Artificial Intelligence · Kenya
AI regulation in Kenya (2026)
Kenya shaded by its artificial intelligence status
Kenya does not yet have a comprehensive AI law in force; it currently operates under a National AI Strategy 2025–2030 (launched March 2025) and applies the Data Protection Act, 2019 to automated decision-making. A comprehensive, EU-AI-Act-inspired Artificial Intelligence Bill, 2026 was published as a Senate Bill in February 2026, and a broader National AI and Emerging Technologies Policy is being drafted for finalization by mid-2026.
Key points
Kenya launched its National Artificial Intelligence Strategy 2025–2030 on 27 March 2025 via the Ministry of ICT, structured around three pillars (AI digital infrastructure, data, research & innovation) and cross-cutting enablers including governance and ethics. It is a policy framework rather than binding law.
The Artificial Intelligence Bill, 2026 (sponsored by Senator Karen Nyamu) was published as a Senate Bill dated 19 February 2026, introducing a risk-based regime modelled in part on the EU AI Act governing the development, deployment and use of AI systems.
The Bill would establish an Office of the Artificial Intelligence Commissioner as primary regulator, with penalties of up to KSh 5 million and/or up to two years' imprisonment for misuse such as generating misleading, harmful or deceptive content (e.g. deepfakes).
The AI Bill, 2026 has been published but not yet enacted; because it concerns county governments it must be considered by both the Senate and the National Assembly before any presidential assent, so no comprehensive AI law is currently in force.
The Data Protection Act, 2019 (enforced by the Office of the Data Protection Commissioner) gives data subjects the right not to be subject to solely automated decisions/profiling with significant effects, and requires data protection impact assessments for high-risk automated processing.
Kenya began drafting a National AI and Emerging Technologies Policy in early 2026 to complement the 2025–2030 Strategy, with finalization targeted around June 2026.
Timeline - major decisions & events
The Ministry of Information, Communications and the Digital Economy launched Kenya's first National AI Strategy, setting a government-led, five-year roadmap across infrastructure, data, talent, governance and ethics. It signals Kenya's intent to lead AI adoption in Africa while flagging future legislation.
Ministry of ICT & Digital Economy ↗The Ministry of ICT published the draft Kenya National AI Strategy for public validation, the culmination of a consultative process begun in April 2024. It opened the framework to stakeholder input before the March 2025 launch.
Ministry of ICT & Digital Economy ↗The Kenya Bureau of Standards published a draft Code of Practice for AI Applications for public review (consultation closed 13 June 2024), establishing a voluntary framework for trustworthiness, risk management, testing and ethics. It draws on ISO/IEC standards and the EU AI Act.
Kenya Bureau of Standards (KEBS) ↗A bill proposing a licensing body for robotics and AI practitioners (with fines and jail terms for unlicensed activity) was conveyed to Parliament via public petition. Industry groups strongly opposed it as unworkable, and it stalled, shaping the case for a strategy-led rather than licensing-led approach.
Parliament of Kenya ↗The Office of the Data Protection Commissioner imposed administrative fines totalling KES 9.375M on three data controllers, marking the first enforcement under the Data Protection Act. It demonstrated that automated/data-driven processing in Kenya carries real enforcement risk.
Office of the Data Protection Commissioner ↗The High Court ruled that the government could not roll out Huduma cards without first conducting a Data Protection Impact Assessment, holding that the Data Protection Act applied. The decision cemented DPIAs as a binding precondition for high-risk, data-intensive state systems.
Privacy International ↗Kenya appointed its inaugural Data Protection Commissioner, activating the regulator responsible for enforcing automated-decision and profiling rights and high-risk processing safeguards. This stood up the institution that now anchors AI/data oversight.
Office of the Data Protection Commissioner ↗One of the world's first constitutional rulings to halt an all-purpose biometric digital ID, the court found NIIMS could not proceed without an adequate data-protection legal framework and safeguards. It established judicial limits on state collection of sensitive biometric data.
Privacy International ↗Kenya's foundational data-protection statute (commenced 25 Nov 2019) gave data subjects the right not to be subject to solely automated decisions and profiling, and mandated DPIAs for high-risk automated processing. It remains the primary legal basis governing AI systems in Kenya.
Kenya Law ↗Kenya's first comprehensive cybercrime statute criminalized unauthorized system interference, data interception and computer fraud, building the digital-harms legal backbone now used alongside data law to address AI-enabled misuse. Suspended provisions later took effect after High Court review.
Kenya Law ↗Kenya - other topics
Last verified 5/23/2026 · Orientation, not legal advice - verify against the primary sources linked above. Explore the full world map →