Over the past week, Kenyans on social media have been discussing a series of new bills that President William Ruto signed into law on Wednesday, October 15. Among these, the one that has sparked the most public debate is the Computer Misuse and Cybercrimes (Amendment) Act, 2024.
This law updates the original Computer Misuse and Cybercrimes Act, Cap 79C, with new provisions aimed at tackling the misuse of digital platforms.
One of the major changes is that it now prohibits the use of electronic media to promote terrorism, violent extremism, and dangerous cult or religious practices.
The amendment, first introduced by the National Assembly on August 9, 2024, went through a period of public participation and was reviewed by the Departmental Committee on Communication, Information, and Innovation.
During this process, civil society groups, technology experts, and industry stakeholders shared their opinions and recommendations.
After thorough review and revisions, Parliament passed the Bill on October 8, 2025, leading to its official signing into law a week later.
According to the government, this updated law will help Kenya combat modern cyber threats more effectively. It expands the legal definitions of key offences such as phishing, cyber harassment, and identity theft to include the latest digital crimes that affect both individuals and businesses. Authorities believe the new rules will make it easier to trace, freeze, and recover assets obtained through cybercrime.
Under the new law, computer misuse now includes any unauthorised access, modification, or interference with a computer system. Crimes committed using ICT tools or networks will be considered cyber offences, especially when they target sensitive data or critical infrastructure.
Another important part of the law is the introduction of the concept of Critical Information Infrastructure (CII). This refers to key sectors like banking, energy, and telecommunications, which the government now categorises as vital systems that must be protected from cyber threats.
The amendment also broadens the definition of cyber harassment to include any act that could drive someone to take their own life.
It states that if a person communicates in a way—directly or indirectly—that could lead to violence, property damage, or emotional harm to another person, including inducing suicide, they can face serious legal consequences.
Anyone found guilty of such actions risks a fine of up to Ksh20 million, a prison sentence of up to ten years, or both. The same punishment applies to those who share indecent or grossly offensive content that could cause harm to others online.
The government’s stated goal for these new rules is to curb the spread of false or misleading information, which often causes unnecessary public panic and unrest.
Another major change gives the National Computer and Cybercrimes Co-ordination Committee the power to block access to websites or applications that promote illegal activities, such as child pornography, terrorism, religious extremism, or cult practices.
This means that any platform found to be spreading harmful content can be rendered inaccessible in Kenya.
Furthermore, if a person is convicted under the Act, the Court now has the authority to order the removal of any unlawful or extremist material from their devices or online platforms.
To address the rising cases of SIM-swap fraud and identity theft, the law now criminalises unauthorised SIM-card swaps made with the intent to defraud. Offenders can face up to two years in prison, a fine of Ksh200,000, or both.
Section 42A of the Act clearly states:
“A person who willfully causes unauthorised alteration and unlawfully takes ownership of another person’s SIM-card with the intent to commit an offence is liable on conviction to a fine not exceeding Kenya Shilling two hundred thousand or to imprisonment for a term not exceeding two years, or to both.”
Additionally, internet and mobile service providers will now be required to store, produce, and share user data relevant to ongoing criminal investigations when requested by law enforcement agencies. This aims to make it easier for authorities to track cybercriminals.
The Act also introduces stronger measures to secure Kenya’s digital infrastructure. It requires the localisation of data for critical information systems, annual cybersecurity risk assessments, and the establishment of Cybersecurity Operations Centres (CSOCs).
These provisions align with the Critical Information Infrastructure Regulations published in Gazette Notice No. 44, February 2024, which set guidelines for protecting key digital assets.
Lawmakers have stressed that the new cybercrime law does not violate constitutional rights such as freedom of expression, nor does it give unchecked powers to any government body. They argue that the amendments are strictly meant to safeguard Kenyans from the growing threat of online crime.
However, some members of the public and digital rights activists see things differently. They worry that the new law could be used to silence dissent or limit free speech online, giving the government too much control over what citizens say and share on social media platforms.
In short, while the Computer Misuse and Cybercrimes (Amendment) Act, 2024 aims to make Kenya’s cyberspace safer, it has also raised serious questions about privacy, freedom of expression, and the balance between security and liberty in the digital age.
Join Government Official WhatsApp Channel To Stay Updated On time
https://whatsapp.com/channel/0029VaWT5gSGufImU8R0DO30
