When New SIM Rules Mentioned DNA and Fingerprints, Public Trust Wavered and Regulators Scrambled to Explain
A technical clause buried in the new SIM rules opened a deeper argument about how far identity systems can reach before public trust fractures
The new Kenya SIM card registration rules landed with a technical tone, yet the reaction they drew was anything but quiet. A single section on biometric data sparked public unease, pushed the Communications Authority to issue a clarifying statement, and revived old questions about how the country handles identity systems built around personal information.
The concern did not emerge from conjecture. It sat directly in the text that accompanied the revised regulations issued by the ICT ministry. The form referenced items that carry scientific weight: blood typing, fingerprinting, DNA analysis, retinal scanning, voice recognition, and a list of other identifiers that typically belong in forensic or clinical settings, not telecom desks. What followed was predictable. People wondered whether telcos were about to be turned into custodians of biological samples they had never handled before.
According to the Communications Authority, the reading was off course. The regulator argued that the presence of biometric definitions in the legal text does not imply an intention to collect every item in that list. It stressed that it has not directed any operator to gather such details. The message was blunt: definitions exist for legal completeness, not operational practice.
What the Rules Actually Require
Stripped of the noise, the revised framework still demands more information than before. Mobile operators must capture identification documents, personal details, and a form that includes biometric fields. These requirements draw from long-running efforts to prevent fraud linked to unregistered lines, fraudulent SIM swaps, and mobile money crime.
The operators, however, are not being asked to gather genetic material or retinal scans. The Communications Authority made that point early in its statement. The form accommodates a broad definition of biometrics because the legislation references biometric data as a category. That does not translate into blanket collection.
The regulator added that operators must seek consent or have a legal order before sharing any personal details. Oversight would come through audits conducted with the Office of the Data Protection Commissioner. The emphasis here was reassurance: safeguards exist, penalties are defined, compliance will be monitored.
A New Era of Enforcement
Alongside the biometric debate sits another element that will alter how telcos operate. Under the new rules, an operator can suspend a SIM card if a subscriber repeatedly avoids completing registration requirements or provides false information. The rules also set timelines for young subscribers who reach adulthood. At eighteen, a user must register their own details within ninety days or face disconnection.
Operators must issue notices before taking action, using both targeted communication and public announcements. This requirement attempts to prevent abrupt blackouts that leave customers stranded. But it also hands telcos new administrative burdens that will require coordination, staffing, and regular reporting.
Why the Biometric Question Keeps Returning
Part of the public concern arises from Kenya’s broader context. Identity systems have expanded over the past decade, and with each expansion come questions about storage, access, and safeguards. The Data Protection Act outlines the principle of minimisation, asking organisations to limit what they collect to what is necessary for a defined purpose. This is not a decorative phrase. It is a legal requirement that places responsibility on data controllers and processors to justify every field they request.
The mention of genetic material or detailed physiological identifiers in a telecom form sits uncomfortably within that principle. Even if the regulator insists the collection will not occur, the phrasing raises questions about drafting, consultation, and communication. A system meant to prevent crime could unintentionally create uncertainty among people who already feel overwhelmed by parallel identification demands across public and private services.
Analysts also flag a practical problem. Telcos are built to manage large-scale customer databases, but not databases filled with sensitive biological identifiers. The capacity, security architecture, and risk protocols required for such data differ significantly from those used to store photos or ID numbers. Even the appearance of such requirements forces companies to explain what they can handle and how.
The Policy Intent and the Public Mood
The ministry’s goal targets crime prevention and access to digital services. Fraud tied to SIM cards continues to challenge regulators, and operators have been criticised for inconsistent record keeping. In that context, an updated framework is not surprising. What stands out is how a single definition overshadowed the broader policy intent.
The Communications Authority tried to resolve the tension by drawing a line between legal categories and operational obligations. It emphasised that the rules focus on verification, not biological extraction. Yet the gap between legislative language and daily practice revealed how sensitive identity governance has become in Kenya. When technical drafting leaves room for wide interpretation, people fill the gap with caution.
What Happens Next
The revised rules will move ahead, and operators will need to adjust systems, train staff, and communicate clearly with subscribers. The biometric question will remain part of the public conversation until the framework demonstrates, through practice rather than promise, that the fears were overstated.
For now, the regulator has positioned itself as the final interpreter of what the law intends. Whether that settles the matter depends on how the next registration cycle unfolds and whether implementation aligns with the assurances given this week.
Go to TECHTRENDSKE.co.ke for more tech and business news from the African continent.
Follow us on WhatsApp, Telegram, Twitter, and Facebook, or subscribe to our weekly newsletter to ensure you don’t miss out on any future updates. Send tips to editorial@techtrendsmedia.co.ke
