Kenya Clears National Cybersecurity Agency

Kenya is set to establish a National Cybersecurity Agency (NCSA) after the National Assembly approved the National Cybersecurity Agency Order, 2026, creating a single institution to coordinate cybersecurity efforts and protect the country’s critical digital infrastructure.

The approval paves the way for the formal establishment of the agency following an order issued by President William Ruto on May 15 under the State Corporations Act. The government has proposed approximately $31 million (Ksh4 billion) to support the agency’s establishment and operations.

The Ministry of Interior and National Administration said the NCSA will serve as an autonomous regulatory and technical body responsible for strengthening cybersecurity resilience across government, critical infrastructure, and the wider economy.

Under its mandate, the agency will develop and oversee national cybersecurity strategies, audit and certify the security of critical information infrastructure, manage the National Cybersecurity Operations Centre, coordinate responses to cyber incidents, and issue cybersecurity advisories.

The agency will also focus on building local cybersecurity capacity through a proposed Cybersecurity Centre of Excellence, which will support research, innovation, professional certification, and workforce development programmes aimed at addressing Kenya’s cybersecurity skills gap.

A key feature of the agency is its multi-agency governing board, which will include representatives from the Ministry of Interior, National Treasury, Ministry of Information, Communications and the Digital Economy, the Office of the Attorney-General, Kenya Defence Forces, National Police Service, National Intelligence Service, Office of the Director of Public Prosecutions, academia, and the private sector.

The broad representation reflects the government’s view that cybersecurity is a national issue requiring coordination across security, intelligence, law enforcement, technology, and industry stakeholders.

The creation of the agency comes as cyber threats continue to rise. According to the Communications Authority of Kenya, the National KE-CIRT/CC detected approximately 3.37 billion cyber threat events between January and March 2026. During the same period, more than 20 million cybersecurity advisories were issued to organizations and internet users.

The threats target an increasingly digital economy where critical services such as mobile money, e-government platforms, healthcare systems, telecommunications, and online commerce rely on secure and resilient digital infrastructure.

Government officials say the NCSA will help address long-standing fragmentation in Kenya’s cybersecurity ecosystem by consolidating functions previously distributed across multiple institutions and coordination mechanisms.

Cybersecurity professionals have welcomed the move, particularly the agency’s powers to audit and certify critical infrastructure as well as its multi-stakeholder governance model, which they view as essential for strengthening national cyber resilience.

With parliamentary approval secured, the next phase will involve formally operationalising the agency, appointing leadership, staffing cybersecurity operations centres, and implementing the planned audit and certification framework.

The government has called on public institutions, businesses, academic institutions, and development partners to support the agency’s efforts to build a secure, resilient, and trusted digital ecosystem for Kenya.