Kenya’s Communications Authority Clarifies New SIM Rules Amid Public Concern

The Communications Authority of Kenya (CA)  has issued a detailed clarification addressing public concerns and recent media commentary surrounding the country’s revised SIM card registration regulations. The Authority emphasized that fears regarding the mandatory collection of biometric data during the registration of new mobile lines are unfounded. According to the CA, no directives have been issued instructing mobile operators to collect biometric data from subscribers.

The revised SIM registration rules, published in May 2025, were developed to enhance the security and integrity of Kenya’s digital ecosystem. Their primary focus is to protect citizens from SIM-related fraud, identity theft, SIM box operations, and other criminal activities. The regulations also aim to reinforce trust in Kenya’s telecommunications sector by ensuring that every registered mobile line corresponds to a genuine user. Additionally, the updated rules are designed to support secure access to essential services such as mobile money, e-government platforms, and digital commerce.

In clarifying the issue of biometric data, the CA stated that the new regulations do not include any requirement for telecommunications operators to gather such information. Although biometric data is defined within the legal framework—covering elements such as fingerprints, DNA, blood typing, earlobe geometry, retinal scans, and voice recognition—the presence of these definitions does not imply that subscribers will be asked to provide them during SIM registration. The Authority reinforced that mobile service providers have not been instructed to collect any biometric identifiers.

On matters of privacy and security, the CA reaffirmed that the new regulations impose strict obligations on operators. Subscriber information must be handled, processed, and stored securely in accordance with the Kenya Information and Communications Act of 1998 and the Data Protection Act of 2019. Operators are prohibited from sharing customer data without consent or a legitimate legal order. The CA, working jointly with the Office of the Data Protection Commissioner, intends to maintain strict oversight through audits and will impose penalties for misuse of customer information.

The Authority also addressed concerns related to SIM card suspension and consumer rights. The revised rules allow operators to suspend services only when subscribers provide false information or repeatedly fail to comply with registration requirements. However, operators must issue prior notice before any disconnection and are required to follow clear, fair, and transparent procedures in handling customer matters.

The CA acknowledged persistent frustration among consumers over spam messages, unauthorized subscriptions, misuse of phone numbers, and the proliferation of unapproved premium services. The enhanced SIM registration framework is positioned as part of a broader strategy to protect consumers from these everyday challenges and improve their overall experience with mobile services.

With the increasing reliance on digital platforms, the CA highlighted the importance of innovations that strengthen data privacy. Privacy-preserving features such as number masking on mobile payment platforms play an essential role in promoting trust and safety. The Authority expressed its commitment to supporting technologies and initiatives that enhance user privacy while complying with national laws.

Concluding its communication, the CA reiterated its commitment to Kenya’s digital transformation agenda. It pledged to continue promoting digital inclusion, consumer protection, and transparent regulation within the ICT sector, ensuring that the country’s digital infrastructure remains secure, trusted, and responsive to public needs.