New SIM card registration regulations in Kenya have sparked significant public debate.
Particularly concerning are concerns over the collection of sensitive biometric data such as DNA, blood type, and fingerprints.
Additionally, there is the possibility of service suspension for non-compliance.
No Requirement for DNA or Biometric Data Collection
Contrary to widespread fears, the Communications Authority of Kenya (CA) has clarified the new regulations.
These do not mandate the collection of DNA, blood type, or biometric data such as fingerprints or retinal scans during SIM card registration.
While the term “biometric data” is defined broadly in the Kenya Information and Communications (Registration of Telecommunications Service Subscribers) Regulations, 2025.
This does not mean all these data types will be collected at registration.
The CA emphasized that no directive has been issued requiring telecom operators to collect such intimate biological information, aiming to protect citizens’ privacy and data security.
Conditions for Service Suspension
The updated regulations empower telecommunications operators to suspend SIM card services if subscribers provide false information or repeatedly fail to meet registration requirements.
However, such suspensions can only be implemented after a minimum 14-day notice, during which subscribers have the right to request a review of their suspension.
Operators must follow fair, clear, and transparent procedures, ensuring no disconnections occur without prior warning and due process.
Regulatory Intent and Data Protection
The regulations aim to combat SIM-related fraud, identity theft, and scams.
Thereby strengthening the integrity of mobile telecommunications and supporting secure access to digital services like mobile money and e-government.
Press Statement on Concerns over SIM Registration Regulations@NationAfrica @KBCChannel1 @Mugonyid @CharlesKarondo @Kenyans @MoICTKenya @honkabogo @SteveIsaboke @ODPC_KE @StandardKenya @ntvkenya @Kenyans @citizentvkenya @CapitalFMKenya @TheStarBreaking @PeopleDailyKe pic.twitter.com/IZBGY6dnqj
— Communications Authority of Kenya (CA) (@CA_Kenya) November 18, 2025
Operators and the CA are bound by Kenya’s Data Protection Act, 2019.
Therefore, enforcing strict confidentiality and security measures to prevent unauthorized sharing or misuse of subscriber data.
Regular audits and penalties for breaches underscore the commitment to safeguarding consumer information.
While the new SIM card registration regulations introduce stricter compliance and mechanisms to deter fraudulent use.
They do not require DNA or biometric data collection, and service suspension procedures are structured to respect subscriber rights and ensure transparency
ALSO READ: Museveni meets Mudavadi Days after Indian Ocean Tensions
