Communications Authority dismisses claims of mandatory biometric data for SIM registration
Reports indicated that subscribers might be asked to provide DNA, fingerprints, or retinal scans when registering new lines, raising concerns about privacy and data security.
The Communications Authority of Kenya (CA) has dismissed claims that new SIM card registration rules require the collection of sensitive biometric data, describing the reports as “unfounded.”
Reports indicated that subscribers might be asked to provide DNA, fingerprints, or retinal scans when registering new lines, raising concerns about privacy and data security. The regulations published in May 2025 aim to protect users from fraud, identity theft and scams, while strengthening trust in Kenya’s digital services.
More To Read
- Outcry as Communications Authority proposes DNA rule for SIM registration
- Communications Authority of Kenya takes LSK to court over controversial cybercrime law
- Kenya records 842 million cyber threats as AI-powered attacks escalate
- How safe is your face? The pros and cons of having facial recognition everywhere
- CA orders telecom operators to adopt licensed digital certification services or face penalties
- Telecom operators ordered to adopt approved digital certificates by January 2026
However, in a statement on Tuesday, the CA clarified that no directives have been issued requiring telcos to collect such data and reaffirmed that all subscriber information must be handled in compliance with Kenya’s Data Protection Act.
“These concerns are unfounded. For the avoidance of doubt, the Authority has not issued any directives for the collection of biometric data by our licensees,” the Authority said.
It noted that the new rules were developed to protect citizens from SIM card-related fraud, strengthen the integrity of telecommunications services and support secure access to digital platforms such as mobile money, e-government, and e-commerce.
While the regulations define biometric data as information derived from technical processing based on physical, physiological, or behavioural characteristics, including blood typing, DNA analysis, fingerprints, earlobe geometry, retinal scans, and voice recognition, the CA emphasised that this definition does not mean such information will be collected from subscribers during SIM registration.
On privacy and security, the Authority reiterated that telecommunications operators must handle subscriber data in compliance with the Kenya Information and Communications Act, 1998, and the Data Protection Act, 2019. Operators are prohibited from sharing data without subscriber consent or a lawful order.
“CA and the ODPC will provide strict oversight, including regular audits and issue strong penalties for abuse or misuse of customer data,” the Authority said.
The CA also addressed concerns over service suspension and consumer rights, clarifying that operators may suspend SIM cards only after giving prior notice and only if subscribers provide false information or repeatedly ignore registration requirements.
“Operators are required to institute clear, fair and transparent procedures for all dealings with consumers,” the CA added.
The Authority acknowledged consumer frustrations with spam messages, unsolicited subscriptions, unauthorised use of phone numbers and premium services, noting that the improved SIM card registration processes form part of a broader strategy to protect user interests across all networks.
It further highlighted support for innovations that safeguard privacy, such as number masking on mobile payment platforms, stressing that such features are important for digital trust and consumer protection.
“The Authority is fully committed to Kenya’s digital transformation; we will continue to work tirelessly to ensure digital inclusion and safety, uphold consumer rights and provide responsive and transparent regulation for Kenya’s ICT sector,” the CA said.
Top Stories Today
