Kenya’s High Court has temporarily suspended enforcement of key provisions in the Computer Misuse and Cybercrimes Amendment Act, 2025, after petitions from civil society groups. The pause protects free expression for now and eases immediate pressure on startups and investors who warned of a chilling effect on the country’s digital economy. The state has seven days to respond, with the next court session scheduled for early November.
Court intervention and what the order paused
Justice Lawrence Mugambi issued a conservatory order on October 22, 2025, halting the enforcement and operation of Section 27(1)(b), 27(1)(c) and 27(2) of the amendment. The ruling followed a coordinated challenge led by activists and rights organizations. Gospel musician and activist Dr. Reuben Kigame, a petitioner, argued the provisions threatened free expression, privacy and access to information. The decision reflects broader public concern that the changes risked reshaping Kenya’s online space in ways that could curb debate and slow technological progress.
Risks to innovation beyond free speech
The language of the law raised alarms not only for speech but also for innovation. The Kenya Human Rights Commission, a petitioner, warned that criminalizing broad categories of online expression could weaken the Data Protection Act of 2019 and lead to self-censorship among developers and founders. Unclear guardrails tend to keep builders on the sidelines, and that is the opposite of what a fast-growing digital economy needs.
Expanded definitions of cyber harassment covered communications considered detrimental, indecent or grossly offensive. That scope could pull satire, tough criticism or competitive marketing disputes into criminal territory. Picture a fintech startup facing complaints because a rival calls a product pitch detrimental, or a creator’s sharp satire flagged as grossly offensive. Add a regulatory environment where the Central Bank is asserting more control over emerging rails like stablecoins, as critics argue in this analysis on central bank oversight of stablecoins, and you get the kind of uncertainty that dims the appetite to build.
Recommended tech
With legal standards in flux, basic cyber hygiene matters a lot. Services like Aura bundle identity monitoring, VPN and device security, which can help individuals and small teams harden their footprint while policymakers hash out clearer rules.
Chilling effects on the startup economy
Kenya’s Silicon Savannah thrives on open collaboration and fast pivots. Vague penalties can drain that energy quickly. The Kenya ICT Action Network warned that overbroad internet laws deter investors and founders who worry about prosecution for unclear violations. Investors dislike surprises, and the prospect of steep fines or jail tied to undefined conduct pushes capital to safer markets.
Entrepreneur and digital advocate Njeri Wangari told Citizen TV that builders need clear boundaries rather than blanket restrictions, or homegrown innovation will suffer. Those concerns echo across a community of resilient startups betting on Kenya’s future, where user feedback, critical reviews and rapid iteration are the lifeblood of product development.
Recommended tech
Tools that compress build time can keep small teams moving even when budgets are tight. A no code platform like Make.com helps founders prototype and automate without large engineering staffs. Overly broad rules can dampen this kind of creativity across the ecosystem.
Get the latest tech updates and insights directly in your inbox.
Broad backlash across the public square
Opposition arrived from across civil society and the faith community, not only from technologists. The Church and Clergy Association of Kenya called the law punitive, oppressive and unconstitutional, warning it could be used to restrict divergent views and stifle youth voices online. The critique from former Chief Justice David Maraga, reported by Capital FM, labeled assent to the amendments a betrayal of Kenyans and a risk to public debate, investigative journalism and reform movements.
Next steps in court and the policy path
The conservatory orders are temporary. Parties have seven days to respond, with the next directions set for November 5, 2025. Coverage is unfolding across the region, including updates via AllAfrica. Petitioners say any future digital laws must balance cybersecurity goals with strong protections for innovators, journalists and citizens. That balance matters. Cybercrime is a real and growing threat, including AI powered attacks on mobile money, but the tools used to fight it should not throttle the engine of progress.
Practical steps founders can take while the pause holds
- Map content risk and update moderation policies to reflect current law and platform rules.
- Review data handling against Kenya’s Data Protection Act and adopt privacy by design defaults.
- Document product communications and claims to avoid marketing disputes that could escalate.
- Engage industry associations to track filings and submit constructive input during consultations.
FAQ
What sections of the law are currently suspended?
The court paused enforcement of Section 27(1)(b), 27(1)(c) and 27(2) of the Computer Misuse and Cybercrimes Amendment Act, 2025.
Does the suspension affect the entire law?
No. The order targets specific provisions. Other parts of the law remain in effect unless the court rules otherwise.
Why were innovators and investors concerned?
Broad terms like detrimental or grossly offensive made it hard to know what was allowed. That uncertainty can trigger self censorship, legal risk and capital flight.
When will the case move forward?
The government and other parties were given seven days to respond, with the next court date set for early November 2025.
What can startups do in the meantime?
Tighten compliance, clarify internal policies, and keep engaging through industry bodies and public consultations while monitoring the case.
[…] This incident is shaping up to be a major test for Kenya’s relatively new data protection framework. “If confirmed, the M-Tiba breach would mark one of the most serious exposures of medical data since Kenya’s Data Protection Act came into force in 2019,” observes Edwin Okoye. The outcome of the investigation and any subsequent regulatory action will set a critical precedent for how companies handle user data and the real-world consequences of failing to protect it, an issue that touches on recent debates about suspended cyber laws in Kenya. […]
[…] The shutdown drew sharp condemnation from across the continent. The African Commission on Human and Peoples’ Rights (ACHPR) labeled the blackout a clear violation of Article 9 of the African Charter, which protects the right to receive information. In a statement released on October 30, 2025, the Commission was unequivocal “Internet shutdowns undoubtedly constitute a violation of Article 9.” This stance is shared by digital rights groups who continue to push for open internet access, especially during critical moments like elections, a sentiment that resonates with debates around Kenya’s proposed cyber laws. […]