Kenya’s government has amended its cybercrime law to give itself sweeping powers to block websites and online platforms considered harmful, a move that has sparked growing concerns over freedom of expression and digital rights in the country.
The new Computer Misuse and Cybercrime (Amendment) Act, 2024, was signed into law by President William Ruto on Wednesday, October 15, 2025. The law gives the National Computer and Cybercrimes Coordination Committee (NC4) wide authority to order internet service providers (ISPs) to block access to websites and mobile applications that it believes promote pornography, terrorism, or what it vaguely calls “extreme religious and cultic practices.”
The committee, made up mostly of security officials, can issue these blocking orders without a court warrant or public oversight, a provision that has raised questions among civil society groups and digital rights advocates. Many fear that the law could be used to silence dissent, especially online critics of government policies.
The amended Act also broadens the definition of cyber harassment to include any conduct “likely to cause” someone to commit suicide. However, it does not clearly define what such conduct entails, leaving room for subjective interpretation by authorities. Analysts warn that this vagueness could be exploited to criminalize legitimate criticism, satire, or online debate.
The passage of this law comes months after the Gen-Z protests against the controversial Finance Bill 2024, when thousands of young Kenyans took to social media to criticize government officials who supported the bill. Many politicians later complained of being “cyber bullied” and verbally attacked, and some publicly called for laws to criminalize such online expressions.
Human rights groups have expressed alarm over the new provisions. Article 19 Eastern Africa, an international organization that defends freedom of expression, had earlier urged parliament to reject the amendments. The group argued that the law violates international human rights standards and gives the government excessive powers that could be abused to stifle dissent.
In a statement released earlier this year, Article 19 said the law’s vague wording and broad enforcement powers could be used “to silence critics and restrict online communication under the pretext of combating terrorism or extremism.” The organization warned that without clearer definitions and stronger safeguards, the amendments could criminalize ordinary speech, discourage online discussions, and damage Kenya’s image as one of Africa’s most open and dynamic digital economies.
Besides censorship-related issues, the amended law also expands the definition of phishing to include fraudulent phone calls and introduces stiffer penalties for unauthorized SIM swaps. SIM-swap fraud has become one of the fastest-growing cybercrimes in Kenya, where criminals trick mobile operators into transferring victims’ phone numbers to new SIM cards. Once in control, they intercept calls, messages, and one-time passwords used for bank logins or online transactions, giving them access to victims’ money and personal data.
Government officials, however, have defended the new law, saying it brings Kenya’s cybercrime framework up to date with the realities of a fast-growing digital economy. Eliud Owalo, the Cabinet Secretary for Information, Communications and the Digital Economy, said the amendments will strengthen national security, protect citizens from online scams, and ensure responsible use of the internet.
According to Owalo, “The law is not meant to silence anyone. It targets criminals who exploit digital platforms to harm others or spread extremist propaganda.” He added that the reforms are part of Kenya’s broader effort to create a safer and more accountable digital environment.
Meanwhile, another bill still being debated in parliament could further tighten state control over the internet. The proposal, sponsored by Aldai MP Maryanne Keitanny, seeks to replace the current flat-rate internet billing system with a metered model, where users will be charged based on the volume of data consumed.
The bill also includes strict Know Your Customer (KYC) requirements for internet users. It mandates that service providers collect and store detailed personal information, including full names, national ID numbers, birth dates, gender, and both physical and postal addresses before granting internet access.
Telecommunication operators would also be required to install tracking systems and submit annual reports to regulators, measures that analysts say could increase operational costs, discourage competition, and expand the government’s ability to monitor citizens online.
Digital rights advocates say the combination of these laws and proposals signals a worrying trend of state overreach into Kenya’s digital space. They warn that if unchecked, the new cybercrime law and upcoming data-tracking policies could transform Kenya’s open internet into one of the most tightly controlled in the region.
