The Communications Authority of Kenya (CA) has issued a notice directing all telecommunications companies, including Safaricom, Airtel, Telkom Kenya, and other licensed service providers, to fully comply with the directive on the use of licensed and accredited digital certification services.
In the notice issued on Tuesday, October 7, the Authority emphasized that all systems designated as Critical Information Infrastructure (CII) under Gazette Notice No. 1043 must adopt and exclusively use digital certificates and Public Key Infrastructure (PKI) services.
The certificates must be obtained from licensed and accredited Electronic Certification Service Providers (E-CSPs) by January 1, 2026.
This directive follows a determination made by the National Computer and Cybercrimes Coordination Committee (NC4) in August 2024, which mandated the use of trusted digital certification services to safeguard national digital systems from cyber threats.
“Pursuant to the determination made by the National Computer and Cybercrimes Coordination Committee (NC4) on August 11, 2024, which directed that all systems designated as Critical Information Infrastructure (CII), as stipulated in Gazette Notice No. 1043, must adopt and only use digital certificates, digital certification, and Public Key Infrastructure (PKI) services from Electronic Certification Service Providers (E-CSPs) who have been both licensed and accredited by the Communications Authority of Kenya,” the statement read in part.
“This public notice serves as a notification to all owners of CII systems in the telecommunications sector that, effective January 1, 2026, the Authority shall inspect the relevant licensees to ensure compliance with this directive.”
Also Read: Communications Authority of Kenya Announces Attachments in 17 Departments
CA Orders Telecom Firms to Adopt Licensed Digital Certificates by 2026
CII providers are entities that own, operate, or manage information and communication systems essential to national security, public safety, economic stability, and public welfare.
The Authority stated that compliance will help ensure data integrity, authentication, and the security of digital transactions.
The CA also warned that non-compliance will constitute a breach of regulations and may attract regulatory action under applicable laws and frameworks.
The list of licensed and accredited E-CSPs can be accessed from the Telecommunications Services Licensee Register available on the CA’s website at www.ca.go.ke.
Also Read: Why 1 in 2 SIM Cards in Kenya Now Belong to Safaricom
How Digital Certificates Will Work
The directive is part of Kenya’s broader effort to strengthen digital security, enhance data protection, and safeguard the integrity of online communications and transactions within the country’s critical ICT infrastructure.
Digital certificates serve as essential security tools that authenticate digital identities and encrypt sensitive data, preventing unauthorized access or tampering within online platforms.
The move is also expected to make it more difficult to forge documents such as contracts and cheques, while enabling executives to sign official paperwork remotely from anywhere in the world.
Additionally, the electronic certification licenses issued by the CA will allow the ICT Authority to provide digital signatures for e-government services, promoting efficiency, transparency, and trust in online transactions.
For inquiries or clarifications, the CA directed all correspondence to the Director, Cybersecurity Department, via [email protected] or by phone at +254 703 042 724.
Follow our WhatsApp Channel and X Account for real-time news updates.
