Kenya’s IT sector is poised for significant growth in 2025, driven by cutting-edge advancements in
artificial intelligence (AI), data privacy, and cybersecurity. The Ministry of Information, Communications, and the Digital Economy (MICDE) is dedicated to implementing strategic initiatives, regulatory frameworks, and legal reforms to balance technological innovation with strong security measures.
Advancing AI Regulation
Strategic Approach to AI: The MICDE is prioritizing evidence-based and adaptable AI policies to keep pace with rapid technological changes. The AI Code of Practice, published by the Kenya Bureau of Standards (KEBS) for public consultation in 2024, outlines guidelines for AI applications and risk management. Public-private collaboration, local research, and development are key components of the MICDE’s AI strategy, with the National AI Policy expected to be introduced by mid to late 2025. This policy will incorporate global legislation aspects, such as the European Union’s AI Act and the African Union’s Continental AI Strategy, reflecting diverse stakeholder engagement.
Enhancing Data Protection
Data Privacy Measures: The evolving interpretation of the Data Protection Act 2019 (DPA) is guided by decisions from the Office of the Data Protection Commissioner (ODPC) and the High Court. In 2025, we anticipate further clarity on the EU-Kenya adequacy decision and additional guidance from the ODPC. The current trend favors the data subject and digital rights assertion, with increased complaint resolution and appeals against the ODPC’s determinations. Example: In ODPC Complaint No 0608 of 2024, the complainant alleged that his image was processed without consent for marketing purposes. The ODPC ruled that valid consent requires affirmative action and conscious decision-making.
Cybersecurity Initiatives
Securing Cyber Infrastructure: Addressing cybersecurity risks in critical sectors, such as financial services and telecommunications, necessitates a streamlined regulatory framework. Collaboration between the private sector and regulators is crucial for tackling these challenges in 2025. The Computer Misuse and Cybercrimes Act & Amendment Bill 2024 and the CII Regulations outline a framework for detecting and responding to threats and protecting critical infrastructure.
Regulating Fintech and Digital Assets
Fintech Oversight: Kenya’s regulatory approach to fintech has been fragmented, relying on sectorspecific oversight. The Central Bank of Kenya (CBK) and the Capital Markets Authority (CMA) have highlighted the need for comprehensive regulation. The National Payment Strategy 2022-2025 aims to enhance payment systems, foster innovation, and improve digital inclusion while maintaining robust security.
Resolving IP and Technology Disputes
Dispute Resolution Mechanisms: Emerging technologies like AI, fintech, and cryptocurrency call for effective alternative dispute resolution mechanisms. In 2024, data breaches, intermediary liability, social media complaints, and employment disputes were prominent. More cross-border IP and technology
litigation is expected, with potential cases testing the liability of social media platforms and embracing arbitration and out-of-court settlements.
