Communication Authority Denies Ordering Telcos to Collect DNA During SIM Registration

NAIROBI, Kenya, Nov 18 — The Communications Authority of Kenya (CA) has dismissed reports claiming it is compelling mobile network operators to collect biometric data under the country’s newly revised SIM card registration regulations.

In a statement issued Tuesday, the regulator termed the concerns “unfounded,” emphasizing that it has not directed operators to collect fingerprints, retinal scans, DNA, or any other highly sensitive biological identifiers.

“For the avoidance of doubt, CA has NOT issued any directives for the collection of biometric data by our licensees,” the statement read in part.

“The new SIM Card Regulations do not contain any provision requiring the collection of biometric data.”

The CA clarified that the updated rules—published in May 2025— seek to shield Kenyans from SIM-related fraud, identity theft, SIM-box crime, and other forms of digital criminality.

The statement follows rising public concerns, with critics and privacy advocates arguing that the regulations overreach by defining “biometric data” to include “blood typing, fingerprinting, DNA analysis, earlobe geometry, retinal scanning, and voice recognition.”

Security and confidentiality

However, CA maintains that although the regulations define biometric data broadly, they do not mandate operators to collect all or any of these markers from subscribers.

According to the regulator, the new rules instead impose stringent security and confidentiality standards on telecom operators, ensuring handling of subscriber information in line with the Data Protection Act and the Kenya Information and Communications Act.

CA further clarified that operators may only suspend SIM cards if a subscriber provides false information or repeatedly fails to complete registration.

Even then, no subscriber may be disconnected without prior notice and the use of “clear, fair, and transparent procedures.”

The Authority underscored that the overarching goal of the revised regulations is to “strengthen the integrity of telecommunications services, ensuring that every line belongs to a verified individual, thereby enhancing trust in Kenya’s digital space,” while supporting safer access to e-government and mobile money services.