The Communications Authority of Kenya (CA) has moved to address rising public concern and media commentary surrounding the revised SIM card registration regulations, insisting that fears over the collection of biometric data are misplaced.

In a statement released on November 18, 2025, the regulator said the commentary circulating online and in news reports is “unfounded,” adding that no directives have been issued requiring operators to collect biometric information from subscribers.

According to the Authority, claims suggesting that telecommunications companies will begin collecting sensitive physical or biological identifiers from Kenyans are inaccurate.

“For the avoidance of doubt, CA has NOT issued any directives for the collection of biometric data by our licensees,” the statement clarified, underscoring that the public should not expect any such requirements during SIM registration.

Published in May 2025, the new regulations seek to curb fraud and strengthen digital security.

The CA said the reforms intend to enhance trust in Kenya’s rapidly expanding digital space by ensuring that every mobile line is linked to a valid user.

Also Read: Waititu’s Release Hinges on Ksh53 Million Guarantee

Authority Clarifies Intent of New Rules

The CA noted that the regulations were developed to protect citizens from SIM card–related fraud, identity theft, SIM box operations and digital scams.

They also aim to improve the integrity of telecommunications services.

The regulator stated that the rules are meant to “support secure access to digital services such as mobile money, e-government and e-commerce.”

Under the regulations, biometric data is defined broadly, covering fingerprints, DNA analysis, retinal scans, earlobe geometry, voice recognition, and other identifiers.

However, CA stressed that the existence of this definition does not imply that such data will be demanded from subscribers.

“This definition does not mean that all this information will be collected,” the regulator emphasized.

Privacy, Oversight and Subscriber Protection

The Authority reassured the public that the regulations impose strict data protection obligations on telecom operators.

Subscriber information must be handled in line with the Kenya Information and Communications Act, 1998, and the Data Protection Act, 2019.

“Operators are prohibited from sharing subscriber data without their consent or a lawful order,” CA stated, adding that it will jointly enforce oversight with the Office of the Data Protection Commissioner (ODPC) through audits and penalties.

On service suspension, CA addressed fears of arbitrary disconnections, confirming that operators can only suspend SIM cards where false information is provided or registration rules are ignored repeatedly.

The statement noted that “no subscriber can be disconnected without prior notice,” insisting that operators must adopt clear and fair procedures in all consumer interactions.

Also Read: How to Check Your KJSEA Results Easily

Addressing Consumer Pain Points and Supporting Innovation

The regulator said it is aware of recurring frustrations among consumers, including spam messages, unsolicited subscriptions, unauthorized premium services and misuse of mobile numbers.

The new registration framework forms part of a broader strategy to improve consumer welfare. CA described these issues as “a priority for the Authority,” saying reforms are geared toward curbing such abuses.

The regulator reiterated its pledge to continue steering Kenya’s digital transformation while ensuring consumer rights remain protected.

“The Authority is fully committed to Kenya’s digital transformation,” it said, adding that it will uphold safety, transparency and inclusion across the ICT sector.

Follow our WhatsApp Channel and WhatsApp Community for instant news updates

Photo of Safaricom shop offering M-pesa services. PHOTO/ Safaricom PLC X