The industry guidelines for child online protection and safety in kenya

The Industry Guidelines for Child Online Protection and Safety in Kenya (April 2025) were issued by the Communications Authority of Kenya under the Kenya Information and Communications (Consumer Protection) Regulations, 2010. The guidelines are comprehensive and binding for ICT service providers and aim to safeguard children under 18 in the digital environment.

The guidelines establish a framework for designing, deploying, marketing, and using ICT products and services accessible to or targeted at children in Kenya. They aim to reduce children’s exposure to online risks such as child sexual abuse material (CSAM), grooming, cyberbullying, sextortion, online solicitation, and radicalisation. They apply to all licensees under the Kenya Information and Communications Act, 1998, as well as all vendors, product developers, and service providers involved in Kenya’s ICT value chain.

Key principles

The guidelines are built on principles such as:

• Upholding children’s rights to access information and express themselves online responsibly.
• Recognising that child protection is a shared societal responsibility.
• Ensuring that the child’s best interests are central to all ICT-related actions.
• Promoting transparency, accountability, and privacy-by-design in digital product development.

Organizational requirements

ICT industry actors must adopt internal policies for child online protection that demonstrate leadership commitment and lay out concrete strategies for developing safe, educational, and culturally appropriate content and tools for children. This includes:

• Policy alignment with laws like the Data Protection Act, 2019.
• Internal capacity-building in child protection and cybersecurity.
• Designating a focal person for child online protection.
• Mechanisms for stakeholder engagement and feedback.

Technical measures

The guidelines require service providers to:

• Enforce compliance with laws against CSAM and ensure privacy by design.
• Deploy safety tools at the device, service, and network level (e.g., filters, parental controls).
• Publicly share processes for handling and removing harmful content.
• Implement effective age-verification mechanisms.
• Apply default high-privacy settings for children.
• Collaborate with law enforcement on illegal content investigations.

Sector-specific guidance

• Broadcasters must follow the Broadcasting Regulations of 2009 and the Programming Code, particularly regarding children’s content.
• Application and Content Service Providers (ASPs and CSPs) must ensure their services, especially those accessed in public spaces like schools or libraries, comply with these guidelines. Third-party agreements must also embed safety measures.
• Mobile operators are expected to register all SIM cards for children in accordance with the 2015 SIM registration regulations and inform customers about the intended users of SIM cards.
• Device manufacturers and vendors must activate security features by default and provide clear guidance on enabling child safety functions.

Complaints and compliance

Service providers must have transparent, documented complaint mechanisms and report quarterly to the Authority. Consumers can escalate unresolved or unsatisfactorily resolved complaints to the Authority. The Authority will monitor and publish quarterly compliance reports, and organisations must submit their policies and procedures for approval within six months of the effective date.

Review

The guidelines are subject to periodic review by the Authority to ensure their continued relevance and effectiveness in consumer and child protection within Kenya’s digital ecosystem.