Two parts of Kenya’s Cybercrime law ruled unconstitutional

Details: Vaughan O'Grady; Category: Regulation; 09 March 2026; 6490 views

Kenya’s Court of Appeal has set aside a 2020 High Court judgment endorsing the country’s Computer Misuse and Cybercrimes Act (2018), ruling two sections unconstitutional.

The two sections, 22 and 23, criminalise online publication of false or misleading information likely to cause panic, chaos, or reputational harm.

Persons found guilty of contravening the two sections faced a fine of up to KES5 million (about US$38,675) or imprisonment for a term not exceeding ten years, or both.

The judges have ruled that the sections failed the test of constitutional clarity and infringed upon the freedom of expression and media, as guaranteed under articles 33 and 34 of the country’s Constitution.

It seems that the two provisions were regarded as vague and ran the risk of punishing legitimate speech on the internet, including satire, opinions and journalistic inaccuracies.

The legal challenge was initiated by the Bloggers Association of Kenya (BAKE), which contested multiple sections of the 2018 cybercrime law, including a number that dealt with unauthorised interference with computer systems, unlawful interception of data, cyber harassment, cybersquatting and the wrongful distribution of intimate images.

All the other grounds of appeal have been dismissed. However, the ruling is being described in the local press as a major blow for the Kenyan government, which has been accuse it of stifling citizens' freedoms, contrary to pledges made before the 2022 elections.

Arrests and prosecutions under the law have included a number after the June 2024 anti-government protests over tax rises.

The government suggests that the 2018 law aims to tackle escalating online fraud, hacking, and abuse. However, critics believe its vague terminology means that it could be used to suppress dissent and investigative journalism.