Written by Patience
The Computer Misuse and Cybercrimes (Amendment) Act, 2025, marks a significant moment in Kenya’s evolving digital governance framework. Passed in a period of national reflection, the amendments are part of an ongoing attempt to address the rapid changes in the country’s cyber landscape. Kenya, like much of
the world, faces an ever-growing range of online threats from digital fraud and identity theft to misinformation, cyberbullying, and child exploitation. These amendments seek to respond to such realities by strengthening enforcement, expanding definitions, and aligning the law with the complex nature of today’s digital environment.
For children, whose lives are increasingly intertwined with technology, such reforms carry both promise and risk. The digital environment has become integral to children’s education, socialization, and self-expression. Yet it is also the space where many of their rights are most vulnerable like privacy, safety, and freedom of expression often intersect and conflict online. This report therefore examines the 2025 amendments from a child rights perspective, exploring their benefits, risks, and implications for Kenya’s commitment to protecting children in the digital age.
The amendments build upon the 2018 Act by introducing broader definitions and updated enforcement mechanisms. For instance, the scope of terms like access, identity theft, and digital assets has been expanded to reflect modern digital realities. The National Computer and Cybercrimes Coordination Committee (NC4) has been granted additional authority to coordinate with platforms and internet service providers, including the power to block access to harmful or unlawful digital content. The introduction of new offences such as SIM-swap fraud, phishing, and digital impersonation demonstrates an effort to keep pace with the sophistication of modern cyber threats. Furthermore, the law now allows courts to order the removal of harmful online content, a mechanism that can be crucial in cases of digital exploitation or online harassment.
From a child protection standpoint, these reforms represent commendable progress. By expressly criminalizing online exploitation and granting authority to block child sexual abuse material, the law takes an important step toward realizing the rights guaranteed under Article 53 of the Constitution and the Children Act, 2022. The inclusion of judicial power to compel the removal of harmful content creates potential pathways for child victims to seek redress, closure, and rehabilitation. Moreover, enhanced coordination between agencies such as NC4 and ICT regulators strengthens the capacity for a national response to child-targeted cyber offences, including grooming, cyberbullying, and exposure to harmful content.
At the same time, the amendments raise several concerns when viewed through the lens of children’s broader rights and freedoms. The expanded provisions on cyber-harassment particularly Section 27 use phrases such as “grossly offensive” or “indecent” communications, which are open to interpretation. While the intent is to curb harmful behavior online, the lack of precise definitions could lead to uncertainty in enforcement. For young people who rely on digital spaces to learn, debate, and express themselves, this ambiguity might encourage self-censorship. Such a chilling effect runs counter to the
constitutional protection of free expression under Article 33, as well as international child rights standards that uphold children’s right to participate and be heard.
Privacy is another area of concern. The strengthened investigative powers of NC4, though valuable for combating cybercrime, raise questions about data access and oversight. Without explicit coordination frameworks between NC4 and the Office of the Data Protection Commissioner (ODPC), there is a risk that investigations could inadvertently infringe on the privacy of children, whose digital footprints often include sensitive educational or personal information. The right to privacy, enshrined in Article 31 of the Constitution, must remain a central pillar even as the state pursues security and accountability online.
Equally notable is the limited evidence of child participation in the legislative process leading to these amendments. Children and young people who are among the most active users of digital platforms appear to have had little to no input in shaping the policies that govern their digital lives. The absence of such engagement reveals a missed opportunity to honor the participatory principle embedded in Article 12 of the UN Convention on the Rights of the Child, which affirms that children should be involved in all matters affecting them. In the context of technology and digital policy, their perspectives are not only relevant but necessary for crafting responsive and inclusive laws.
Following the passage of the amendments, a constitutional petition was filed by the Kenya Human Rights Commission (KHRC) and ARTICLE 19 Eastern Africa, among others, challenging certain sections of the law. The petition argues that provisions such as Section 27 are overbroad and vague, granting disproportionate powers to law enforcement and threatening key freedoms, including freedom of expression and privacy. In response, the High Court issued interim conservatory orders suspending the implementation of the contested sections pending a full hearing. This ongoing case underscores the delicate balance between security and rights, and its eventual determination will likely set a precedent on how far Kenya can go in regulating online behavior without infringing upon fundamental liberties, a question that carries deep implications for children’s digital rights as well.
Looking ahead, there is a clear need to harmonize Kenya’s cybersecurity ambitions with its constitutional and international obligations to children. The law could be strengthened by refining vague provisions to ensure clarity and proportionality, thereby preventing misuse or arbitrary enforcement. Inter-agency coordination on data protection should also be enhanced through clear protocols between NC4 and ODPC, particularly in cases involving minors. Moreover, structured child participation in digital policy processes should become standard practice. Establishing youth advisory panels, digital literacy forums, or school-based consultations would ensure that children’s voices inform future legislative reforms.
Beyond legislative refinement, Kenya must also invest in preventive and educational measures. Digital literacy programs, awareness campaigns, and school curricula that teach responsible online engagement are essential to complement the legal framework. The success of any cybercrime law ultimately depends not only on deterrence but also on public understanding, ethical digital behavior, and the empowerment of those most at risk, especially children.
In conclusion, the Computer Misuse and Cybercrimes (Amendment) Act, 2025, is both timely and necessary. It strengthens Kenya’s response to online threats and affirms the importance of protecting citizens in an increasingly digital society. Yet, for children, its true impact will depend on how it is
implemented and interpreted. The law must safeguard them from online harm without silencing their voices or invading their privacy. Achieving this balance requires continuous reflection, inter-agency collaboration, and an unwavering commitment to children’s rights. As Kenya navigates the intersection between cyber governance and child protection, it has the opportunity to model a digital future that is not only safe, but also empowering for every child.