Kenyans have been encouraged to familiarize themselves with the Computer Misuse and Cybercrimes Act, 2018, to enhance digital safety and ensure responsible use of online platforms.
Speaking during an interview on Radio Generation on Friday, Kevin Mugo from the Kenya Cyber Security and Forensics Association (KCFSA) urged the public, government, and private sector to work together in addressing the rising threat of cybercrime and misuse of technology.
“There is a lot of misreporting and misrepresentation on social and mainstream media regarding this law,” Mugo said. “Kenya’s Computer Misuse and Cybercrimes Act was enacted in 2018 to safeguard citizens, institutions, and systems from cyber-related offenses such as fraud, hacking, and identity theft.”
He explained that the law remains active despite ongoing appeals and public discussions about its implementation. Mugo also clarified that although Parliament passed the Computer Misuse and Cybercrimes (Amendment) Act, the changes only fine-tuned certain areas, while the core provisions and penalties still originate from the 2018 legislation.
“Many people think that the heavy penalties, including fines of up to Sh20 million, were introduced in a new law. That is incorrect. These provisions were already part of the 2018 legislation,” he said.
The Act defines a range of cyber offenses such as unauthorized access to computer systems, spreading false information, identity theft, and cyberbullying.
It also provides guidelines for investigation, prosecution, and cross-border cooperation to combat cyber offenses — an important framework for protecting Kenya’s growing digital economy.
Mugo pointed out that while the law is crucial in ensuring digital security, it should be enforced fairly and with respect for freedom of expression and privacy.
“This law was never meant to silence or intimidate citizens online. Its goal is to protect users, institutions, and data from misuse. What we need is awareness, not fear, about what it covers,” he said.
He attributed much of the confusion surrounding the Act to limited public awareness and digital literacy. Many Kenyans, he said, are unsure about what actions constitute cybercrimes or how to stay within the law.
“A lot of misinformation circulates because people don’t understand where the law applies. The Kenya Cyber Security and Forensics Association continues to play a vital role in sensitizing the public and professionals about lawful and responsible digital behavior,” he added.
Mugo further emphasized that cybersecurity is a collective responsibility that requires active participation from individuals, private organizations, and government institutions.
“Technology is advancing rapidly, and cyber threats evolve daily. This law is one of the tools that helps us stay ahead. But for it to be effective, Kenyans must understand their rights and obligations under it,” Mugo explained.
The Computer Misuse and Cybercrimes Act, 2018, remains a key pillar in Kenya’s efforts to safeguard personal data, digital systems, and online communication.
Even as debates about its enforcement continue, the law continues to anchor Kenya’s approach to building a secure, trustworthy, and well-regulated digital environment.
