NAIROBI, Kenya – A plan by the Communications Authority of Kenya (CA) to compel mobile phone users to submit DNA information before registering SIM cards has triggered widespread public backlash, with critics warning that the proposal risks ushering in an era of State-backed genetic surveillance.
The draft regulations — now before the public — dramatically widen the categories of personal information that telecommunications operators must collect and store.
In addition to national IDs and basic biometrics, the CA wants telcos to gather DNA profiles, blood type, voice biometrics, facial recognition scans, ear measurements and retinal data from subscribers.
If adopted, the rules would compel operators such as Safaricom, Airtel and Telkom Kenya to routinely submit this expanded dataset to the regulator.
Failure to comply could attract fines of up to Sh1 million, six months in jail, or both — penalties that apply to companies and individuals.
The proposal would make Kenya one of the few countries globally to link genetic data directly to phone ownership.
The CA argues the toughened requirements are necessary to tackle sophisticated SIM-enabled crimes, including identity fraud, SIM-boxing, impersonation and mobile-facilitated terrorism.
Current tools, the regulator says, are too easy to evade, and advanced biometrics would make SIM registration “tamper-proof.”
Yet DNA collection remains extremely rare worldwide — and highly controversial. Countries such as India, Thailand, Saudi Arabia, Nigeria, Pakistan and Mozambique have implemented biometric SIM registration, but none require genetic material.
Digital rights advocates say the Kenyan proposal far exceeds what is necessary for public safety and could create one of the most intrusive telecom databases anywhere in the world.
Under Kenya’s 2019 Data Protection Act, DNA and biometric information are classified as “sensitive data,” meaning any large-scale collection must pass strict legal tests on necessity, proportionality and risk.
Civil society groups warn that DNA contains far more than identity markers — including family links, ancestry and health predispositions — making potential misuse or leaks dramatically more damaging.
The draft rules remain open for public comment until January 31, 2026. After the review period, the regulator may amend the proposal, remove the DNA clause, delay implementation or proceed — a move that could face immediate legal challenges.
If approved without changes, enforcement could begin as early as mid-2026.
