Dennis Itumbi, the Head of Creative Economy and Special Projects in the Office of the President, has publicly refuted claims and widespread criticism surrounding Kenya’s amended cybersecurity legislation.
Speaking via his official X account, Mr Itumbi maintained that the law is not a new government tool for suppression.
He insisted the current law is merely an update of an effective framework that has been in place for years.
The original law, the Computer Misuse and Cybercrimes Act (CMCA), has been effective since 2018, according to him.
Mr Itumbi argued that the 2024 amendments, recently assented to by President William Ruto, are minor changes. These amendments are designed to modernize the existing law to tackle new digital threats.
The Evolving Digital Landscape
The government has framed the amendments as a necessary step. Authorities say the changes are vital to protect citizens from a surge in cyberattacks, online fraud, and digital extortion.
The amendments update definitions to include modern digital realities. These include concepts like virtual assets, identity theft, and SIM card fraud. The changes also strengthen penalties for offenses such as digital harassment and phishing.
“The original law, the Computer Misuse and Cybercrimes Act, has been effective since 2018. It was signed into law by President Uhuru Kenyatta in 2018. Specifically, 16th May 2018.”
Controversy Over Presidential Assent
The recent passing of the law has, however, ignited intense debate. President Ruto assented to the Computer Misuse and Cybercrimes (Amendment) Act, 2024, on October 15, 2025.
The timing of the signing, coinciding with the period of national mourning for former Prime Minister Raila Odinga, drew sharp criticism. Former Chief Justice David Maraga accused the President of using the mourning period to rush the enactment of controversial laws.
Critics fear the expanded powers granted to state agencies could be used to curb constitutional freedoms.
Facts and Figures Behind the Law
The amendments introduce notably harsh penalties.
Cyber Harassment - KES 20,000,000 fine or 10 years imprisonment, or both
SIM-Swap Fraud - KES 5,000,000 fine or 10 years imprisonment
ALSO READ: Why Amberay Supports the New Cybercrime Amendment Bill Amid Criticism
The Act refines key terms such as “computer misuse” and “cybercrime”.It also introduces "critical information infrastructure," which covers essential sectors like banking, energy, and telecommunications.
Owners of this infrastructure are now mandated to report any security incidents within 24 hours.
Itumbi’s Defence
MrItumbi’s defence maintains the law’s primary goal is to enhance protection for Kenyans in the increasingly complex digital space.
“THE AMMENDMENTS 1. Stronger Pornography Controls making it harder to access or share online porn. Why? To protect children, & protect families. The amendment allows websites promoting child porn to be blocked.”
“2. Wider Definition of “Phishing” Now includes SIM-swap fraud and similar cyber cons. So the guy swapping your line for M-Pesa theft? The law is now catching up, and it is now clear how to prosecute them. Look at the spike in that crime in UK.”
“3. Stopping Suicide Assistance Online If a platform helps or encourages someone to take their own life, it’s criminally liable. Remember the U.S. case where parents sued a platform after their child’s suicide? Kenya now has the power to prevent that.”
Vague Terminology Concerns
Despite the government's reassurances, civil society groups and activists remain alarmed. They argue that terms like “offensive content” and “false publication” remain too vague.
Concerns persist that the law could criminalize genuine commentary, satire, or even mistakes made by ordinary internet users. Legal experts and activists are mobilizing to challenge the law in court, particularly sections that bypass judicial oversight on content blocking.
Comments 0
Sign in to join the conversation
Sign In Create AccountNo comments yet. Be the first to share your thoughts!