The Communications Authority (CA) has moved to dispel concerns circulating among the public over alleged plans to collect biometric data during the registration of new mobile phone lines.
In a statement, the regulator clarified that it has not issued any directive requiring licensees to gather biometric information from subscribers, terming the fears “unfounded.”
“For the avoidance of doubt, CA has not issued any directives for the collection of biometric data by our licensees,” CA said.
The regulator emphasised that the ongoing speculation is not supported by any official instruction or regulatory requirement.
The clarification comes amid heightened public debate
following the publication of the revised SIM Card Regulations in May 2025.
According to CA, the updated regulations were designed primarily to safeguard citizens from SIM card-related fraud and criminal activities such as identity theft, SIM box operations, and various digital scams.
The Authority said the revisions are part of a broader effort to strengthen the integrity of telecommunications services by ensuring that each registered mobile line is traceable to an identifiable individual.
This, it added, will enhance trust in Kenya’s expanding digital ecosystem.
The regulator further explained that the SIM Card Regulations do not contain any clause mandating the collection of biometric data.
Although the laws define biometric information as data derived from technical processing of physical, physiological, or behavioural traits, including fingerprints, DNA analysis, retinal scans, and voice recognition, the CA stressed that this definition does not imply that such data will be collected from subscribers.
“As a matter of fact, the Authority has not directed our licensees to collect this data,” it stated.
Instead, the regulations focus on tightening security and confidentiality standards, requiring telecommunications operators to manage subscriber information strictly in line with the Kenya Information and Communications Act, 1998, and the Data Protection Act, 2019.
Under these laws, operators are prohibited from sharing subscriber data without consent or a lawful order.
To ensure compliance, CA and the Office of the Data Protection Commissioner will enforce rigorous oversight, including regular audits and tough penalties for misuse or mishandling of customer data.
The Authority added that operators may suspend SIM cards if subscribers provide false information or repeatedly fail to comply with registration requirements.
However, no subscriber may be disconnected without prior notice, and service providers must maintain fair and transparent procedures when dealing with consumers.
The CA acknowledged growing public frustration over spam messages, unsolicited subscriptions, unauthorised premium services, and misuse of phone numbers.
It said improved SIM registration procedures form part of a wider strategy to enhance consumer protection across all networks.
With the increasing uptake of digital services such as mobile money, e-commerce and e-government platforms, the Authority emphasised the importance of privacy features like number masking in building digital trust.
