Kenya’s new guidelines on child online protection take effect

At the core of the framework is the principle that child protection is a shared responsibility among all participants in the internet ecosystem. The guidelines balance children’s right to access information and express themselves online with the need to prevent exploitation, exposure to harmful content, and other risks.
Kenya’s new guidelines on child online protection take effect

On 29 October 2025, Kenya’s Industry Guidelines for Child Online Protection and Safety officially came into effect, marking a major step toward creating a safer and more responsible digital environment for children. Issued by the Communications Authority of Kenya (CA), the guidelines establish a comprehensive framework that defines how ICT companies, broadcasters, mobile operators, and device manufacturers must protect children from online harm.

At the core of the framework is the principle that child protection is a shared responsibility among all participants in the internet ecosystem. The guidelines balance children’s right to access information and express themselves online with the need to prevent exploitation, exposure to harmful content, and other risks.

Key principles and obligations

The guidelines emphasise nine principles, including the best interests of the child, transparency and accountability, data protection by design, and a multistakeholder approach. Service providers are required to develop and publish corporate policies outlining their commitment to child online safety, designate responsible officers for child protection matters, and incorporate safety measures into the design of ICT products and services.

Providers must deploy age-verification mechanisms, set heightened default privacy settings, and introduce clear complaint-handling procedures. They are also encouraged to develop products that promote positive digital engagement, such as educational and creative tools for children and youth.

Tackling harmful content and enforcing accountability

The guidelines require companies to comply fully with both local and international laws on Child Sexual Abuse Material (CSAM), maintain robust information security practices, and support law enforcement investigations into illegal content. Broadcasters must adhere to Kenya’s Programming Code, while application and content service providers are instructed to integrate child protection measures into all user-facing platforms, including e-commerce, education, and social media services.

Hardware manufacturers must ensure that devices sold in Kenya come with pre-activated security features and user guidance to enable safer use by children.

Compliance and oversight

All licensed ICT providers are given six months to align with the new standards. They must submit their child protection policies and complaint procedures to the CA for approval and file quarterly compliance reports. The Authority will monitor adherence and publish public compliance updates.

Why does it matter?

The guidelines are expected to enhance Kenya’s broader digital safety ecosystem by embedding child protection into the design and delivery of ICT services. By combining regulatory enforcement with industry responsibility, the framework aims to create an online environment where children can access, learn, and participate safely, without compromising their fundamental rights

Civil Society Alliances for Digital Empowerment (CADE) is a project co-funded by the European Union.

Civil Society Alliances for Digital Empowerment (CADE) 2024. All rights reserved.

This website is co-funded by the European Union. Its contents are the sole responsibility of CADE and do not necessarily reflect the views of the European Union.

Web accessibility | Privacy policy

Go to Top