A lawyer’s breakdown of the Cybercrimes Amendment Act 2025 [Interview]

The Computer Misuse and Cybercrimes (Amendment) Act 2025 has stirred intense debate across Kenya’s digital space. 

The government says the law is designed to protect citizens from online crimes, but many Kenyans and legal experts fear that the changes could hand too much power to authorities.

Constitutional lawyer Dr Duncan Ojwang, who has been teaching constitutional law and human rights for 17 years, breaks down the core issues at stake.

1. Website closure power

Many Kenyans have voiced concern that the law gives authorities the power to order the shutdown or temporary suspension of websites, warning that it could threaten media freedom or be misused to silence dissent.

According to Duncan Ojwang, the power to close or suspend a website would apply only in cases where the content was demonstrably criminal and published knowingly.

Ojwang emphasised that the clause should not be used to silence opinion or curtail media freedom, but to allow swift action against sites promoting terrorism, child abuse, religious extremism, or fraudulent exploitation.

He further noted that leaving such content online could endanger lives or national security and that the process would remain subject to review and accountability under existing legal frameworks.

2. Content likely to cause public or self-harm

Stakeholders raised concern that the clause on content “likely to cause public or self-harm” was vague and could potentially criminalise emotional expression, satire, or mental health discussions.

In response, Ojwang explained that the provision should be meant to address the growing global concern over online content that promotes or aids self-harm and suicide, citing incidents involving platforms such as Facebook and AI-based systems like ChatGPT.

Ojwang clarified that the law targets only those who knowingly create, share, or facilitate harmful material and stressed that it does not apply to emotional or opinion-based discussions, advocacy, or mental health awareness campaigns.

3. Judicial oversight

Kenyans have been expressing fears that the government could remove online content or make arrests without court approval, thereby undermining due process.

In response, Ojwang stated that any authorised officer who believes a website or digital platform is being used for unlawful activities must first seek court permission before removing or deactivating content.

Ojwang explained that no permanent action can be taken without judicial approval.

He further clarified that while temporary measures may be applied in urgent situations to prevent immediate harm, all permanent actions must go through judicial review to ensure that responses remain lawful, proportionate, and consistent with constitutional safeguards.

4. Misuse of terms such as “terrorism”

Stakeholders warned that the broad use of the term “terrorism” could criminalise activism or investigative reporting.

In response, Ojwang clarified that the Act does not alter or redefine terrorism, noting that the term is already clearly and comprehensively defined under the Prevention of Terrorism Act (2012).

He explained that this remains the guiding legal reference for what constitutes a terrorist act in Kenya.

Ojwang emphasised that the Cybercrimes Law reinforces the fact that using digital platforms to promote, plan, or finance terrorism is a criminal offence in line with national and international counter-terrorism frameworks.

5. Perception of vendetta in enforcement

Some Kenyans have expressed concern that the law could be applied selectively against critics or opposition voices under the guise of curbing the criminal use of social media.

In response, Ojwang stated that the Cybercrimes Law targets acts, not individuals. He explained that the law is meant to curb criminal misuse of digital platforms, including identity theft, fraud, cyberbullying, and child abuse, rather than to punish dissent or criticism.

Ojwang added that the Act’s reliance on the word “knowingly” protects journalists, commentators, and ordinary users by ensuring that intent must be proven before prosecution. 

Enforcement, he stressed, remains objective and evidence-based.

6. Unclear role and composition of the oversight committee

Stakeholders raised questions about the composition and independence of the committee responsible for enforcing the law.

In response, Ojwang explained that the National Computer and Cybercrimes Coordination Committee (NC4) was constituted under Section 4 of the Computer Misuse and Cybercrimes Act, 2018.

He pointed out that its mandate and structure have remained unchanged through subsequent amendments, including the 2025 one.

Ojwang noted that the Committee’s role is to coordinate and advise enforcement, intelligence, and regulatory agencies in the prevention, detection, investigation, and prosecution of cybercrimes, as well as to guide government policy and standards on cybersecurity.

He further clarified that NC4 does not have prosecutorial or censorship powers and its work is purely technical, aimed at strengthening response mechanisms, harmonising agency action, and ensuring adherence to legal standards.

7. Government powers to take down posts without notification

Critics argued that the ability to remove online posts without informing creators infringes on free expression.

In response, Ojwang stated that the law allows the removal of online content only when the material constitutes a crime or poses ongoing harm, as outlined in section 16.

He emphasised that the principle of knowledge protects innocent users and publishers from penalties over inadvertent posts, and added that routine commentary, opinion, satire, and criticism cannot be taken down without cause.

The Computer Misuse and Cybercrimes (Amendment) Act 2025 attempts to strike a balance between protecting Kenyans from online harm and safeguarding freedom of expression. 

However, the debate centres not just on the text of the law but on how it will be enforced, and whether judicial checks and civic education will be strong enough to prevent abuse.