Nairobi — Kenya's new Computer Misuse and Cybercrimes (Amendment) Act, 2024 has imposed stringent obligations on internet and telecommunications service providers to assist authorities in cybercrime investigations, with severe penalties for non-compliance.

The law, passed by Parliament on September 29, 2025, and assented to by President William Ruto on October 15, enhances the existing Computer Misuse and Cybercrimes Act, Cap 79C, expanding the government's power to compel cooperation from service providers in tracing and prosecuting digital offences.

It requires service providers to preserve, produce, and share user data relevant to investigations when ordered by law enforcement agencies. Those who fail to comply risk heavy fines, imprisonment, or forfeiture of assets used in committing cybercrimes.

The law also empowers the National Computer and Cybercrimes Coordination Committee (NC4) to block websites or applications that promote illegal activities, including terrorism, child pornography, or cultic practices.

Keep up with the latest headlines on WhatsApp | LinkedIn

In addition, it introduces penalties for unauthorized SIM-card swaps--punishable by a fine of Sh200,000 or a two-year jail term--and broadens definitions of cyber harassment and phishing to include emerging online threats.

The amendment further clarifies that it does not limit fundamental rights or delegate legislative powers, while emphasizing the need to prevent misuse of digital platforms for terrorism or extremist activities.

By tightening compliance rules and increasing accountability, the law seeks to strengthen Kenya's digital security framework and safeguard citizens against cyber threats.