Kenya’s telecommunications sector is set for a major compliance check as the Communications Authority of Kenya (CA) calls on all Critical Information Infrastructure (CII) operators to align with new digital certification rules by January 1, 2026.
The regulator has warned that adherence to this directive will be strictly monitored through inspections once the deadline arrives.
The instruction comes from a determination by the National Computer and Cybercrimes Coordination Committee (NC4) on August 1, 2024, which requires all CII systems listed under Gazette Notice No. 1043 to rely solely on digital certificates, digital certification, and Public Key Infrastructure (PKI) services provided by Electronic Certification Service Providers who hold licenses and accreditation from the Communications Authority.
The Authority said the inspections will focus on verifying compliance, and any failure to meet the directive will be treated as a breach of regulatory requirements. Entities found non-compliant may face enforcement measures under existing ICT laws and frameworks.
The notice emphasizes the importance of securing critical digital systems and ensuring that all telecommunications operators adopt certified and trusted digital solutions.
The CA has also encouraged service providers to take prompt action in preparing for the January 2026 compliance inspections to avoid potential disruptions or penalties.
Those seeking the list of approved Electronic Certification Service Providers can access it through the Telecommunications Services Licensee Register available on the CA website.
Stakeholders with questions or needing clarification on the directive are invited to contact the Authority through its official channels.