CA orders telecom operators to adopt licensed digital certification services or face penalties

In a notice issued Tuesday, the Communications Authority of Kenya said the directive seeks to enhance cybersecurity and protect sensitive data within the country’s ICT infrastructure.
Operators in Kenya’s telecommunications sector have been ordered to use licensed digital certification services for all critical information systems or face regulatory penalties.
In a notice issued Tuesday, the Communications Authority of Kenya (CA) said the directive seeks to enhance cybersecurity and protect sensitive data within the country’s ICT infrastructure.
More To Read
- Telecom operators ordered to adopt approved digital certificates by January 2026
- Activist petitions IEBC to prove security of election systems amid spyware, AI threats
- MPs demand clear plan as Treasury delays Sh864 million payments to media houses
- MPs grill Government Advertising Agency over Sh9 million weekly MyGov deal
- Interpol cracks down on social media scams in Africa, makes 260 arrests
- Safaricom leads Kenya’s fixed data and internet market - CA
The announcement follows a determination by the National Computer and Cybercrimes Coordination Committee (NC4) on August 1, 2024.
“All systems that are designated as Critical Information Infrastructure (CII) as stipulated in Gazette Notice No. 1043, must adopt and only use digital certificates, digital certification and Public Key Infrastructure (PKI) services from Electronic Certification Service Providers (E-CSPs) who have been both licensed and accredited by the Communications Authority of Kenya,” read the notice.
Ensure compliance
The CA further warned that, beginning January 14, 2026, it will inspect all relevant licensees to ensure compliance. Failure to comply, the regulator said, will amount to a breach of regulations and may attract penalties under existing laws and frameworks.
The Authority also noted that a list of licensed and accredited E-CSPs is available on the Telecommunications Services Licensee Register on its website at www.ca.go.ke.
For inquiries, stakeholders were advised to contact the Director of the Cybersecurity Department via email at [email protected]
or by phone at +254 703 042 724.
“The Authority will take regulatory action against any non-compliant entity to safeguard the integrity and security of critical information systems in Kenya,” the notice added.
Top Stories Today