Petition filed challenging amended Computer Misuse and Cybercrimes Act
Two petitioners have moved to court challenging the signing into law of the Computer Misuse and Cybercrimes (Amendment) Act, 2024, by President William Ruto.
Ruto signed the Computer Misuse and Cybercrimes (Amendment) Act, 2024, into law on October 15, 2025.
You might also like
According to the petition filed on Tuesday, October 21, 2025, by Reuben Kigame and the Kenya Human Rights Commission (KHRC), the signed law contravenes the Constitution and specifically undermines and dilutes the carefully established provisions of the Data Protection Act.
“The impugned amendment introduces provisions that are unconstitutional and create a direct conflict with the Data Protection Act (DPA),” the petitioner states.
“The Criminalisation of “False, Misleading, and Mischievous” Information: This vague and overbroad offence chills freedom of expression and lacks the precision required by law,” the petitioners add.
Further, they argue that the mandatory verification of social media accounts in the signed law forces all social media users to link their online identities to their government-issued legal names.
Notably, they state that the amended law exposes social media users’ data, thus diluting the data protection framework, and creates parallel, overlapping, and less rigorous procedures for data access and handling, thereby undermining the core objective of the Data Protection Act (DPA).
In addition, they state that the legislative conflict creates legal uncertainty and severely dilutes the protections Kenyans were granted under the DPA.
“The amendments are overly vague, ambiguous and overbroad, lacking in specificity and clarity in that the Act does not provide any specific and unambiguous definitions and/or meaning in utter contravention of Article 24 (2) of the Constitution,” part of the petition read.
The petitioners now want the court to declare the provisions of the Computer Misuse and Cybercrimes (Amendment) Act, 2024, inconsistent with Articles 10, 24, 33, 34, 35, 36 and 47 of the Constitution and are therefore null and void.
Further, they want the court to declare that the provisions of the Computer Misuse and Cybercrimes (Amendment) Act, 2024, are inconsistent with Article 31 of the Constitution and Sections 25 and 27 of the Data Protection Act and are therefore null and void.
“A declaration that the Computer Misuse and Cybercrimes (Amendment) Act, 2024, falls within the definition of a ‘bill concerning county governments’ pursuant to Article 110(1) of the Constitution; hence, failure to transmit the Bill to the Senate for its participation in the legislative process was a direct contravention of Article 110(4) of the Constitution of Kenya, 2010, thus rendering it null and void owing to procedural impropriety,” part of the prayers sought read.
“That unless this honourable court intervenes, the glaring abuse, denial, violation and contravention of the constitutional rights under Articles 31, 33, 34, 35 and 36 will be perpetuated to the detriment of the sovereign people of Kenya,” Kigame and KCHR state in their application.
