
Kenya’s Parliament approved the establishment of a National Cybersecurity Agency on June 22, 2026, following an order issued by President William Ruto under the State Corporations Act. The new body will serve as Kenya’s central regulatory and technical authority on all cybersecurity matters.
Filling a Critical Institutional Gap
Until the agency’s creation, cybersecurity responsibilities were spread across the Communications Authority of Kenya, the National KE-CIRT/CC, and a patchwork of sector-specific regulators. Kenya has experienced a documented escalation in the frequency and sophistication of cyberattacks in recent years targeting government portals, commercial banks, mobile money platforms, and media organisations.
Mandate and Scope
The agency’s mandate spans: setting minimum cybersecurity standards for critical national infrastructure; issuing licensing guidelines for private cybersecurity service providers; coordinating with international partners on threat intelligence sharing; and leading public awareness campaigns across government, business, and civil society.
AI-Driven Threats and the Urgency Behind the Decision
The creation of the agency arrives at a moment when artificial intelligence is fundamentally altering the threat environment. Voice cloning tools, synthetic media generators, and automated phishing systems have created new vectors for fraud and disinformation that are significantly harder to detect and attribute than the cyberattacks of a decade ago.


0 comments