Kenyan lawmakers are seeking to strengthen the country’s cybersecurity framework by proposing a ban on the use of personal email accounts for official government business, as part of broader reforms aimed at safeguarding sensitive state information from growing cyber threats.
The proposed amendments, currently under consideration by the National Assembly’s Departmental Committee on Communication, Information and Innovation, would establish Kenya’s first comprehensive legal framework for the classification, protection, review and declassification of sensitive government records. Legislators argue that while existing laws guarantee the public’s right to access information, they provide limited guidance on protecting information whose disclosure could jeopardise national security.
If enacted, the legislation would introduce clear legal definitions for terms such as classified information, sensitive information, classifying authority, declassification and downgrading, creating a standardised system for managing protected government records.
The bill’s sponsor, Kilifi North MP Owen Baya, said the reforms are intended to strike a balance between the constitutional right to information and the need to protect state secrets whose disclosure could undermine Kenya’s security or national interests.
According to Baya, the rapid shift towards digital communication has significantly increased the risk of unauthorised access to official information, making government records more vulnerable than they were under traditional paper-based systems.
He expressed concern over the increasing use of personal email accounts and messaging platforms such as WhatsApp for official government communication, warning that these platforms lack the security safeguards available on government-managed systems. He argued that if the personal accounts of senior public officials were compromised, confidential government information could easily fall into the wrong hands.
Also Read: NSE Adds KSh817 Billion in Investor Wealth as Record June Crowns Strongest First Half in Years
Departmental Committee chairperson and Dagoretti South MP John Kiarie said the proposed law seeks to ensure that all government officials conduct official correspondence exclusively through secure .go.ke email addresses. He noted that the necessary digital infrastructure is already in place and that Parliament now wants to make its use compulsory across the public sector.
Kiarie also observed that although Kenya has enacted robust cybercrime and data protection laws, legislation alone cannot eliminate cyber threats. He said broader economic issues, including the availability of employment opportunities for highly skilled technology professionals, must also be addressed to curb cyber-related offences.
The proposed reforms come amid growing cyber security concerns. Data from the National Computer and Cybercrime Coordination Committee (NC4) shows that government institutions, cloud-based services and digital infrastructure were targeted by approximately three billion cyberattack attempts within a three-month period.
Authorities have also reported a rise in cyber offences, including unauthorised access to computer systems, interference with digital infrastructure, identity theft, online fraud, cyber harassment and electronic payment-related crimes.
In response to the escalating threats, Parliament has already approved the establishment of the National Cybersecurity Agency. The government is also expanding collaboration with banks, telecommunications companies, aviation firms and energy providers to strengthen the protection of critical national infrastructure.
Also Read: NSE Adds KSh817 Billion in Investor Wealth as Record June Crowns Strongest First Half in Years
Against this backdrop, lawmakers are proposing stricter controls over the creation, transmission and storage of official government information. Under the proposed framework, protected records would be classified into four categories: Top Secret, Secret, Confidential and Restricted. Public institutions would be required to properly mark, register and periodically review all classified documents.
The bill further proposes that classified records be automatically declassified after 30 years unless there are lawful grounds to maintain their protected status. It also introduces penalties for the unauthorised disclosure of classified government information.
Despite broad support for strengthening national information security, some members of the parliamentary committee questioned whether the proposed legislation clearly identifies the legal gaps it seeks to address and whether it strikes an appropriate balance between state security and the constitutional right to access information.
Homa Bay County MP Bensouda Osogo urged lawmakers to ensure the proposed framework applies strictly to government-held information and cannot be used to suppress legitimate public-interest disclosures or undermine media freedom.