The Chairperson of President William Ruto’s Council of Economic Advisors (CEA), David Ndii, has pushed back against claims that Kenya’s newly gazetted SIM card registration regulations compel telecom agents to collect new biometric data from subscribers.
Responding to @Khim_mwachssmo, who cited Form 1, Part 5 as evidence that agents must capture biometric data, Ndii clarified that the regulations only require confirmation of a subscriber’s details against existing government databases, as outlined in Clause 8.
“No it does not,” Ndii said.
“It provides for confirmation of verification with a government database… We know the biometrics in the government database are fingerprints.”
Ndii Dismisses Claims That New SIM Card Rules Require Fresh Biometric Collection
According to Clause 8 of the regulations, telecommunications operators and registration agents are required to perform four key duties:
- Entering Particulars and Requiring Physical Presence – Operators or agents must record registration details from Form 1 and may require the subscriber to appear in person.
- Verification Against Government Databases – All identification information, including biometric data, must be authenticated through the relevant government databases, as confirmed in the Registration Officer’s Declaration in Form 1.
- Updating Information – Operators must update records when subscribers’ details change, as specified under Regulation 11.
- Maintaining Security and Confidentiality – All subscriber data must be kept secure and confidential, in line with the Data Protection Act.
Ndii noted that while Part 5 of Form 1 lists biometric data, the regulations do not obligate agents to collect it themselves.
The requirement is strictly for verification against government-held data.
The Cabinet Secretary for Information, Communication, and Digital Economy, William Kabogo, issued the new rules titled The Kenya Information and Communications (Registration of Telecommunications Service Subscribers) Regulations, 2025.
The regulations were gazetted on 27 May 2025.
New Biometrics Rules For SIM Card Registration
The key requirement introduced by the new regulations is the mandatory verification of identification particulars against government records.
Telecommunications operators and registration agents are now required to utilize a form when registering a person.
The verification process is explicitly required to involve the “authentication of the documents with the existing relevant government database”.
The definition of biometric data under Regulation 2 is extensive, meaning personal data derived from specific technical processing based on physical, physiological, or behavioural characterization.
It specifically includes highly sensitive data types such as:
- Fingerprinting
- Retinal scanning
- Deoxyribonucleic acid analysis (DNA analysis)
- Blood typing, earlobe geometry, and voice recognition
“biometric data” means personal data resulting from specific technical processing based on physical, physiological or behavioural characterization including blood typing, fingerprinting, deoxyribonucleic acid analysis, earlobe geometry, retinal scanning and voice recognition,” reads part of the gazette notice.
Also Read: Ndii Reveals UAE’s Role in Decision to Pick Adani for JKIA Deal
What is Entailed in the Form
Under the new regulations, all telecommunications subscribers are required to complete Form 1, the official registration document.
The form captures essential details about the subscriber and the registration process.
Subscribers are first asked to indicate the type of registration—whether it is for themselves, a child, or a corporate entity.
They must then provide the type of identification document used, which can include a national ID, passport, birth certificate, refugee card, or, for corporates, a CR12 or company letter.
The form also collects basic identification details, such as full name, gender, postal address, and, for children, name and age.
There are fields for alternative contact information to ensure subscribers can be reached if needed.
Importantly, Form 1 includes a section for verifications, allowing the registration officer to confirm the subscriber’s identification documents and biometric data against national databases.
The registration officer’s details—including name, national ID, and telephone number—must also be recorded.
Finally, the form contains a declaration, signed by the officer, confirming that all documents have been verified, the information entered is accurate, and copies of the original documents have been securely stored.
Also Read: David Ndii Explains How Shilling Has Magically Remained at 129 Against US Dollar
Penalties and Six-Month Transition Period
The regulations establish severe consequences for operators and subscribers who fail to comply or provide false information.
- A person who commits an offense under these Regulations is liable upon conviction to a fine not exceeding one million shillings or imprisonment for a term not exceeding six months, or both.
- Providing false information for registration as a subscriber also constitutes an offense.
Existing subscribers registered prior to the commencement of these Regulations have a six-month transition period to fulfill all the new requirements.
Telecommunications operators must notify non-compliant subscribers of the intention to suspend services.
If a subscriber fails to comply within the required period after notification, the operator shall suspend the service.
Further, if the subscriber still fails to respond to a notice of suspension, the telecommunications operator must deactivate the SIM card within ninety days.
“A subscriber who has not complied with the provisions of these Regulations shall be required to comply within fourteen days after issuance of the notice to suspend telecommunication services,” reads part of the gazette notice.
Follow our WhatsApp Channel and X Account for real-time news updates.
