David Ndii, the Chair of President William Ruto’s Council of Economic Advisors, has dismissed claims that Kenya’s latest SIM card registration rules force telecom agents to gather fresh biometric data, including DNA.
A post on X had pointed to Part 5 of Form 1 as evidence that agents would now be required to collect biometric data directly from subscribers. Ndii pushed back, insisting the rules only call for verification against existing government databases, as stated in Clause 8 of the regulations.
“It provides for confirmation of verification with a government database… We know the biometrics in the government database are fingerprints,” he said, describing suggestions of new biometric harvesting as unfounded.
The regulations, gazetted on 27 May 2025 by ICT Cabinet Secretary William Kabogo, introduce a more stringent verification process requiring telecom operators to authenticate a subscriber’s identification particulars against government-held records. Form 1, the official registration document, must now be used for all new registrations and updates.
What the Regulations Actually Require
Clause 8 spells out the responsibilities of telecommunications operators and registration agents. They must record subscriber details, ensure physical presence if necessary, verify identification against government databases, update details when they change, and keep all records secure under the Data Protection Act.
While Form 1 lists several types of biometric data, from fingerprints to retinal scans, DNA analysis, blood typing, earlobe geometry and voice recognition, the rules do not require telecom agents to collect this information themselves. The obligation is limited to verifying what is already held by the state.
Officials insist the changes bring Kenya in line with evolving global standards on digital identity, security and accountability.
How Form 1 Works
Subscribers must declare whether the SIM is being registered for themselves, a child or a corporate entity. Various forms of identification may be used, including national IDs, passports, birth certificates and refugee cards. Corporates must provide CR12 documents or company letters.
Also Read: Kenyan Exporters Warned to Meet EU Sustainability Rules or Risk Losing Market Access
The form captures basic personal details and includes a verification section used by the registration officer to cross-check identity documents and biometric data with national databases. Officers must sign a declaration confirming the accuracy of the information captured and the secure storage of the verified documents.
Penalties and Transition Period
Anyone providing false information or breaching the regulations risks a fine of up to KSh1 million, six months in prison, or both. Existing subscribers have a six-month window to update their records to comply with the new rules.
Operators must notify subscribers before suspending their services, and deactivation must follow if the subscriber still fails to comply within the stipulated period.
The government maintains that these measures strengthen digital security, though debate continues online about data protection, privacy boundaries and what exactly constitutes “necessary” biometric verification.
Summary Table
| Topic | Details |
|---|---|
| Main Issue | Allegations that new SIM registration rules require fresh biometric collection. |
| Ndii’s Position | No new biometrics required. Only verification against existing government databases. |
| Regulations Cited | Clause 8 of the Kenya Information and Communications (Registration of Telecommunications Service Subscribers) Regulations, 2025. |
| Biometric Data Listed | Fingerprints, retinal scans, DNA analysis, blood typing, earlobe geometry, voice recognition. |
| Actual Requirement | Authentication of ID particulars against government databases, not fresh biometric capture. |
| Form Used | Form 1 for all new SIM registrations and updates. |
| Key Obligations | Entering particulars, physical presence if needed, verification, updates, confidentiality. |
| Penalties | Up to KSh1 million fine or six months’ imprisonment for non-compliance or false information. |
| Transition Period | Six months for existing subscribers. |
| Consequences of Non-Compliance | Suspension, then deactivation of SIM if subscriber fails to update records. |
