The Communications Authority of Kenya (CA) is the statutory regulator for the information and communications sector under the Kenya Information and Communications Act (KICA) 1998 (Cap 411A). Any person seeking to provide public telecommunications services, operate an internet service provider (ISP), provide broadcasting services, or provide postal services in Kenya must hold the appropriate CA licence. The CA’s licensing framework has been significantly modernised through the Kenya Information and Communications (Amendment) Act 2013 and the Communications (Licensing and Quality of Service) Regulations 2010.

The Kenya Information and Communications Act Framework

KICA establishes the CA and grants it powers to issue, renew, modify, and revoke communications licences; set quality of service standards; regulate tariffs; manage spectrum; and protect consumers. Kenya’s communications sector has undergone dramatic liberalisation since the late 1990s, transitioning from a state monopoly to a competitive market with multiple licensed operators. The CA’s licensing framework reflects this competitive market structure.

Telecommunications Licences

Network Facility Provider Licence

A Network Facility Provider (NFP) licence is required by any person who owns or operates public communications infrastructure, including mobile network towers, fibre optic cables, satellite ground stations, and other physical communications assets. NFP licensees may provide network capacity to service providers but may not offer services directly to end users without holding a corresponding service provider licence.

Network Service Provider Licence

A Network Service Provider (NSP) licence is required by any person providing telecommunications services over communications infrastructure, including mobile network operators, fixed-line operators, and MVNO operators. The four major mobile network operators (Safaricom, Airtel, Telkom, and Equitel) each hold NSP licences. New entrants into mobile or fixed telecommunications services require NSP licences.

Application Service Provider Licence

An Application Service Provider (ASP) licence is required by persons providing value-added services over communications networks, including internet access services, VoIP services, managed data services, cloud computing services, and enterprise ICT managed services. The ASP licence category is the most relevant for technology businesses and internet-based service providers.

Internet Service Provider (ISP) Licensing

ISPs providing internet access services to the public must hold an Application Service Provider licence from the CA. The ISP licence application requires a company incorporated in Kenya, evidence of technical capacity, cybersecurity compliance plan, and payment of prescribed licence fees. ISPs must also comply with the CA’s Quality of Service Regulations including minimum connectivity speed standards and service availability requirements.

Broadcasting Licences

Broadcasting services in Kenya are regulated by the CA under KICA and the Kenya Broadcasting Corporation Act. Licences are required for free-to-air television, pay TV, radio broadcasting, and community broadcasting. Broadcasting licence applications require content compliance plans aligned with the CA’s content regulations, technical frequency plans, and compliance with the Code on News and Current Affairs. The CA coordinates with the Kenya Film Classification Board (KFCB) on content standards.

Type Approval for Communications Equipment

All communications equipment offered for sale or use in Kenya must be type-approved by the CA. This includes mobile phones, routers, modems, satellite equipment, and other devices that use licensed radio frequencies. Equipment importers and distributors must obtain CA type approval before commercialising communications equipment. Type approval applications are submitted to the CA with technical specifications and test reports.

Cybersecurity and Data Protection Obligations

CA licensees have specific cybersecurity obligations under the Computer Misuse and Cybercrimes Act 2018 and the CA’s Cybersecurity Regulations. Significant security incidents must be reported to the CA’s National KE-CIRT within prescribed timeframes. Licensees must implement minimum cybersecurity controls and cooperate with CA cybersecurity inspections.

For legal advice on CA licensing, telecommunications law, and regulatory compliance, our regulatory compliance practice advises telecoms operators, ISPs, technology companies, and broadcasters. More information is available at the Communications Authority website. Technology businesses should also consult our technology and startups practice on the full range of regulatory requirements for digital businesses in Kenya.