Outcry as Communications Authority proposes DNA rule for SIM registration
The draft regulations, which have been published for public review, dramatically expand the type of personal data telcos must collect from subscribers.
A proposal by the Communications Authority of Kenya (CA) requiring mobile users to submit DNA data to register SIM cards has sparked sharp criticism from opponents who warn it could turn everyday communications into a gateway for genetic surveillance.
The draft regulations, now open for public review, significantly expand the personal data telecommunications companies must collect from subscribers.
More To Read
- Communications Authority dismisses claims of mandatory biometric data for SIM registration
- Rethinking consent in ancient DNA research: Who decides for the dead?
- Eight arrested in Molo fraud syndicate as police recover hundreds of SIM cards, IDs
- Older men’s sperm more likely to carry disease-causing mutations, study reveals
- MPs back Bill empowering authorities to shut rogue websites, deactivate accounts
- Telecom operators ordered to adopt approved digital certificates by January 2026
While identity documents and basic biometrics are already standard, the new proposal adds highly sensitive biological markers, including DNA profiles, blood type, voice biometrics, facial recognition, ear measurements, and retinal scans.
If implemented, telcos such as Safaricom, Airtel, and Telkom would be required to gather, store, and routinely submit this data to the regulator. Non-compliance could attract fines of up to Sh1 million, six months’ imprisonment, or penalties applying to both companies and individuals.
This would make Kenya one of the few countries in the world to link genetic data directly to phone ownership.
According to the CA, the expanded rules aim to curb rising SIM-linked cybercrime, identity theft, SIM-boxing, impersonation, and mobile-enabled terrorism.
The regulator argues that current registration tools, ID numbers, and photos are no longer sufficient to stop criminals from exploiting fraudulent or unregistered lines. Advanced biometrics, it says, would make SIM registration “tamper-proof.”
Globally, many countries have tightened SIM registration rules, but none require DNA. India, for instance, uses Aadhaar verification with fingerprints and iris scans. Thailand, Saudi Arabia, Nigeria, and Pakistan mandate biometric registration, mostly fingerprints or facial scans. Mozambique recently introduced face and fingerprint checks.
DNA, however, remains extremely rare and controversial, especially in civilian data systems.
Digital rights advocates argue the proposal far exceeds reasonable security needs and could create one of the most invasive telecom databases worldwide.
Kenya’s 2019 Data Protection Act classifies genetic and biometric data as “sensitive”, requiring strict tests of necessity and proportionality for any mass collection.
Civil society groups warn that DNA reveals far more than identity, including family ties, health risks, and ancestry, data that, if leaked or misused, could permanently compromise lives.
Online, Kenyans have reacted with disbelief, anger, and satire.
On X, formerly Twitter, one user wrote: “So now I have to give the government my DNA just to use M-Pesa?”
Another joked: “What’s next, blood samples every time we buy data bundles?”
The rules remain in a public review window, allowing Kenyans to submit objections, suggest amendments, propose alternatives, or demand removal of the DNA requirement.
Public input is open until January 31, 2026. After that, the CA may amend the rules, drop the genetic data section, push the regulations unchanged, delay, or face court injunctions.
If approved in their current form, enforcement could begin as early as mid-2026.
Top Stories Today
