Kenya: Computer Misuse and Cybercrimes (Critical Information Infrastructure and Cybercrime Management) Regulations including measures establishing Cybersecurity Operations Centres entered into force

On 9 February 2024, the Computer Misuse and Cybercrimes (Critical Information Infrastructure and Cybercrime Management) Regulations, 2024, entered into force to provide a framework for monitoring, detecting, and responding to cybersecurity threats in Kenya’s cyberspace. The regulations establish Cybersecurity Operations Centres, including the National Cybersecurity Operations Centre, Sector Cybersecurity Operations Centres, and Critical Information Infrastructure Cybersecurity Operations Centres, to coordinate threat response and capacity building. They outline the designation and protection of critical information infrastructure, requiring owners to implement security measures, conduct risk assessments, and comply with directives issued by the Director of the National Computer and Cybercrimes Coordination Committee (NC4). The regulations also mandate the appointment of a Chief Information Security Officer, regular audits, and the submission of compliance reports to ensure adherence to cybersecurity standards and safeguard critical systems and data.