In a major step towards protecting children in the digital age, the Communications Authority of Kenya (CA) has introduced a comprehensive set of industry guidelines to ensure child online protection and safety.
Published in April 2025, the guidelines aim to address growing concerns over the exposure of children to online dangers such as cyberbullying, sexual exploitation, harmful content, and digital addiction.
As children become more digitally connected for learning, entertainment, and social interaction, the country is under increasing pressure to balance access with safety.
The guidelines, which draw their authority from the Kenya Information and Communications (Consumer Protection) Regulations, 2010, are also aligned with international frameworks such as the International Telecommunication Union (ITU) Industry Guidelines on Child Online Protection.
They are designed to offer a structured approach for all players in the ICT industry to actively safeguard the rights and welfare of children in the online space.
The guidelines emphasise that children should enjoy their constitutional rights online, including access to information and freedom of expression, while being protected from harm.
Child protection is seen as a collective responsibility, involving internet service providers, content creators, guardians, and others.
“Data protection by design” is crucial, ensuring safety features are built into digital products from the start. Transparency, accountability, and promoting positive, educational, and locally relevant content are also key.
The guidelines apply to a wide range of actors.
These include all licensees under the Communications Authority, all providers of ICT products and services that target or can be accessed by children, and anyone involved in the design, production, marketing, and deployment of such products.
This means that broadcasters, mobile network operators, application and content service providers, hardware manufacturers, and vendors of digital communication devices all have specific responsibilities under the new framework.
ICT firms must develop, publish, and implement a child online protection policy demonstrating leadership commitment, creating safe digital products, promoting educational content, and encouraging responsible digital citizenship.
Companies must assess their services’ impact on children, engage with stakeholders like parents and educators, and provide reporting channels for safety concerns.
Staff training on child protection and appointing a dedicated online safety officer is mandatory.
Companies must implement age verification mechanisms, integrate safety features, and ensure privacy settings are child-friendly by default.
Clear reporting and content removal processes for inappropriate material (e.g., child sexual abuse material) must be established and publicized.
Misuse of services for illegal content is prohibited, with cooperation required for law enforcement investigations.
Specific Obligations by Player
- Broadcasters: Adhere to general safety guidelines and content rules in Kenya’s Broadcasting Regulations and Programming Code.
- Application and Content Service Providers: Ensure offerings are safe and third-party partners adhere to similar standards.
- Mobile Operators: Enforce SIM card registration rules and inform users about age-appropriate use.
- Device Manufacturers/Vendors: Pre-activate safety features on devices likely used by children and provide instructions on using these features.
The guidelines also establish how complaints should be managed. All service providers must develop and share a complaints procedure that is aligned with existing laws.
Customers must be informed of their right to seek redress, and unresolved complaints should be escalated to the Communications Authority. Service providers must submit quarterly reports detailing the complaints received and how they were resolved.
To ensure accountability, all ICT service providers are expected to comply with the guidelines within six months of the effective date, or within six months of being licensed.
Companies must also submit their child protection policies and complaint handling procedures to the CA for approval. The Authority will regularly monitor and publish compliance levels, and consumers are encouraged to report any violations.
Importantly, the guidelines are not static. The Communications Authority has committed to reviewing them periodically to ensure they remain relevant and responsive to changing technologies and emerging threats.
The new guidelines for child online protection mark a critical moment in the country’s digital transformation. As children increasingly rely on digital tools for their development, these safeguards are essential in ensuring that they can navigate the internet without falling victim to its darker elements.
By placing responsibility on the entire digital ecosystem and emphasising education, design, and enforcement, the guidelines aim to build a future where Kenya’s children can thrive safely in a connected world.
