&format=webp)
)
The Communications Authority of Kenya (CA) has dismissed claims that the new SIM card registration rules require mobile operators to collect biometric data from subscribers.
In a statement released on Tuesday, the regulator said it had not issued any directive instructing telcos to gather fingerprints, DNA details, or any other form of biometric information during the registration of new lines.
CA noted growing public concern and media reports suggesting that biometric data collection was part of the revised SIM card regulations published in May 2025. The Authority insisted these claims are false and misleading.
Communication Authority
&format=webp)
&format=webp)
&format=webp)
No biometric data required
CA clarified that while the regulations define biometric data, this does not mean such information will be collected from citizens.
The Authority stressed that none of the listed identifiers, including blood typing, DNA analysis, fingerprints, earlobe geometry, retinal scans, or voice recognition, are required for SIM registration.
“The Authority has not directed our licensees to collect this data,” CA said.
Why the rules were updated
According to CA, the revised regulations were introduced to address three main concerns:
Protecting citizens from SIM-related fraud, identity theft, SIM box fraud, and other cybercrimes.
Strengthening the integrity of Kenya’s digital ecosystem by ensuring that every registered SIM card belongs to a verified user.
Supporting safer access to digital services such as mobile money, e-commerce, and e-government platforms.
Safeguarding consumer rights
CA said the rules also protect consumers by ensuring no subscriber is disconnected without prior notice.
Operators must follow transparent and fair procedures when handling customer issues, especially relating to SIM suspension for false or repeated failure to meet registration requirements.
The Authority acknowledged ongoing frustration among Kenyans over spam messages, unsolicited subscriptions, misuse of phone numbers, and premium-rate scams.
CA said these remain key priorities, and the strengthened SIM registration process is part of wider efforts to protect consumers across all networks.
Signs your phone is bugged - and how to fix it
Privacy and data protection
The regulator reaffirmed that subscriber information must be handled in line with the Kenya Information and Communications Act, 1998, and the Data Protection Act, 2019.
Operators are prohibited from sharing subscriber data without consent or a lawful order.
CA and the Office of the Data Protection Commissioner (ODPC) will conduct audits and impose sanctions for misuse of customer data.
The Authority also encouraged the development of privacy-enhancing tools, such as number masking on mobile payment platforms, to boost trust in Kenya’s digital economy.
“The Authority is fully committed to Kenya’s digital transformation,” the statement said, adding that CA will continue working to enhance digital safety, protect consumers, and ensure transparent regulation of the ICT sector.