Kenya could soon have a law spelling out what government information can be kept secret, who has the power to classify it and when it should be made public, after Parliament began considering a proposal aimed at protecting sensitive State records while safeguarding the public's right to information.
The National Assembly Departmental Committee on Communication, Information and Innovation on Thursday launched scrutiny of the proposed Access to Information (Amendment) Bill, 2025 (Legislative Proposal) after receiving submissions from its sponsor, Kilifi North MP Owen Baya.
The proposal seeks to establish a comprehensive legal framework for the classification, protection, review and eventual release of sensitive government information, an area Baya said is not adequately covered under the current law.
Addressing the committee, Baya said the proposed legislation is intended to balance transparency with the need to protect information whose disclosure could harm the country's interests.
"This Legislative Proposal seeks to strike an appropriate balance between the constitutional right to access information and the need to protect information whose disclosure could undermine national security or the interests of Kenya," Baya told the Committee.
He noted that while Article 35 of the Constitution guarantees access to information, existing legislation provides little guidance on how State agencies should handle records whose disclosure could compromise national security.
"The current law guarantees access to information but offers limited guidance on how State agencies should classify and protect information whose disclosure could prejudice national security. This Legislative Proposal fills that legislative gap while preserving transparency and accountability," he said.
If enacted, the Bill would introduce legal definitions for key terms including classified information, classifying authority, declassification, downgrading and sensitive information.
It would also establish four categories of classified information — top secret, secret, confidential and restricted. State agencies would be required to properly identify, register and periodically review classified records.
The proposal further provides that classified information would automatically be declassified after 30 years unless there are lawful grounds to maintain its protected status.
It also creates penalties for the unauthorized disclosure of classified information.
Baya told MPs that rapid advances in technology and increasing cyber threats have exposed weaknesses in the country's legal framework for handling sensitive information.
"Government agencies sometimes prefer to stick to the old ways. But cyberspace has expanded, new technologies have emerged and new threats continue to arise. We must respond to these realities," he said.
Quoting a Nigerian proverb, he added: "The birds have learned to fly without perching, and the hunters have learned to shoot without missing."
While acknowledging concerns that the proposal could be viewed as limiting access to information, Baya maintained that its purpose is to promote responsible management of sensitive State records rather than secrecy.
"Every constitutional right comes with responsibility. At the same time, the State must always be safeguarded."
The legislator also warned against the use of personal email accounts and messaging applications for official government communication, saying such platforms expose sensitive information to cyber risks.
"Why is using personal email dangerous? Because government information can easily be shared or compromised. Personal accounts do not have the security systems that government platforms have."
He added, "Imagine if the Cabinet Secretary for Foreign Affairs or senior Treasury officials conducted official business via personal email or WhatsApp. If those accounts were hacked, confidential government information could easily end up in the wrong hands."
Baya urged lawmakers to improve the proposal and support its progress through Parliament.
"My plea to the committee is to help improve this proposal so that we move this country forward."
He further observed that the growth of digital technology has changed the way information is shared, making it easier for sensitive documents to spread beyond official channels.
"Before the internet, leaking a document meant publishing it in a newspaper. Today, everyone is a publisher because everyone has access to digital platforms. As a country, we must ask ourselves how we protect sensitive documents from uncontrolled circulation."
According to Baya, Kenya should move quickly to strengthen its legal safeguards and position itself among countries that have developed modern systems for protecting sensitive information.
"Other countries are far ahead of us. If Kenya wants to become the beacon of hope in Africa, then we must lead from the front instead of waiting to copy others."
Committee Chairperson, Dagoretti South John Kiarie assured the sponsor that the proposal would undergo thorough examination to ensure it meets constitutional standards while addressing emerging security concerns.
"You are appearing before a battle-hardened Committee. We have handled some of the country's most groundbreaking legislation and we shall work hard to improve your proposal," he said.
Kiarie revealed that the committee is pushing for all public officers to conduct official government business through secure government email systems.
"We want every government officer to transact official government business on a .go.ke email. The technology already exists. The next step is making it mandatory."
He also disclosed that cyber attacks targeting government systems occur more frequently than many Kenyans realize.
"What the public hears is only what reaches the public domain. The truth is that cyber attacks are quite rampant."
The committee chair noted that Parliament has previously enacted laws dealing with cybercrime and data protection and would ensure the proposal reflects Kenya's unique security environment.
"We are the Committee of the Future. We develop laws that respond to Kenya's circumstances."
However, he cautioned that legislation alone would not solve all cyber-related challenges.
"If we train highly skilled graduates but fail to create employment opportunities, some may unfortunately end up using those skills on the dark web. We must address both the legal and social dimensions," he added.
During the session, committee members sought clarification on gaps in the current law and questioned how the proposed restrictions would remain consistent with constitutional protections on access to information.
Committee member Bensouda Osogo called for clearer identification of provisions requiring amendment and urged the sponsor to specify offences and penalties linked to each classification category.
She also sought assurances that the legislation would apply strictly to information held by State institutions and would not undermine media freedom or legitimate public interest reporting.
Members of the committee observed that the current Access to Information Act does not contain a comprehensive framework governing the classification and declassification of State-held information.
"The Access to Information Act currently lacks a comprehensive framework for classifying and declassifying State-held information. That is the gap this Bill seeks to address," the Committee noted.
The committee is expected to receive further submissions from stakeholders before preparing a report to the Speaker of the National Assembly on whether the legislative proposal should proceed to publication as a Bill.