Kenya has published new regulations that will change how telecom companies, internet service providers, and other ICT licensees deal with their customers.
The Kenya Information and Communications (Consumer Protection) Regulations, 2026, were issued by the Cabinet Secretary for Information, Communications and the Digital Economy, working with the Communications Authority of Kenya, and they replace the older 2010 version of the same rules.
The new regulations touch nearly every part of how a phone, internet, or broadcast service provider interacts with the people who pay for their services.
Licensees must now run a customer care system that works through multiple channels, including physical offices, phone lines, and electronic platforms, and it has to be accessible to people with disabilities.
Complaints must be acknowledged within 30 days, tracked with a reference number, and resolved free of charge, with consumers allowed to escalate unresolved cases to the Authority.
One of the more practical changes involves service outages. Licensees will need to set up an outage credit system that automatically or on request compensates subscribers when their service goes down for reasons that aren’t their fault.
This system has to be submitted to the Authority for approval before it can be used, and it becomes part of the standard agreement every subscriber signs. Providers won’t be on the hook for outages caused by events beyond their control, such as force majeure situations.
Billing also gets more scrutiny. Companies must issue bills that clearly show the billing period, a breakdown of charges, applicable rates, the total due, and the payment deadline.
Subscribers can request an itemized bill at no cost, and any changes to tariffs or billing practices must be communicated in advance. Charging for services a customer never asked for is explicitly banned.
The rules pay close attention to children and vulnerable users online. Licensees are required to provide tools that let parents or guardians control what content is accessible, and to take reasonable steps to block harmful material, meaning content that’s unlawful, violent, abusive, or sexually explicit.
Providers are barred from knowingly helping children access such content.
Privacy gets its own section too. Consumer data has to be handled in line with Kenya’s Data Protection Act, and companies can only share subscriber information with consent, under legal authorization, or when it’s genuinely necessary to deliver the service, with proper safeguards in place.
Consumers must be told what data is being collected, why, and whether it’s shared with third parties.
Spam and unwanted marketing messages are addressed directly through an opt-in requirement. Companies can’t add someone to a marketing list without their prior consent, and every marketing message must clearly identify who sent it along with a working way to opt out.
Emergency services get a guarantee too. Access to designated emergency numbers must remain free, and where technically feasible, providers should be able to forward useful personal data to emergency responders when an emergency call connects.
READ: Inside Kenya’s Statistics Bill 2026 That Wants More of Your Data
If a company wants to shut down a service entirely, it now needs the Authority’s approval first and must give affected subscribers at least 3 months’ notice, explaining why the service is ending, what the effective date is, and what options subscribers have, including moving to another provider.
Customers in this situation must be allowed to leave without penalty and get back any unused balances or deposits.
Breaking any of these rules is now a criminal offense, carrying a fine of up to KES 1 million, up to 6 months in prison, or both. Licensees have 3 months from when the regulations take effect to come into compliance, though the Authority can grant extensions for good reason.


























