There is no doubt that Kenya’s digital space has grown tremendously. We are a nation of content creators and digital dreamers, from TikTokers in Kibera to coders in Kilimani. Kenya ranks among the top internet users in Africa, the top social media users globally, and one of the highest in AI chat adoption.
Nairobi, or what they now call the Silicon Savannah, is a hub of start-ups, mobile innovations, and digital hustles that have transformed the economy.
But every digital revolution comes with its dark alley. With this growth has come cyberbullying, phishing, SIM-swap fraud, child pornography, and online impersonation.
The internet, as it empowers, also endangers. And so Kenya needed a strong law —one that protects citizens’ data, prevents abuse, and holds criminals accountable.
That law is supposed to be the Computer Misuse and Cybercrimes Act. The problem is not that it exists, but that it exists poorly.
The Computer Misuse and Cybercrimes Act Promise That Became a Threat
The original 2018 Act was born out of panic, a knee-jerk reaction to rising online threats. Immediately after it was passed, court petitions followed.
The Bloggers Association of Kenya (BAKE), the Media Council of Kenya(MCK), and the Law Society of Kenya (LSK) challenged several provisions for violating the Constitution of Kenya, 2010, particularly Articles 33 (freedom of expression), 34 (freedom of the media), and 35 (access to information).
Also Read: How Kenya’s New Computer Misuse and Cybercrimes Law Will Curb Rising Cyber Threats
Sections such as 22 (false publications) and 23 (cyber harassment) were suspended by the High Court for being vague and prone to abuse.
The law quickly became a weapon, wielded not against fraudsters or hackers, but against journalists, bloggers, and citizens who dared to speak their minds.
Among the victims were writers, activists, and digital commentators charged for “offensive communication” or “publishing false information”, offenses that exist only in the imagination of thin-skinned politicians and overzealous prosecutors.
Wasted Chances
Fast-forward to 2024. The government had a golden opportunity to correct the 2018 mess. Instead, it doubled down on control.
The Computer Misuse and Cybercrimes (Amendment) Act, 2024, sponsored by Wajir East MP Aden Mohamed, was rushed through Parliament, debated lightly, and passed in record time.
It was then among eight bills signed into law together, a legislative ambush that escaped public scrutiny, violating Article 118(1)(b) of the Constitution, which demands meaningful public participation.
The new law claims to modernize cyberregulation to address “emerging threats” such as identity theft, digital terrorism, and online fraud.
It even introduces new offenses such as SIM-swap fraud, phishing, and the misuse of digital assets like cryptocurrency. On paper, this sounds like progress. But hidden in the fine print are dangerous claws.
Weaknesses
Under Section 6, authorities can now block or shut down websites, apps, or systems deemed to promote “unlawful activities”, a list that includes terrorism, cultism, and child exploitation.
These are serious issues, yes, but the wording gives the state sweeping discretion. With a single directive, an agency can make a website “inaccessible to the public.”
Then comes Section 46A, which empowers courts to order the removal or deactivation of content or devices before conviction, based merely on “reasonable belief.”
This pre-emptive power could easily be used to muzzle dissenters or take down platforms critical of the government.
The law’s penalties are draconian. Offenders face fines of up to KSh 20 million or imprisonment of up to 10 years, even for offenses as vague as “publishing false information” or “communication likely to cause fear.”
These provisions collide head-on with Article 33, which guarantees every citizen the right to freedom of expression, including the freedom to seek, receive, and impart information and ideas. They also threaten Articles 34, which enshrines freedom of the media, 47, which guarantees fair administrative action, and 50, which safeguards the right to a fair hearing.
Strengths
To be fair, the 2024 amendment isn’t all folly. It introduces modern legal definitions, including cybercrime, digital assets, virtual accounts, and identity theft, aligning Kenyan law with global trends.
It strengthens protection against data theft and SIM-swap fraud, which have hurt thousands of M-Pesa users.
It expands the powers of the National Computer and Cybercrimes Coordination Committee (NC4), enabling Kenya to mount a more structured response to digital threats. And by criminalizing phishing and digital impersonation, it fills real legal gaps.
In short, it’s a good idea written badly, a solid foundation buried under political cement.
Where the Law Collapses
- Overreach and vagueness: Terms like “false publication,” “offensive communication,” or “likely to cause fear” are too broad. They fail the constitutional test of precision required under Article 24, which allows limitation of rights only by clear, justifiable, and proportionate means.
- Prior restraint: Allowing investigators to block or remove content before conviction undermines the presumption of innocence under Article 50(2)(a).
- Discretion without oversight: The law vests immense power in “authorised officers” to determine what is illegal. Without strong judicial oversight, such discretion invites abuse.
- Punitive spirit: Instead of promoting digital safety through education, innovation, and capacity-building, the Act leans heavily on punishment, high fines, and jail terms, a colonial instinct that never seems to die in our legislative culture.
- Lack of public participation: The hasty passage of the 2024 Amendment violated the spirit of Article 10 on transparency and accountability. It ignored expert submissions, civil society concerns, and ongoing litigation (like the BAKE petition still pending determination).
A Pattern of Governance
Every time Kenya faces a challenge, crime, media criticism, or dissent, the first instinct of the government is to criminalize it. Instead of dialogue, we legislate fear. The Cybercrimes Act is only the latest chapter in a long book of overreaction.
What makes it worse is the timing. The Act was signed amid national tension, on the day Kenya’s former Prime Minister Raila Odinga died. It felt less like a cybersecurity reform and more like a pre-emptive strike on online discourse.
Predictably, government spokespeople rushed to defend it, from the Ministry of Interior to digital operatives on X (formerly Twitter). But if a law needs that much defense, maybe it isn’t defensible.
How to Turn a Foolish Law into a Smart One
First, the government must reopen public participation, inviting experts, civil society, and digital creators to review the contentious sections.
Second, Parliament should amend Sections 22, 23, and 46A to narrow definitions and require judicial oversight before blocking or removing content.
Third, Kenya needs a Digital Rights and Freedoms Charter, as proposed by civil groups, to operationalize Articles 33–35 in the online age, protecting both expression and safety.
Fourth, the state must separate national security from digital regulation. The Ministry of ICT, not the Ministry of Interior, should lead this space. Cybersecurity is about innovation, not intimidation.
Also Read: Ruto Addresses Signing Cybercrimes Law on Day of Raila’s Passing
In conclusion, the Computer Misuse and Cybercrimes (Amendment) Act, 2024, could have been Kenya’s proud digital guardrail. Instead, it risks becoming a digital gag. It is a foolish law because it punishes where it should protect, silences where it should secure, and centralizes power where it should democratize access.
However, foolishness is not final. Laws evolve. And if Parliament, the courts, and citizens insist on a balance between security and freedom, order and openness, Kenya can still turn this foolish law into a smart one.
The views expressed in this opinion piece are the authors’ own and do not represent The Kenya Times’ editorial position.
Follow our WhatsApp Channel and X Account for real-time news updates.
