The High Court has declared two key provisions of the Computer Misuse and Cybercrimes (Amendment) Act, 2025 unconstitutional, in a landmark ruling that could reshape how online speech and digital platforms are regulated in Kenya. The decision comes after the court found that the disputed sections gave excessive powers to authorities and lacked the legal clarity required under the Constitution.
Highlights
- The High Court declared Sections 6(1) and 27(1) of the Act unconstitutional.
- The court ruled that the provisions violated constitutional safeguards and lacked clarity.
- One section allowed authorities to block websites and applications.
- Another created the offence of cyber harassment but was found to be too vague.
- The ruling followed petitions filed by Hon. Njeri Maina and the Law Society of Kenya.
Main Story
High Court Invalidates Two Sections
Justice Patricia Nyaundi ruled that Section 6(1) of the Computer Misuse and Cybercrimes (Amendment) Act, 2025 is unconstitutional because it gives broad powers to the National Computer and Cybercrimes Coordination Committee to block websites and digital applications without clear legal limits.

According to the court, the provision was vague and failed to meet the constitutional requirements under Article 24, which sets strict conditions for limiting fundamental rights and freedoms.
The judge also struck down Section 27(1), which created the offence of cyber harassment, saying its wording was unclear and did not meet the constitutional standard required for criminal laws.
The case was brought before the court through petitions filed by Hon. Njeri Maina and the Law Society of Kenya.
What Is the Computer Misuse and Cybercrimes Act?
The Computer Misuse and Cybercrimes Act is a Kenyan law designed to combat crimes committed using computers, mobile phones, the internet, and other digital technologies.
It aims to protect individuals, businesses, and government systems from cyber-related offences while promoting a safer digital environment.
What Does the Law Cover?
The Act criminalises several online offences, including:
- Hacking into computer systems without permission.
- Identity theft and online impersonation.
- Online fraud and financial scams.
- Cyberbullying and certain forms of online harassment.
- Publishing intimate images without consent.
- Computer forgery and electronic fraud.
- Interfering with computer systems or networks.
- Spreading malicious software such as viruses and ransomware.
- Unauthorised access to sensitive or confidential data.
The law also provides a framework for investigating cybercrime and preserving electronic evidence during criminal investigations.
Why Did the Court Strike Down These Sections?
The High Court did not invalidate the entire law. Instead, it found that two specific provisions failed to meet constitutional standards.
The court held that:
- The power to block websites and apps was too broad and could potentially limit freedom of expression without sufficient legal safeguards.
- The definition of cyber harassment was too vague, making it difficult for citizens to know exactly what conduct would amount to a criminal offence.
In constitutional law, criminal offences must be clearly defined so that people understand what behaviour is prohibited and authorities cannot apply the law arbitrarily.
The ruling means the two sections can no longer be enforced unless Parliament amends them in line with the Constitution or a higher court overturns the decision on appeal.
However, the rest of the Computer Misuse and Cybercrimes Act remains in force, meaning offences such as hacking, online fraud, identity theft, and other cybercrimes continue to be punishable under Kenyan law.
As more Kenyans rely on digital platforms for communication, business, education, and banking, cybercrime laws remain important for protecting internet users. At the same time, courts play a crucial role in ensuring those laws respect constitutional rights such as freedom of expression, access to information, and the right to a fair trial.
The ruling highlights the challenge of balancing digital security with constitutional freedoms, reminding lawmakers that cybercrime legislation must protect both public safety and individual rights.