Kenya is set to bolster its cybersecurity and improve investigations into rising cyber-related crimes by joining the Council of Europe (CoE) Convention on Cybercrime, commonly known as the “Budapest Convention.” This move provides the country with a solid legal framework for international cooperation on cybercrime and electronic evidence, criminalizing activities such as illegal access, data interference, and computer-related fraud.
By acceding to this convention, Kenya will gain access to capacity-building opportunities, including training for judicial and law enforcement officials in prosecuting cybercrimes. According to Dr Raymond Omollo, Principal Secretary of Internal Security, Kenya expressed its interest in joining the convention through a formal letter to the CoE Secretary General. “Accession is valid for five years from its adoption, allowing us time to align our domestic laws with the convention’s provisions,” he stated.
The Budapest Convention aims to harmonize national laws related to cybercrime, enhance investigations, and foster international collaboration in combating these offences. It balances the vision of a free internet with the need for effective criminal justice responses to misuse.
First opened for signatures in 2001 and taking effect in 2004, the Budapest Convention was the first international treaty specifically addressing cybercrime.
Dr Omollo also highlighted the government’s commitment to long-term capacity-building initiatives, including the establishment of cybersecurity centres of excellence. These centres will unify efforts to protect cyberspace and enhance collaboration among government, private sector, and international partners.
As Kenyans increasingly rely on technology, the threats they face are becoming more sophisticated. Dr. Omollo emphasized the need for robust cybersecurity capabilities to protect the digital future and prepare for emerging challenges. He noted that threats can originate from various sources, including state-sponsored actors, hackers, and individuals with malicious intent.
“Kenya’s cybersecurity strategic vision is to create a safe and secure cyberspace for all,” he said. “To achieve this, we must ensure that defenders maintain the upper hand, protect our Critical Information Infrastructure, and remain resilient in the face of cyberattacks.”
The government has issued warnings about potential cyber-attacks on critical infrastructure, which could jeopardize national security, public safety, and economic stability, given the reliance on ICTs for service delivery.
In 2024, the government strengthened the legal framework with the enactment of the Computer Misuse and Cybercrime (Critical Information Infrastructure and Cybercrime Management) Regulations. These regulations aim to operationalize the Computer Misuse and Cybercrimes Act of 2018.
Key aspects of the new regulations include protective measures for critical information infrastructure, support for vital economic sectors like telecommunications, banking, transport, and energy, and the management of cybersecurity operations through dedicated centres.
The regulations also address issues such as scams, identity theft, hacking, and internet fraud while promoting capacity-building for public institutions, businesses, and private entities to enhance cybersecurity preparedness. Additionally, they outline recovery plans for potential disasters or breaches affecting national critical information infrastructure.
