Expanding State Powers
Kenyan lawmakers are advancing the Computer Misuse and Cybercrimes (Amendment) Bill, 2024, a proposal that expands the powers of the National Computer and Cybercrimes Coordination Committee (NC4). If passed, the bill would allow the committee to direct internet service providers to block or deactivate websites, systems, and devices linked to cybercrime, terrorism, or other illegal activities. In many cases, these actions could take place without immediate court approval, a clause that has triggered widespread concern from rights advocates.
The amendment is sponsored by National Assembly member Jessica Mbalu, who argues that Kenya faces urgent digital security threats. The urgency comes after a dramatic rise in cyber incidents, with more than 4.6 billion cases reported in the second quarter of 2025. Many of these incidents targeted critical infrastructure, including banking systems and government portals, disrupting services and exposing vulnerabilities. Supporters say the bill is necessary to give investigators the tools to act quickly against evolving cyber threats.
Justifications and Support
Lawmakers backing the bill argue that cybercriminals exploit delays in legal processes. Current systems often require lengthy court approvals before investigators can act, giving criminals time to steal data or destabilize systems. By empowering NC4 to act first and seek approval later, they claim the state will be better equipped to respond in real time. Proponents also stress that Kenya must align with global cybersecurity standards to safeguard its economy and maintain its role as Africa’s digital leader.
Supporters highlight the risks posed to Kenya’s heavy reliance on mobile money and e-commerce platforms. Services such as M-Pesa move billions daily, and a successful large-scale cyberattack could cripple the economy. For them, this amendment is not about restricting freedoms but about protecting livelihoods and preventing massive financial and social disruption.
Critics’ Concerns
Opposition to the bill has grown among digital rights groups, legal experts, and segments of the public. Organizations such as ARTICLE 19 warn that the bill’s vague definitions of illegal activities create opportunities for subjective enforcement. This, they argue, risks allowing the government to classify online dissent, critical journalism, or activism as cybercrime.
Legal experts at Strathmore University’s Centre for Intellectual Property and Information Technology Law (CIPIT) stress that bypassing immediate court oversight threatens constitutional protections. They argue that Kenya’s Bill of Rights guarantees privacy, free expression, and access to information, all of which could be undermined by unchecked state power. Their concern is that without clear safeguards, the law could become a political tool rather than a cybersecurity measure.
The Broader Debate
The bill has sparked a national conversation about how Kenya should balance digital security with civil liberties. On one hand, the scale of cyber threats is undeniable, with billions of attacks recorded in just three months. On the other, granting sweeping powers to security agencies without strong oversight risks eroding democratic freedoms. Critics worry that in times of political tension—such as elections or protests—the law could be weaponized to silence opposition voices.
What Lies Ahead
The Cybercrimes Bill is expected to undergo more debate and possible amendments before becoming law. Civil society organizations are pushing for stronger safeguards, clearer definitions, and stricter oversight mechanisms. The final outcome will determine whether Kenya emerges with a balanced cybersecurity framework or risks creating a law that sacrifices freedoms in the name of security. Whatever the result, the decision will shape Kenya’s digital future and set an example for other African nations grappling with the same challenges.
