Telecom operators ordered to adopt approved digital certificates by January 2026
The regulator emphasised that failure to adhere to the directive will be considered a breach of regulations and may lead to enforcement measures as provided under existing laws and regulatory frameworks.
The Communications Authority of Kenya (CA) has issued a notice to all providers of Critical Information Infrastructure (CII) in the telecommunications sector to fully adopt digital certification services from approved providers by January 1, 2026, in line with cybersecurity directives issued by the National Computer and Cybercrimes Coordination Committee.
The directive, which was communicated through a determination made by the NC4 on August 1, 2024, requires all CII systems listed in Gazette Notice No. 1043 to use digital certificates, digital certification, and Public Key Infrastructure services from Electronic Certification Service Providers who have been licensed and accredited by CA.
More To Read
- CA orders telecom operators to adopt licensed digital certification services or face penalties
- MPs demand clear plan as Treasury delays Sh864 million payments to media houses
- MPs grill Government Advertising Agency over Sh9 million weekly MyGov deal
- Safaricom leads Kenya’s fixed data and internet market - CA
- DStv Kenya faces subscriber exodus as families ditch pay TV for cheaper options
- DStv loses 80 per cent of Kenyan subscribers in one year as price hikes bite
According to the Authority, inspections will be carried out from the beginning of 2026 to confirm that licensees have complied with the requirements.
The regulator emphasised that failure to adhere to the directive will be considered a breach of regulations and may lead to enforcement measures as provided under existing laws and regulatory frameworks.
The notice is aimed at strengthening the security of critical digital systems and ensuring that providers within the telecommunications sector adopt trusted certification mechanisms.
The Authority has urged operators to take necessary steps early to avoid disruptions or penalties once inspections commence.
Entities can access the list of licensed and accredited Electronic Certification Service Providers through the Telecommunications Services Licensee Register available on the CA website.
The Authority has further invited stakeholders who may need guidance or clarification on the compliance notice to reach out through its official communication channels.
Top Stories Today
