Kenyans are not required to submit any biometric data during the registration of new mobile phone lines, the government has said.
The Communications Authority of Kenya (CA), the agency charged with regulating the communications sector in the country, on Tuesday said that it has not given any directives for the collection of biometric data during the registration of new mobile phone SIM cards.
“The CA has noted concerns regarding the collection of biometric data during registration of new mobile phone lines as provided for in the revised SIM card regulations. The concerns are unfounded,” a statement by the CA reads.
“We wish to clarify that CA has not issued any directives for the collection of biometric data by our licensees. The new SIM card registration regulations do not contain any provision for the collection of biometric data.”
According to CA, the new regulations proposed by the regulatory agency are meant to protect citizens from SIM card-related fraud and other criminal activities, including identity theft, SIM-box fraud and scams, as well as strengthen the integrity of telecommunications services by ensuring that every registered line belongs to a person.
CA says the new regulations are also meant to support secure access to digital services such as mobile money, e-government and e-commerce.
The CA assurance comes amid growing concerns that Kenyans registering new SIM cards may soon have to submit some of the most intimate biological identifiers known to science, including DNA analysis, blood type and detailed biometric markers, under new regulations proposed by the authority.
Critics warned that the data demands could expose millions of subscribers to serious privacy risks.
CA last month issued a notice directing all mobile network operators and subscribers to comply with the Kenya Information and Communications (Registration of Telecommunications Service Subscribers) Regulations, 2025.
The Kenya Information and Communications (Registration of Telecommunications Service Subscribers) Regulations, 2025, primarily seek to combat fraud and enhance security.
According to CA, although the new regulations identify biometric data as personal data derived from specific technical processing based on physical, physiological or behavioural characteristics, including blood type, DNA analysis, fingerprints, earlobe geometry, retinal scans and voice recognition, the definition does not mean that all the information will be collected from subscribers during SIM card registration.
CA further explained that the new SIM card regulations impose stringent security and confidentiality obligations on telecommunications operators.
“All subscriber data is to be handled, processed and protected in compliance with the Kenya Information and Communications Act, 1998, and the Data Protection Act, 2019. Accordingly, operators are prohibited from sharing subscriber data without their consent or a lawful order. CA will continue providing strict oversight, including regular audits, and issue strong penalties for abuse or misuse of customer data,” said CA.
The revised regulations allow operators to suspend SIM cards where subscribers provide false information or repeatedly ignore registration requirements. The regulations also make it clear that no subscriber can be disconnected without prior notice. Operators are required to institute clear, fair and transparent procedures for all dealings with consumers.
CA further revealed that it has noted consumer frustrations over spam messages, unsolicited subscriptions, unauthorised use of phone numbers and premium services, and that it is working to streamline the services.
“We have noted consumer frustration over spam messages, unsolicited subscriptions, unauthorised use of phone numbers and premium services. The concerns are a priority for the CA, and the improved SIM card registration processes are part of the larger strategy to safeguard consumer interests and welfare across all networks,” read the statement.
About the Author
