Communications Authority says biometric data not needed in new SIM registration guide

In a statement on November 18, the CA clarified that it has not issued any directives for the collection of biometric data by telecommunication companies. 

The Authority, a notice published in May 2025, was developed to protect citizens from SIM card-related fraud and other criminal activities, including identity theft, SIM box fraud, and scams, strengthen the integrity of telecommunications services, and support secure access to digital services such as mobile money.

"The New SIM Card Regulations do not contain any provision for the collection of biometric data," stated the CA.

The Authority says it defines biometric data as personal data derived from specific technical processing based on physical, physiological, or behavioural characteristics.

It further adds that it has imposed security and confidentiality obligations on telecommunication operators regarding data handling, citing the Kenya Information and Communications Act, 1998, and the Data Protection Act, 2019. 

"CA and the Office of the Data Protection Commissioner (ODPC) will provide strict oversight, including regular audits and issue strong penalties for abuse or misuse of customer data," it said. 

The revised regulations allow operators to suspend SIM cards where subscribers provide false information or repeatedly ignore registration requirements, and no subscriber can be disconnected without prior notice.