The Cybersecurity Bill 2025 in Kenya: What You Need to Know

Kenya’s online space is expanding quickly  digital banking, e-learning, and e-government platforms have become part of daily life. But with that growth has come a rise in cyber threats, from scams and data breaches to online misinformation.

To strengthen digital safety, the government has introduced new legislation known as the Cybersecurity Bill 2025, alongside updates to the Computer Misuse and Cybercrimes Act. These laws aim to modernize Kenya’s approach to cybersecurity.

Here’s a clear breakdown of what’s in the new law, what it changes, and what it could mean for individuals, businesses, and the tech community.

1. What the Cybersecurity Bill 2025 Covers

The Cybersecurity Bill 2025 builds on earlier cyber laws to address emerging digital risks. It focuses on:

• Defining new types of cybercrimes

• Strengthening penalties for digital offences

• Expanding the government’s ability to respond to online threats

• Setting standards for how internet service providers and digital platforms handle data and security

The bill works alongside the Computer Misuse and Cybercrimes (Amendment) Act 2024, which was signed into law in October 2025.

2. Key Features of the Cybersecurity Law

a) Broader Definition of Cybercrime

The law updates the list of online offences to include:

• Phishing and identity theft

• SIM-swap fraud

• Unauthorised access to computer systems

• Data manipulation and digital impersonation

For example, a person found guilty of a SIM-swap offence could face up to two years in jail or a fine of KSh 200,000.

b) Authority to Block Harmful Digital Content

The new law allows authorities to block websites, apps, or online accounts that are found to promote:

• Child exploitation

• Terrorist activity

• Hate speech

• Extreme or cultic practices

This provision is meant to protect users from harmful content but has also raised discussion about how such powers will be applied.

c) Regulation of Online Platforms

The Communications Authority of Kenya (CA) will have increased oversight over digital platforms and service providers.
This includes ensuring compliance with national cybersecurity standards and requiring companies to submit reports about their data and security measures.

d) Data Monitoring and Reporting

Internet Service Providers (ISPs) may be required to track and report certain types of data activity to assist in investigating cyber incidents.
Supporters say this helps fight online crime; critics argue it could lead to privacy concerns if not properly managed.

e) The National Cybersecurity Strategy 2025–2029

Alongside the law, the government released a Cybersecurity Strategy that outlines how Kenya plans to secure its digital systems over the next five years.
The plan focuses on:

• Protecting critical infrastructure

• Building national cyber awareness

• Training skilled cybersecurity professionals

• Encouraging cooperation between public and private sectors

3. How It Affects You

The new bill affects all digital users in different ways:

• For individuals: There’s better protection against online scams, fraud, and cyberbullying. However, there may also be closer monitoring of online activity.

• For businesses: Companies must improve their cybersecurity systems, report data breaches, and follow set security standards.

• For developers and ISPs: Compliance requirements will increase, including stronger data protection, regular audits, and possible licensing updates.

4. Concerns Raised by Stakeholders

Since the bill was introduced, civil society groups, tech experts, and legal analysts have shared a few concerns:

• Freedom of expression: Some worry that giving the government power to block sites could limit free speech if not carefully monitored.

• Privacy: Tracking internet usage might conflict with the right to privacy guaranteed under Article 31 of Kenya’s Constitution.

• Vague definitions: Terms like “extreme practices” or “unlawful content” are broad and open to interpretation, which could cause confusion in enforcement.

• Innovation risks: Startups fear heavier regulation could make it harder for small tech firms to compete.

These debates highlight the need for a balance between digital security and individual rights.

5. Current Status

As of October 2025:

• The Computer Misuse and Cybercrimes (Amendment) Act 2024 has already been signed into law.

• The Kenya Information and Communications (Amendment) Bill 2025 is still under review in Parliament.

• The National Cybersecurity Strategy 2025–2029 remains in draft form, guiding future policy.

Implementation details are expected to roll out in phases as relevant agencies develop the required frameworks and regulations.

Conclusion

The Cybersecurity Bill 2025 marks an important moment in Kenya’s digital evolution. It’s designed to make cyberspace safer by tackling online crime, improving accountability, and aligning Kenya’s digital laws with global practices.

At the same time, it raises important discussions about privacy, freedom, and government power in the digital world.

For citizens, businesses, and tech innovators, the key takeaway is awareness. Understanding these laws helps you operate responsibly and stay compliant as Kenya strengthens its cybersecurity landscape.