NAIROBI, Kenya, Oct 22 — The Computer Misuse and Cybercrime (Amendment) Act, 2024, signed into law by President William Ruto on October 15, is now facing legal scrutiny after a coalition of civil rights groups and opposition figures moved to court challenging its constitutionality.
The petitioners argue that some provisions of the new law could stifle freedom of expression and privacy, while the government insists the amendments are crucial to combat rising digital threats, online extremism, and cyber fraud.
The government has defended the Act saying it updates the 2018 law to reflect the evolving nature of online crime and seeks to close loopholes exploited by cybercriminals.
Here are the highlights:
1. Expanded Powers for the National Cybercrimes Committee
The law grants the National Computer and Cybercrimes Coordination Committee (NC4) enhanced authority to regulate and coordinate Kenya’s cyber response.
The committee is now empowered to:
Block websites or applications that promote terrorism, child pornography, or cultic practices.
Develop national training frameworks for the prevention, detection, and mitigation of cybercrimes.
Undertake additional functions under any written law.
Supporters say these powers are vital for national security, while critics fear they could open the door to censorship or abuse.
2. Stiffer Penalties for Cyber Harassment
Under the amended Section 27, the scope of cyber harassment has been widened to include communication that is grossly offensive, indecent, or likely to cause fear or distress.
Key provisions include:
Offenders face fines up to Sh20 million or imprisonment for up to 10 years, or both.
Victims may apply for restraining orders, including outside court hours, to compel offenders to stop harassment.
Courts can direct service providers to reveal subscriber information to identify perpetrators.
Defying court orders attracts fines of up to Sh1 million or six months in jail.
3. Broader Definition of Phishing
Amendments to Section 30 criminalize the operation of fake websites or messages designed to deceive users into revealing personal information or gain unauthorized access to computer systems.
Convictions attract fines of up to Sh300,000 or three years’ imprisonment, or both.
4. New Offence: Unauthorized SIM-Swap
A newly inserted Section 42A targets SIM-swap fraud, which has become a common tool for financial scams.
Anyone who transfers or clones SIM card data without the owner’s consent now faces criminal penalties.
5. Aiding and Abetting Cybercrime
The revised Section 42 broadens accountability to those who aid, abet, or attempt to commit offences under the Act.
Such individuals risk fines of up to Sh7 million or four years in prison, or both.
6. Counties’ Role and Constitutional Context
The Act acknowledges that the control of pornography is a county government function under the Fourth Schedule of the Constitution.
It therefore concerns county governments, particularly in enforcing online content controls and promoting responsible internet use.
7. Safeguards and Rights
The government maintains that the law does not delegate legislative powers or limit fundamental rights and freedoms, noting that it complies with constitutional protections.
However, the petitioners insist that judicial interpretation is needed to clarify the limits of state authority in regulating online speech.
In summary, the Computer Misuse and Cybercrime (Amendment) Act, 2024:
Expands the scope of cyber offences,
Empowers the state to restrict harmful or extremist content,
Criminalizes unauthorized SIM swaps, and
Strengthens tools to fight online harassment and fraud.
Its implementation — and the court’s ruling on its constitutionality — will shape how Kenya balances digital freedom and cybersecurity in the coming years.