Kenya’s digital space has long been colliding with regulation. In 2025, that collision sharpens around the Kenya Information and Communications (Amendment) Bill (“KICA Amendment Bill”), a proposal that while framed as consumer protection and orderly internet billing carries provisions that could profoundly reshape privacy, access, and free expression online. To understand its implications, bill is likely going to rewire power between citizens, internet service providers (ISPs), and the state.
The bill explicitly expands the definition of a “telecommunications operator” to include ISPs, bringing them fully under the Communications Authority’s most intrusive compliance tools. That move is not merely housekeeping but will determine who is subject to what surveillance and reporting obligations. Once redefined, ISPs would be required to roll out metered billing systems assigning each user a unique, traceable “internet meter number,” monitoring usage and generating consumption-based invoices. The bill also obliges providers to submit detailed subscriber and billing data to the Communications Authority at least annually.
Supporters argue this is about consumer rights standardizing billing, preventing overcharging, and aligning with Article 46 of the Constitution on consumer protection. Human rights lawyers and digital rights groups warn that the mechanism chosen a mandatory, state-visible meter tied to every user builds a surveillance backbone that can be repurposed for tracking, profiling, and policing dissent.
Based on a human rights view point of the bill, The International Commission of Jurists (ICJ Kenya) calls the bill as “deeply problematic” for privacy, free expression, and equality, cautioning that it risks entrenching state surveillance while shrinking civic space and widening the digital divide.
Economic and social costs also loom. Metered billing if backed by identity-bound meter numbers, they will penalize time-rich but cash-constrained users (students, jobseekers, rural youth), and it can affect routine activities, live streams, long research sessions, or grassroots organizing if people feel every minute carries a bill and a record.
Kenya’s vibrant digital economy that includes mobile money agents, creators, ride-hailing workers, micro-retailers—depends on predictable, affordable access. If providers are pushed to rebuild infrastructure for per-minute or per-gigabyte metering tied to unique identifiers and then report that data to the regulator, the compliance overhead may be passed to consumers and small firms, raising costs and dampening participation.
The civil liberties risk is sharper given Kenya’s recent experience with law-and-order responses to online mobilization. In 2024–2025, activists, technologists, and journalists have faced investigation and arrests tied to digital tools and speech, with concerns that cybercrime and public-order laws are sometimes stretched to police dissent. In such a context, building a granular, state-accessible usage map down to each person’s meter number—tilts the balance of power decisively away from users. When you combine this with parallel policy debates around harmful speech, content moderation, and cybercrime amendments, the cumulative effect could be a heavier, more opaque compliance burden on platforms and a thinner margin for free expression online.
What would a rights-respecting alternative look like? First, if consumer protection is the goal, the bill should require privacy-by-design such that it collects only what is necessary to generate a bill. It should also consider strong pseudonymization of meter identifiers, strict purpose limitation and short retention limits. Second, any mandated data handover to the regulator must be aggregated and anonymized by default, with individualized disclosures permitted only under transparent legal thresholds, independent oversight, and judicial authorization.
Thirdly, the expanded definition of telecommunications operators should be paired with an explicit ban on bulk, untargeted data collection and clear audit trails for each disclosure request. These guardrails are standard in human rights analyses of the bill and can be codified to align with the Constitution and the Data Protection Act.
The bill can be re-engineered to protect consumers without normalizing mass data capture.