Kenya’s Computer Misuse and Cybercrimes Act No. 5 of 2018

National Regulations

Kenya’s Computer Misuse and Cybercrimes Act No. 5 of 2018 is a comprehensive piece of legislation designed to address various cybersecurity concerns, as well as crimes committed using computers and other digital platforms. It aims to protect individuals, organisations, and the government from cyber-related crimes, which have become increasingly prevalent with the growth of digital technologies. The Act provides a legal framework for tackling cybercrimes, regulating online conduct, and ensuring that individuals and organisations are accountable for their actions in cyberspace.

Key objectives of the act

The main objectives of the Computer Misuse and Cybercrimes Act are:

  1. Protection of the integrity of computer systems: It seeks to secure and protect computer systems from unauthorised access, misuse, or malicious activities.
  2. Criminalisation of cybercrimes: It defines various cybercrimes and sets out penalties for those convicted of committing such crimes.
  3. Promoting cybersecurity: The Act encourages the development of secure online environments to foster confidence in Kenya’s digital economy.
  4. Regulation of online behaviour: It addresses issues such as online harassment, cyberbullying, hate speech, and the spread of misinformation.

Key provisions of the act

1. Offenses related to computer systems and data

The Act criminalises various activities related to the misuse of computers, including:

  • Unauthorised access to computer systems: Accessing computer systems or data without authorisation is prohibited, and the Act specifies the penalties for doing so.
  • Cyberespionage: The Act criminalises cyberespionage, which refers to the unauthorised acquisition of information from the government, corporations, or individuals for malicious purposes.
  • Data breaches: Unauthorised interception, access, or disclosure of data, particularly personal or confidential information, is prohibited under the Act.
  • Computer fraud and identity theft: The Act criminalises activities such as hacking, phishing, and the creation or use of fraudulent identities online.

2. Cybercrimes

The Act defines and criminalises several cybercrimes, including:

  • Cyberbullying and harassment: Any form of online harassment or bullying, including defamation and the spreading of false information intended to harm others.
  • Cyberstalking: Repeatedly following or harassing an individual online, leading to emotional distress, is punishable.
  • Malicious communications: Sending threatening, offensive, or false messages with the intent to harm or distress individuals or communities.
  • Invasion of privacy: Unauthorised access to private or confidential data, as well as the distribution of private images or videos without consent, is a criminal offense.

3. Hate speech and incitement

The Act addresses the issue of online hate speech and incitement to violence. It criminalises:

  • The use of digital platforms to promote or incite hatred based on race, ethnicity, religion, or nationality.
  • Distributing materials that promote violence or discrimination.

4. Child online protection

The Act contains provisions that protect children from online exploitation, abuse, and exposure to harmful content. It specifically prohibits:

  • Child Pornography: Creation, possession, or distribution of child pornography online is a serious offense.
  • Online Exploitation of Minors: The Act criminalises the use of the internet to exploit children for sexual or economic purposes.

5. Cybersecurity measures and penalties

The Act imposes significant penalties for cybercrimes, with fines and imprisonment varying depending on the severity of the offense. Some of the penalties include:

  • Fines: Ranging from a few hundred thousand to millions of Kenyan Shillings.
  • Imprisonment: Offenders may face lengthy prison sentences, particularly for serious crimes like hacking, cyberespionage, or the distribution of child pornography.

The Act also mandates the establishment of a government agency to oversee and monitor cybersecurity, as well as enforce the provisions of the law.

6. The Role of service providers

The Act holds service providers accountable for the misuse of their platforms. They are required to:

  • Cooperate with authorities: Internet service providers (ISPs), mobile network operators, and other technology providers must cooperate with law enforcement agencies to investigate and prosecute cybercrimes.
  • Report suspicious activities: They must report any suspicious or criminal activities to the authorities to assist in cybercrime investigations.

7. International cooperation

The Act encourages international cooperation in the fight against cybercrime. Since cybercrimes are often transnational, the Act supports the creation of agreements with other countries and international bodies to combat cybercrime on a global scale.