The Communications Authority of Kenya (CA) has issued a stern directive to financial institutions, motor vehicle dealers, and both public and private entities, urging strict compliance with licensing regulations for tracking service providers.
The CA has raised concern over the proliferation of unauthorized tracking services and substandard equipment, warning that such practices expose users to cybersecurity and operational risks.Citing the law the regulator reiterated that it is an offence to operate any communications system or service without a valid license.The regulator warned that non-compliance will attract enforcement measures, including prosecution.
To mitigate these risks, the CA has directed all stakeholders in the use of tracking technologies including financial institutions, motor vehicle dealers, and both public and private entities to engage only licensed Application Service Providers (ASPs) whose licenses explicitly cover Fleet Management and Asset Tracking Services;
They are also required to verify the Annual Compliance Certificate of any tracking service provider before entering into contracts or partnerships and review all existing and planned agreements with tracking service providers to ensure full compliance with regulatory standards.
The Authority also emphasized that any unlicensed tracking service will be presumed to be internally owned or operated, which requires direct licensing from the CA. Organizations found to be in violation must immediately apply for the necessary licenses to avoid regulatory penalties.
The warning comes amid increasing cases of cyberattacks. The total number of reported online crimes almost doubled to 3.5 billion in 2024, the Kenya National Bureau of Statistics (KNBS) 2025 Economic Survey shows.
The number of reported cyberattacks has increased progressively from 139.9 million in 2020, 339 million in 2021, 700 million in 2022 and 1.744 billion in 2023.
System vulnerabilities accounted for 3.27 billion of the reported cybercrimes in 2024, while web attacks increased from 386, 067 in 2023 to 8.4 million in 2024.
During the period, KNBS also reported brute force attacks-127.8 million-and mobile application attacks-526, 362-for the first time.
The total number of cybersecurity advisories increased by 48.1% to 39 million in 2024, with advisories about malware more than doubling from 1.09 million to 2.5 million.