Kenya’s Cyber Harassment Law 2025: What It Means for Businesses and Individuals
Introduction
Kenya’s digital economy continues to expand, driving innovation while exposing individuals and organizations to new forms of cyber risk. From online fraud and fake news to cyberbullying and data misuse, the internet has become both a powerful business tool and a potential liability.
To strengthen protection in the digital space, Parliament passed and President William Ruto assented to the Computer Misuse and Cybercrimes (Amendment) Act, 2025. Originally introduced as the Computer Misuse and Cybercrimes (Amendment) Bill, 2024, the law updates Kenya’s 2018 Act to reflect today’s online environment.
One of the most significant updates is found in Section 27 on Cyber Harassment, which now introduces clearer definitions, tougher penalties, and enhanced victim protection. These changes demonstrate Kenya’s commitment to cyber governance, data privacy, and responsible digital conduct.
Background: From the 2024 Bill to the 2025 Act
The Computer Misuse and Cybercrimes (Amendment) Bill, 2024, was introduced in Parliament in August 2024 to modernize Kenya’s 2018 Act. It proposed broader definitions for access, asset, and identity theft, while strengthening provisions on cyber harassment and online abuse.
After debate and committee review, the Bill was passed and assented to by President William Ruto on 15 October 2025, officially becoming the Computer Misuse and Cybercrimes (Amendment) Act, 2025 (No. 17 of 2025). The Act was later gazetted on 21 October 2025 through Kenya Gazette Supplement No. 170 and will commence on 4 November 2025.
This transition from Bill to enforceable law marks an important step toward building accountability and safety in Kenya’s digital ecosystem.
Key Legislative Changes in the 2025 Amendment
1. Expanded Definitions
Section 2 of the principal Act (Cap. 79C) was revised to introduce and clarify several terms, including:
· Access now defined to include access “through a program or device.”
· Asset includes all property, whether physical or virtual, within or outside Kenya.
· Computer misuse means the unauthorized use, modification, or access to a computer system, program, or data.
· Identity theft includes unauthorized use of another person’s identification, SIM, bank card, account, or password details.
· Virtual account refers to any digital account acquired through virtual representation.
2. Website and App Deactivation Powers
Section 6 now empowers authorities to issue directives to render websites or applications inaccessible if they promote unlawful activities, terrorism, or sexual exploitation of minors.
3. Section 27: Cyber Harassment Expanded
Section 27 has been amended to include communication or behavior likely to cause suicide, recognizing the psychological impact of cyber abuse.
4. New Section 46A – Court Orders for Website Takedown
A new provision, Section 46A, allows courts to:
· Order removal of offending online content
· Direct closure or deactivation of websites, digital devices, or accounts used to promote unlawful activity
· Empower authorized officers to apply for such orders in cases of terrorism, extremism, or child exploitation
These updates give the judiciary and enforcement agencies stronger tools to curb digital crime.
Understanding Section 27: Cyber Harassment
Under the amended law, a person commits the offence of cyber harassment if they intentionally communicate, directly or indirectly, in a manner they know or ought to know will cause harm to another person.
Cyber Harassment Includes
· Communication that causes fear, distress, or property damage
· Behavior that detrimentally affects a person’s wellbeing or reputation
· Indecent, grossly offensive, or obscene content targeting an individual
Penalties
· Fine up to KES 20 million
· Imprisonment up to 10 years
· Or both
These penalties reinforce deterrence and accountability for harmful online conduct.
Victim Protection and Legal Remedies
The law adopts a victim-centered approach that ensures timely access to justice. Victims can now:
· Apply to court for orders stopping offending communication
· Have their cases heard within 14 days
· Receive legal support from parents, guardians, advocates, or NGOs, especially for minors or vulnerable groups
This dual system of criminal enforcement and civil protection represents a progressive step in Kenya’s digital justice framework.
Why the Amendment Was Necessary
The 2018 Act laid a foundation for cybercrime regulation but faced enforcement challenges. Social media became a hotspot for gender-based abuse, revenge porn, and trolling, often with limited recourse for victims.
The 2024 Bill and its enactment in 2025 address these gaps by:
· Strengthening penalties for cyber harassment and digital abuse
· Protecting women, minors, and public figures from targeted online attacks
· Tackling organized troll networks and politically motivated online harassment
These reforms align Kenya’s cyber laws with global standards on digital safety and data protection.
Implications for Businesses and Employers
For audit firms, financial institutions, and corporates, the amendment introduces significant compliance and governance expectations.
1.Employee Conduct and Social Media Policies
Organizations must ensure that employees uphold ethical behavior online. Updating HR manuals and social media policies can prevent reputational or legal exposure.
2.Corporate Reputation and Brand Risk
Online misconduct by employees or affiliates can cause severe brand and legal damage. Businesses should implement digital ethics and reputation management frameworks.
3.Digital Risk Governance
Boards and management must treat cyber conduct as a governance issue, integrating it into enterprise risk and compliance frameworks in line with the Cybercrimes Act, 2025, and the Data Protection Act, 2019.
Advisory and Assurance Opportunities
For audit and consulting professionals, this law presents opportunities to:
· Conduct cyber risk assessments
· Evaluate governance maturity and compliance frameworks
· Support clients in creating cyber ethics and digital awareness programs
Balancing Regulation and Freedom of Expression
While the law strengthens digital protection, human rights advocates caution that terms like “grossly offensive” could be misused to stifle criticism or satire.
Legal experts emphasize that enforcement must respect:
· Article 33 of the Constitution on freedom of expression
· Data Protection Act, 2019 on privacy and data rights
Striking this balance will determine the long-term success and fairness of the Act.
Kenya’s Broader Digital Governance Agenda
The Cyber Harassment Amendment forms part of Kenya’s wider digital transformation agenda, alongside:
· Virtual Asset Service Providers Act (2025)
· Privatisation (Amendment) Act (2025)
· Wildlife (Amendment) Act (2025)
Together, these reforms aim to build a secure, transparent, and innovation-driven digital economy.
Official Reference
This article draws from the Computer Misuse and Cybercrimes (Amendment) Act, 2025 (No. 17 of 2025), published in the Kenya Gazette Supplement No. 170 (Acts No. 17) on 21 October 2025.
· Date of Assent: 15 October 2025
· Date of Commencement: 4 November 2025
· Published by: National Council for Law Reporting and the Government Printer, Nairobi
Key updates include:
· Expanded legal definitions (Section 2)
· New takedown powers (Section 6 and 46A)
· Suicide-related provisions under Cyber Harassment (Section 27)
Conclusion
The Computer Misuse and Cybercrimes (Amendment) Act, 2025 marks a major milestone in Kenya’s evolution toward a safer digital environment. For individuals, it serves as a reminder that online harm is real harm. For organizations, it highlights the importance of integrating digital ethics, compliance, and cyber governance into everyday operations.
As cyber risks evolve, businesses, especially in the audit, finance, and advisory sectors, must continuously review their risk management frameworks and employee policies. Effective implementation of this law will protect victims and strengthen the credibility of Kenya’s corporate community.
Call to Action
At Ndakala Advisory LLP we help clients enhance digital governance, strengthen compliance frameworks, and build cyber resilience.
Reach out to our advisory team to learn how your organization can stay compliant with Kenya’s Cyber Harassment Law 2025 and related digital regulations.
