Related documents
- Is amended by 24th Annual Supplement
- Amends Kenya Information and Communications Act
- Amends Sexual Offences Act
LAWS OF KENYA
COMPUTER MISUSE AND CYBERCRIMES
CAP. 79C
- Published in Kenya Gazette Vol. CXX—No. 58 on 18 May 2018
- Assented to on 16 May 2018
- Commenced on 30 May 2018
- [Revised by 24th Annual Supplement (Legal Notice 221 of 2023) on 31 December 2022]
Part I – PRELIMINARY
1. Short title
This Act may be cited as the Computer Misuse and Cybercrimes Act.2. Interpretation
In this Act, unless the context otherwise requires—"access" means gaining entry into or intent to gain entry by a person to a program or data stored in a computer system and the person either—3. Objects of the Act
The objects of this Act are to—Part II – THE NATIONAL COMPUTER AND CYBERCRIMES CO-ORDINATION COMMITTEE
4. Establishment of Committee
There is established the National Computer and Cybercrimes Co-ordination Committee.5. Composition of the Committee
6. Functions of the Committee
7. Secretariat of the Committee
8. Reports by the Committee etc
The Committee shall submit quarterly reports to the National Security Council.9. Critical information infrastructure
10. Protection of critical information infrastructure
11. Reports on critical information infrastructure
12. Information sharing agreements
13. Auditing of critical information infrastructures to ensure compliance
Part III – OFFENCES
14. Unauthorised access
15. Access with intent to commit further offence
16. Unauthorised interference
17. Unauthorised interception
18. Illegal devices and access codes
19. Unauthorised disclosure of password or access code
20. Enhanced penalty for offences involving protected computer system
21. Cyber espionage
22. False publications
23. Publication of false information
A person who knowingly publishes information that is false in print, broadcast, data or over a computer system, that is calculated or results in panic, chaos, or violence among citizens of the Republic, or which is likely to discredit the reputation of any person commits an offence and shall on conviction, be liable to a fine not exceeding five million shillings or to imprisonment for a term not exceeding ten years, or to both.24. Child pornography
25. Computer forgery
26. Computer fraud
27. Cyber harassment
28. Cybersquatting
A person who, intentionally takes or makes use of a name, business name, trademark, domain name or other word or phrase registered, owned or in use by another person on the internet or any other computer network, without authority or right, commits an offence and is liable on conviction to a fine not exceeding two hundred thousand shillings or imprisonment for a term not exceeding two years or both.29. Identity theft and impersonation
A person who fraudulently or dishonestly makes use of the electronic signature, password or any other unique identification feature of any other person commits an offence and is liable, on conviction, to a fine not exceeding two hundred thousand shillings or to imprisonment for a term not exceeding three years or both.30. Phishing
A person who creates or operates a website or sends a message through a computer system with the intention to induce the user of a website or the recipient of the message to disclose personal information for an unlawful purpose or to gain unauthorized access to a computer system, commits an offence and is liable upon conviction to a fine not exceeding three hundred thousand shillings or to imprisonment for a term not exceeding three years or both.31. Interception of electronic messages or money transfers
A person who unlawfully destroys or aborts any electronic mail or processes through which money or information is being conveyed commits an offence and is liable on conviction to a fine not exceeding two hundred thousand shillings or to a term of imprisonment not exceeding seven years or to both.32. Willful misdirection of electronic messages
A person who willfully misdirects electronic messages commits an offence and is liable on conviction to a fine not exceeding one hundred thousand shillings or to imprisonment for a term not exceeding two years or to both.33. Cyber terrorism
34. Inducement to deliver electronic message
A person who induces any person in charge of electronic devices to deliver any electronic messages not specifically meant for him commits an offence and is liable on conviction to a fine not exceeding two hundred thousand shillings or imprisonment for a term not exceeding two years or to both.35. Intentionally withholding message delivered erroneously
A person who intentionally hides or detains any electronic mail, message, electronic payment, credit and debit card which was found by the person or delivered to the person in error and which ought to be delivered to another person, commits an offence and is liable on conviction a fine not exceeding two hundred thousand shillings or imprisonment for a term not exceeding two years or to both.36. Unlawful destruction of electronic messages
A person who unlawfully destroys or aborts any electronic mail or processes through which money or information is being conveyed commits an offence and is liable on conviction to a fine not exceeding two hundred thousand shillings or imprisonment for a term not exceeding two years, or to both.37. Wrongful distribution of obscene or intimate images
A person who transfers, publishes, or disseminates, including making a digital depiction available for distribution or downloading through a telecommunications network or though any other means of transferring data to a computer, the intimate or obscene image of another person commits an offence and is liable, on conviction to a fine not exceeding two hundred thousand shillings or imprisonment for a term not exceeding two years, or to both.38. Fraudulent use of electronic data
39. Issuance of false e-instructions
A person authorized to use a computer or other electronic devices for financial transactions including posting of debit and credit transactions, issuance of electronic instructions as they relate to sending of electronic debit and credit messages or confirmation of electronic fund transfer, issues false electronic instructions, commits an offence and is liable, on conviction, a fine not exceeding two hundred thousand shillings or imprisonment for a term not exceeding two years, or to both.40. Reporting of cyber threat
41. Employee responsibility to relinquish access codes
42. Aiding or abetting in the commission of an offence
43. Offences by a body corporate and limitation of liability
44. Confiscation or forfeiture of assets
45. Compensation order
46. Additional penalty for other offences committed through use of a computer system
Part IV – INVESTIGATION PROCEDURES
47. Scope of procedural provisions
48. Search and seizure of stored computer data
49. Record of and access to seized data
50. Production order
51. Expedited preservation and partial disclosure of traffic data
52. Real-time collection of traffic data
53. Interception of content data
54. Obstruction and misuse of power
55. Appeal
Any person aggrieved by any decision or order of the Court made under this Part, may appeal to the High Court or Court of Appeal as the case may be within thirty days from the date of the decision or order.56. Confidentiality and limitation of liability
Part V – INTERNATIONAL CO-OPERATION
57. General principles relating to international cooperation
58. Spontaneous information
59. Expedited preservation of stored computer data
60. Expedited disclosure of preserved traffic data
Where during the course of executing a request under section 57 with respect to a specified communication, the investigating agency discovers that a service provider in another State was involved in the transmission of the communication, the Central Authority shall expeditiously disclose to the requesting State a sufficient amount of traffic data to identify that service provider and the path through which the communication was transmitted.61. Mutual assistance regarding accessing of stored computer data
62. Trans-border access to stored computer data with consent or where publicly available
A police officer or authorised person may, subject to any applicable provisions of this Act—63. Mutual assistance in the real-time collection of traffic data
64. Mutual assistance regarding the interception of content data
65. Point of contact
Part VI – GENERAL PROVISIONS
66. Territorial jurisdiction
67. Forfeiture
The court before which a person is convicted of any offence may, in addition to any other penalty imposed, order the forfeiture of any apparatus, device or thing to the Authority which is the subject matter of the offence or is used in connection with the commission of the offence.68. Prevailing Clause
Whenever there is a conflict between this Act and any other law regarding cybercrimes, the provisions of this Act shall supersede any such other law.69. Spent
Part VII – PROVISIONS ON DELEGATED POWERS
70. Regulations
History of this document
31 December 2022 this version
Revised by
24th Annual Supplement
30 May 2018
Commenced
18 May 2018
16 May 2018
Assented to
Cited documents 4
Act 4
1. | Proceeds of Crime and Anti-Money Laundering Act | 315 citations |
2. | Kenya Defence Forces Act | 138 citations |
3. | Prevention of Terrorism Act | 115 citations |
4. | National Intelligence Service Act | 34 citations |
Documents citing this one 34
Judgment 22
Gazette 4
1. | Kenya Gazette Vol. CXXIV-No. 21 | |
2. | Kenya Gazette Vol. CXXV-No. 102 | |
3. | Kenya Gazette Vol. CXXV-No. 185 | |
4. | Kenya Gazette Vol. CXXV-No. 257 |
Legal Notice 3
Act 2
1. | Kenya Information and Communications Act | 619 citations |
2. | Children Act | 42 citations |
Bench Bulletin 2
1. | Bench Bulletin - Issue 41 | |
2. | Bench Bulletin - Issue 53 |
Bill 1
1. | The Computer Misuse and Cybercrimes (Amendment) Bill, 2021 |
Subsidiary legislation
Title
|
Date
|
|
---|---|---|
Computer Misuse and Cybercrime (The Critical Information Infrastructure and Cybercrime Management) Regulations, 2024 | Legal Notice 44 of 2024 | 16 February 2024 |