The Communications Authority of Kenya (CA) has taken steps to address growing concerns and media commentary regarding the collection of biometric data during the registration of new mobile lines.
In a statement released on Tuesday, November 18, 2025, the regulatory body clarified that the concerns surrounding the revised SIM card regulations are unfounded and based on misinformation.
“The Communications Authority of Kenya (CA) has noted the concerns and media commentary regarding the collection of biometric data during registration of new mobile lines as provided for in the revised SIM card regulations. These concerns are unfounded,” the statement read.
CA categorically stated that it has not issued any directives for the collection of biometric data by telecommunications licensees, contrary to widespread speculation and viral claims on social media platforms.
The authority provided a detailed clarification on what constitutes biometric data under the new regulations, emphasizing that the rules do not contain any provision for collecting such information.
“The New SIM Card Regulations do not contain any provision for the collection of biometric data. The regulations define biometric data as personal data derived from specific technical processing based on physical, physiological, or behavioural characteristics, including blood typing, DNA analysis, fingerprints, earlobe geometry, retinal scans, and voice recognition,” the authority explained.
The regulator emphasized that this definition does not imply that all such information will be collected from subscribers during SIM card registration, and confirmed that it has not directed licensees to collect this data.
The authority explained that the new rules, which were published in May 2025, were developed with three primary objectives in mind.
First, the regulations aim to protect citizens from SIM card-related fraud and other criminal activities, including identity theft, SIM swap fraud, and similar scams that have been on the rise.
Second, the rules aim to enhance the integrity of telecommunications services by ensuring that every registered line is associated with a genuine individual, thereby fostering trust in Kenya’s digital environment.
Third, the regulations are designed to ensure secure access to digital services, including mobile money, e-government platforms, and e-commerce.
Addressing privacy concerns, CA outlined the stringent security and confidentiality obligations imposed on telecommunications operators under the new regulations.
All subscriber data must be handled, processed, and protected in compliance with the Kenya Information and Communications Act, 1998, and the Data Protection Act, 2019.
The authority emphasized that operators are prohibited from sharing subscriber data without the customer’s consent or a lawful order, with the CA and the Office of the Data Protection Commissioner providing strict oversight, including regular audits and strong penalties for the abuse or misuse of customer data.
The revised regulations address concerns regarding service suspension and consumer rights by allowing operators to suspend SIM cards only when subscribers provide false information or repeatedly fail to comply with registration requirements.
However, the regulations make it clear that no subscriber can be disconnected without prior notice, and operators are required to institute clear, fair, and transparent procedures for all dealings with consumers.
CA acknowledged consumer frustration over various issues, including spam messages, unsolicited subscriptions, unauthorized use of phone numbers, and unauthorized premium services.
“These concerns are a priority for the Authority, and the improved SIM card registration processes are part of the larger strategy to safeguard consumer interests and welfare across all networks,” the statement noted.
