Aside from broad censorship powers, the new law expands the definition of cyber harassment to include any act “likely to cause” another person to commit suicide. Yet, the phrase remains undefined, opening the door to subjective interpretations that could easily be wielded against dissenting voices online.
During last year’s Gen-Z protests against the Finance Bill 2024, social media became a powerful platform for public outrage. Politicians who backed the bill complained of online insults and harassment, leading some to call for laws that criminalise verbal attacks against them.
Tightening the Noose on Digital Freedoms
Earlier this year, human rights watchdog Article 19 urged lawmakers to reject the proposed amendments, arguing that they undermine global human rights standards and jeopardise freedom of speech. The organisation warned that the law’s vague wording and unchecked powers could be used to muzzle critics under the pretext of fighting extremism or protecting public morality.
Without clear safeguards, Article 19 cautioned, the law risks criminalising ordinary online discussions, discouraging digital activism, and tarnishing Kenya’s reputation as one of Africa’s most progressive digital democracies.
The amendments also broaden the definition of phishing to cover fraudulent phone calls and introduce new penalties for unauthorised SIM swaps, a fast-rising form of identity theft where scammers trick mobile carriers into transferring a victim’s number to a SIM card they control. This allows criminals to intercept calls and texts, including one-time banking passwords, enabling access to sensitive data and accounts.
Government officials, however, have defended the changes as a necessary modernisation of the outdated 2018 Act, saying the move strengthens cybersecurity, curbs online fraud, and counters extremist propaganda. They insist the law targets cybercriminals, not government critics.
What Lies Ahead
Another bill currently under parliamentary review proposes to replace Kenya’s flat-rate internet system with metered billing, charging users based on data consumption. Introduced by Aldai MP Maryanne Keitanny, it would also require users to provide detailed personal information before gaining internet access.
Telecom operators would need to collect and store extensive identification data, names, ID numbers, dates of birth, gender, physical and postal addresses for individuals, and registration documents for corporate clients.
The proposed framework would mandate tracking systems and annual data reports, a move critics fear could raise operating costs, push out smaller providers, and give the state unprecedented control over how Kenyans use the internet.
