The Communications Authority of Kenya (CA) has called upon members of the public to disregard media commentary alluding that the Authority has directed its licensees to collect biometric data during registration of new mobile SIM cards.
In a press statement sent to newsrooms, CA stated that the concerns and media commentary regarding the collection of biometric data during registration of new mobile lines as provided for in the revised SIM card regulations are unfounded.
“For the avoidance of doubt CA has not issued any directives for the collection of biometric data by our licensees,” said the statement, adding that the New Sim Card Regulations rules do not contain any provision for the collection of biometric data.
The Authority clarified that the intent that was published in May 2025, contained new rules that were developed to protect citizens from SIM card-related fraud and other criminal activities, including identity theft, SIM box fraud, and scams.
Other rules were the strengthening the integrity of telecommunications services, ensuring that every registered line belongs to a person, thus improving trust in Kenya’s digital space and to support secure access to digital services such as mobile money, e-government and ecommerce.
“The New Regulations defines biometric data as personal data derived from specific technical processing based on physical, physiological, or behavioral characteristics, including blood typing, DNA analysis, fingerprints, earlobe geometry, retinal scans, and voice recognition,” stated the Authority.
It added that not all information will be collected from subscribers during SIM card registration.
The Communication Authority also announced that the New Sim Card Regulations impose stringent security and confidentiality obligations on telecommunications operators, adding that all subscriber data is to be handled, processed and protected in compliance with the Kenya Information and Communications Act, 1998, and the Data Protection Act, 2019.
The regulations also prohibits operators from sharing subscriber data without their consent or a lawful order, CA and the Office of the Data Protection Commissioner will provide strict oversight including regular audits and issue strong penalties for abuse or misuse of customer data.
The revised Regulations allow operators to suspend SIM cards where subscribers provide false information or repeatedly ignore registration requirements.
The regulations make it clear that no subscriber can be disconnected without prior notice, operators are also required to institute clear, fair, and transparent procedures for all dealings with consumers.
According to the statement, CA disclosed that it has also noted consumer frustration over spam messages, unsolicited subscriptions, unauthorized use of phone numbers and unauthorized premium services.
“These concerns are a priority for the Authority and the improved SIM card registration processes are part of the larger strategy to safeguard consumer interests and welfare across all networks,” said CA.
The Authority also assured of its commitment to support innovation in data privacy, e-commerce, and privacy features such as number masking on mobile payment platforms which are important for digital trust and consumer protection.
“We undertake to rollout privacy-enhancing features consistent with the law in partnership with industry stakeholders,” stated the Authority.
It added: “The Authority is fully committed to Kenya’s digital transformation, we will continue to work tirelessly to ensure digital inclusion and safety, uphold consumer rights, and provide responsive and transparent regulation for Kenya’s ICT sector”.
By Bernadette Khaduli
