Introduction
On 15th October, 2025 President William Ruto assented to the Computer Misuse and Cybercrimes (Amendment) Act, 2024. The law amends the Computer Misuse and Cybercrimes Act, 2018 the country’s primary legislation for combatting cyber-offences.
While the amendment seeks to strengthen Kenya’s ability to tackle emerging digital threats from SIM-swap fraud to identity theft and online harassment it has also sparked significant debate over its constitutionality, breadth, and implications for digital rights.
Modernising an Outdated Framework
The 2018 Act was enacted to curb unauthorised access, data interference, and cyber-fraud. However, with rapid advances in technology, new challenges have emerged including cryptocurrency-related crimes, phishing scams, and cyber-harassment on social media platforms.
The 2024 Amendment aims to close these gaps by introducing expanded definitions and new offences, as well as stronger obligations for service providers. Key highlights include:
- “Access” now includes entry “through a program or device,” capturing automated hacking tools and bots.
- “Asset” is broadened to include both physical and virtual property, covering digital currencies and other virtual assets.
- A specific offence of unauthorised SIM-card swapping, punishable by a fine of up to Kshs. 200,000- or two-years’ imprisonment.
- Enhanced cyber-harassment provisions, including communications “likely to cause a person to commit suicide,” attracting penalties of up to KSh 20 million or 10 years in jail.
- Internet and telecommunications companies must preserve, produce, and share data relevant to investigations, including virtual asset records.
Expanding Enforcement Powers
Perhaps the most contentious feature of the amendment is the power to restrict online content. The National Computer and Cybercrimes Coordination Committee (NC4) or any authorized agency can now order the blocking or removal of websites, social media pages, or applications deemed to promote terrorism, child sexual exploitation, or “extreme religious or cultic practices.”
These powers can be exercised even before a court conviction, raising fears of potential misuse and censorship.
Balancing Security and Digital Rights
Supporters argue that the law brings Kenya in line with global cyber-security standards, equipping authorities with the tools needed to investigate complex cyber-crimes and protect citizens from online fraud.
However, civil society groups warn that the amendment could erode key constitutional freedoms. Advocacy bodies like ARTICLE 19 and the Kenya Human Rights Commission (KHRC) argue that the provisions are overbroad, vague, and susceptible to abuse.
Critics fear the law could be used to silence dissent or restrict free speech online — particularly given the sweeping powers to block digital content without judicial oversight.
The Constitutional Challenge: KHRC and Reuben Kigame Go to Court
On 22 October 2025, the Kenya Human Rights Commission (KHRC) and Reuben Kigame, filed a petition in the High Court of Kenya seeking to declare the new law unconstitutional.
The petitioners claim that the amendment violates rights to privacy, freedom of expression, freedom of the media, and access to information under Articles 31–35 of the Constitution.
They further allege that the legislative process was flawed including failure to involve the Senate where county interests are affected and that the Act conflicts with existing frameworks such as the Data Protection Act, 2019.
The case seeks a declaration nullifying the Amendment Act and a permanent injunction against its enforcement until the court determines its constitutionality.
Comparative Analysis
|
Area |
2018 Act (Original) |
2024 Amendment |
Impact/Concern |
|
Definition of 'Access' |
Limited to entry 'by a person.' |
Adds 'through a program or device.' |
Captures automated tools and bots. |
|
Definition of 'Asset' |
Focused on tangible property. |
Includes virtual assets (e.g. cryptocurrency). |
Enables asset seizure but increases surveillance risks. |
|
Cyber-Harassment |
Basic offence covering offensive communications. |
Adds 'likely to cause suicide,' with heavier penalties. |
Addresses online bullying but risks subjective interpretation. |
|
SIM-Card Fraud |
Not expressly criminalised. |
New Section 42A — unauthorised SIM-swap offence. |
Strong deterrence against telecom fraud. |
|
Service Provider Obligations |
Limited cooperation duties. |
Mandatory data preservation and production. |
Strengthens investigations but raises privacy concerns. |
|
Content Blocking Powers |
No explicit blocking authority. |
NC4 may block apps/websites promoting illegal content. |
Potential for misuse and censorship. |
Striking the Right Balance
Kenya’s digital ecosystem has grown exponentially with increased cyber-risks demanding robust legal responses. The 2024 Amendment demonstrates the government’s intent to modernise enforcement. Yet, the line between cyber-security and civil liberty remains thin.
Without strong oversight mechanisms, judicial safeguards, and public transparency, the risk of overreach looms large. The ongoing constitutional petition will be a critical test of how far the State can go in policing digital spaces without infringing on fundamental rights.
Conclusion
The Computer Misuse and Cybercrimes (Amendment) Act, 2024 represents both progress and peril. It updates Kenya’s legal framework to tackle modern cyber-offences but simultaneously raises profound questions about privacy, expression, and the rule of law.
As Kenya awaits the High Court’s ruling on the KHRC petition, stakeholders from regulators and service providers to digital rights advocates must work together to ensure that cyber-security measures strengthen, rather than suppress, constitutional rights.
Contributors: Joyce Mwaura | Associate Advocate-Data Protection
For Further Guidance
CM ADVOCATES LLP – Technology, Media & Telecommunications (TMT), Data Protection & Cybersecurity Practice-
Email: tmtpractice@cmadvocates.com
Head Office – Nairobi I&M Bank House, 7th Floor, 2nd Ngong Avenue
Tel: +254 20 2210978 | +254 716 209673
Email: law@cmadvocates.com
Mombasa Office Links Plaza, 4th Floor, Links Road, Nyali
Tel: +254 041 447 0758 | +254 791 649913