Over the last week, Kenyans online have been talking about a slew of bills signed into law by President William Ruto on Wednesday, October 15.
One of the laws that has drawn the most concern is the Computer Misuse and Cybercrimes (Amendment) Act, 2024.
This new law amends the Computer Misuse and Cybercrimes Act, Cap 79C, to prohibit the use of electronic media to promote terrorism and extreme religious and cultic practices.
Published by the National Assembly on August 9, 2024, the Bill underwent public participation and review by the Departmental Committee on Communication, Information, and Innovation, with stakeholder inputs from civil society and industry leaders. It was passed on October 8, 2025.
The Computer Misuse and Cybercrimes (Amendment) Act, 2024, broadens the legal definitions of phishing, cyber harassment, and identity theft to include new and emerging digital threats targeting individuals and businesses. The government says this will enhance its ability to trace, freeze and recover the proceeds of cybercrime.
Under the new law, computer misuse has been expanded to mean any unauthorised system access or modification, and acts of cybercrime will include ICT-enabled offences targeting networks or data.
Furthermore, it introduces critical information infrastructure (CII), covering sectors like banking, energy, and telecoms.
The new law also expands the scope of the offence of cyber harassment to cover instances where a perpetrator knows that their conduct is likely to cause a person to commit suicide.
To extend the protection of Kenyans online, it states that anyone who communicates with an individual or anyone connected to them whose conduct is likely to cause violence against them, damage to property, or detrimentally affect them, including inducing suicide, will be liable to prosecution.
Such a person faces a fine not exceeding Ksh20 million, imprisonment for a term not exceeding ten years, or both. The same penalty will be given if the person is part of an indecent or grossly offensive nature that will affect others.
The goal of the laws is to prohibit the spreading of false information, causing public panic.
Furthermore, the new law now empowers the National Computer and Cybercrimes Co-ordination Committee to issue a directive to render a website or application inaccessible where it is proved that the website or application promotes unlawful activities, child pornography, terrorism or religious extremism and cultism.
Additionally, in the event of a successful prosecution of an offender, the amendments empower the Court to order the removal of any unlawful or extremist content from a platform or device.
To protect Kenyans from identity theft committed through email or phone calls, the bill criminalises unauthorised SIM-SWAP with the intent to defraud, with penalties of up to two years imprisonment or a Ksh200,000 fine.
“A person who willfully causes unauthorised alteration and unlawfully takes ownership of another person's SIM-card with the intent to commit an offence is liable on conviction to a fine not exceeding Kenya Shilling two hundred thousand or to imprisonment for a term not exceeding two years, or to both,” reads Section 42A.
Under the new law, service providers are required to preserve, produce, and share user data deemed relevant to active investigations when requested by law enforcement agencies.
To maintain updated safety measures, the new law mandates data localisation for CII, annual risk assessments, and the establishment of Cybersecurity Operations Centres. Aligns with the Critical Information Infrastructure Regulations (Gazette Notice No. 44, February 2024).
Lawmakers have emphasised that the amendment does not erode constitutional freedoms or delegate legislative powers.
However, some Kenyans argue that the new law grants the government sweeping powers to muzzle free speech.
