On October 15, 2025, President William Ruto signed the Computer Misuse and Cybercrimes (Amendment) Act into law, igniting a firestorm of debate in Kenya’s digital corridors.
Proponents hail it as a vital bulwark against the rising tide of online predation—phishing scams, identity theft, and cyberbullying that have scarred countless lives.
Yet, as petitions flood the courts challenging its constitutionality,this legislation feels less like a safeguard and more like a sledgehammer, poised to crush dissent under the guise of security.
At its core, the Act expands the 2018 framework to tackle modern menaces. It criminalizes identity theft—snatching someone’s SIM card or bank details for fraud—with penalties up to two years in prison.
Cyber harassment now encompasses messages likely to drive victims to suicide or incite violence, carrying fines up to KSh 20 million or a decade behind bars. False information sparking public panic, be it via email or social media, faces up to three years’ imprisonment.
The government gains sweeping powers: the National Computer and Cybercrimes Coordination Committee can shutter websites peddling extremism or child exploitation, while courts can mandate content takedowns—even preemptively. Telecoms must hand over user data on demand, bolstering probes into digital crimes.
Undeniably, Kenya’s cyber landscape demands fortification. With fraudsters evolving faster than firewalls, this law arms authorities to reclaim stolen crypto assets and shield critical infrastructure like banks and energy grids.
Businesses, long plagued by phishing, will breathe easier knowing recovery of illicit gains is streamlined. For vulnerable youth tormented online, the suicide clause offers a grim but necessary deterrent.
But here’s the rub: in zealously pursuing villains, the Act risks ensnaring the innocent. Vague terms like “mischievous” information or “detrimental effects” invite abuse, turning satire into sedition and whistleblowing into a felony.
Mandatory social media verification linking accounts to government IDs erodes anonymity, a cornerstone of free expression under Article 33 of our Constitution.
Critics, including the Kenya Human Rights Commission, decry it as an authoritarian toolkit, echoing global fears of laws that silence activists while sparing real Why sparing real crooks empower opaque committees to blackhole sites without judicial oversight? This isn’t protection; it’s preemption, chilling the very discourse that fuels democracy.
In my view, the Act embodies Kenya’s perennial tightrope: innovation versus control. We need cyber defenses, yes—but not at freedom’s expense. The rushed assent, bypassing Senate referral, reeks of procedural sleight-of-hand.
Courts must strike down the overbroad clauses, mandating clearer standards and independent audits. Parliament should reconvene for tweaks, embedding safeguards like sunset clauses for shutdown powers.
As Kenyans log on daily, this law looms large. Will it foster a safer net, or a surveilled one? The jury’s out, but history warns: tools forged for security often morph into chains. Let’s demand better—because in the digital age, our voices are our strongest firewall.
Siyad Jimale is the executive director of the Horizon Analysts and Researchers Network (HARN). A researcher and policy analyst, he has advocated for a complete overhaul of how the State approaches insecurity along the Kenya-Somalia border such as influencing a collaborative approach to champion a sound working relations between local communities and security agencies and easing the acquisition of national Identity card
