Joint Statement by the ICT Sector on the Unlawful Arrest and Prosecution of Rose Njeri

Joint Statement |

We, the undersigned stakeholders in Kenya’s Information and Communications Technology (ICT) sector, stand together in firm condemnation of the unlawful arrest, detention, and prosecution of software developer and civic activist Rose Njeri (@rtunguru)

Rose Njeri, a software developer and mother of two, was detained on Friday, May 30, 2025, following a police raid on her home in Nairobi, where authorities seized her electronic devices, including her phone, laptop, and hard drives. As of this morning, she remained detained, her whereabouts were unknown, and she had not been presented to any court, despite multiple attempts by her legal counsel to establish the charges against her or secure her release. Reports indicate that Ms. Njeri suffers from anaemia and was denied proper access to healthcare during her detention. In addition, her arrest and detention over a long public holiday weekend appear to have been deliberately calculated to extend her detention without judicial oversight.

It is alleged that Ms. Njeri’s arrest stems from her development of an online civic platform (civic-email.vercel.app) which seeks to provide a coordinated solution for Kenyan citizens to formally present views to the National Assembly in response to the ongoing public participation discussions on the Finance Bill, 2025. In particular, the platform enables them to simply register their objections to clause 52 of the Bill which proposes the deletion of Section 59A (1B) of the Tax Procedures Act, which currently prohibits the Commissioner of the Kenya Revenue Authority from requiring a person to integrate or share data relating to “(a) trade secrets; and (b) private or personal data held on behalf of customers or collected in the course of business.”

On Tuesday afternoon, Ms. Njeri was presented before the court, more than 88 hours after her arrest, despite the legal requirement under Article 49 of the Constitution that she be brought to court within 24 hours.  Worse, she has been charged under Section 16 of the Computer Misuse and Cybercrimes Act, 2018 with “unauthorised interference with a computer system,” an offence which carries a maximum penalty of a fine of up to ten million shillings, imprisonment of up to five years, or both. These could double if aggravating circumstances are cited. Ms. Njeri has since been released on personal bond of KES 100,000 and will be expected back in court on 20 June 2025 for a ruling on the validity of the charges.

We view this charge as baseless, trumped-up, and irrelevant to the alleged offence, as it misrepresents a legitimate act of civic engagement as a cybercrime. In our considered view, embracing digital technologies and the creation of a platform to facilitate public participation on the Finance Bill 2025 is a protected exercise of the rights to freedom of expression, access to information, and public participation under Articles 10, 33, 35, and 118 of the Constitution of Kenya, 2010. Section 16 is intended to address serious cybercrimes such as hacking, sabotage, or malicious disruption of computer systems by individuals who act without authorisation or consent from the system owner. Therefore, to charge Ms. Njeri under Section 16 is a gross misapplication of the law, an abuse of court process, and a disproportionate act which fails to demonstrate any credible offence, interference, or threat to public safety or national security as claimed.

Ms. Njeri’s prosecution comes in the wake of a recent public apology by the President to the public. It is also not an isolated incident but one that is emblematic of a dangerous pattern in Kenya, where authorities have repeatedly weaponised various ICT laws to intimidate and silence government critics, activists, bloggers, journalists, technologists and citizens. They are measures designed to stifle digital rights, activism, and the civic space, rather than to curb real-world cybercrimes. As of December 2024, the Communications Authority of Kenya (CA) detected at least 840,921,998 cyber threats, an increase of 27.2% reported in the previous quarter, yet these are barely investigated or the responsible cyber criminals prosecuted.

Kenya has long been recognised as a beacon of digital growth and innovation in Africa, a reputation built on its vibrant technology landscape and a constitutional framework that safeguards fundamental human rights. A thriving, innovative, and competitive ICT sector is inextricably linked to a free, open, and secure digital space. A climate of fear, pervasive surveillance, and arbitrary arrests and detentions severely undermines Kenya’s hard-earned reputation as a regional technology hub. The sector cannot flourish where fundamental rights are routinely undermined or where the rule of law is selectively applied. The predictability and stability afforded by robust digital rights protections are crucial for attracting local and foreign investment, fostering innovation, and ensuring Kenya’s continued leadership in the digital economy.

As ICT sector stakeholders, we reaffirm our commitment to an open, inclusive, and secure digital ecosystem in Kenya. We stand in solidarity with Rose Njeri and all individuals unjustly targeted for exercising their digital rights. The misuse of the CMCA to criminalise a public interest technology platform for civic participation is a direct attack on democratic values and innovation. We pledge to advocate for policies that protect human rights while promoting digital civic engagement.

We also urge the Kenyan public, international community, and fellow ICT stakeholders to join us in condemning these violations and to demand greater accountability.

Also, we call on the Kenyan government, law enforcement, and relevant authorities to:

Immediately drop the charges against Rose Njeri unconditionally, and return all her confiscated electronic devices without delay. Ensure that ICT laws are not misused or weaponised to suppress legitimate exercise of rights and cease practices such as arbitrary arrests, detentions without charge, and the confiscation of devices. Officers engaging in such unlawful practices should be held accountable for their actions. Reform the Computer Misuse and Cybercrimes Act and the Kenya Information and Communications Act (KICA), and abandon proposed Bills that violate digital rights or stifle legitimate online activities. Engage with stakeholders in the ICT sector, including academia, media, civil society, and the tech community, to develop laws that promote cybersecurity while safeguarding fundamental human rights. Demonstrate a clear and unwavering commitment to fostering an open, secure, and rights-respecting digital ecosystem, including refraining from arbitrary internet shutdowns, content blocking, and unlawful surveillance.

Lastly, we reaffirm our commitment to defending digital rights and civic space in Kenya. The use of public digital tools to facilitate citizen engagement with Parliament is not a crime; it is a cornerstone of our democracy.

Signatories

Access Now

Africa Centre for People Institutions and Society (ACEPIS)

ARTICLE 19 Eastern Africa

Baraza Media Lab

Bloggers Association of Kenya (BAKE)

CIPESA

CyberYetu

Data Privacy and Governance Society of Kenya (DPGSK)

Founders Connect Kenya

IAWRT Kenya

Icon Data and Learning Labs

Interactive Entertainment Association

Internet Society, Kenya Chapter

Internews – KenSafeSpace

Kenya Coalition on Youth Peace and Security

KICTANet

Kijiji Yeetu

Media Lawyers Association of Kenya (MLAK)

Mzalendo Trust

Paradigm Initiative

Pollicy Data Institute

Tatua Digital Resilience Centre

Women in STEM Leaders Network

Women in Tech Policy and Governance

zKe Voices

Tanzania Should Restore Access to X and Desist from Further Internet Disruptions

Statement |

Tanzania’s government should urgently restore access to X (formerly Twitter) as its current blockage denies citizens the right to access information and express themselves, while also undermining economic livelihoods and the delivery of social services.

The blockage was effected amidst a flurry of arrests and deportations of Kenyan and Ugandan human rights activists by the Tanzanian government. The activists were in Tanzania to monitor the trial of opposition leader Tundu Lisu, who was jailed in April 2025 and is on trial for treason and publishing false information. The deportations drew widespread criticism of President Samia Suhulu’s government over its increasingly authoritarian stance and saw the X accounts of the Tanzania Police and the state-backed Airtel taken over by hackers who published anti-government information.

Lisu emerged second in Tanzania’s last presidential elections in 2020, during which the government blocked access to social media. He survived an assasination attempt back in 2017, and has been arrested numerous times since then. However, amidst calls for boycotting the upcoming October 2025 polls, he was arrested earlier this year, and disqualified from standing as a candidate.

The Collaboration on International ICT Policy for East and Southern Africa (CIPESA) condemns the Tanzanian government’s heavy-handed crackdown on critics and its illegal detention and deportations of Kenyan and Ugandan citizens who criticised its deteriorating human rights credentials. Below is our joint statement condemning the blockage of Twitter and urging its urgent restoration.

The Digital Rights Alliance Africa (DRAA) is deeply concerned by the restriction on access to X by the Tanzanian government. The move is part of a series of regressive measures to limit the civic space and enjoyment of digital rights as it constitutes a blatant violation of the fundamental freedom of expression and access to information.

Tanzania’s blockage of X not only stifles important public opinions but also promotes self-censorship inspite of Tanzania’s several national, regional and international commitments to protect and promote freedom of expression, such as the Constitution of the United Republic of Tanzania in Article 18 and the Access to Information Act 2016, the African Charter on Human and Peoples Rights (Article 9), Principle 38 of the African Declaration of Principles on Freedom of Expression and Access to Information, Articles 19 of both the Universal Declaration of Human Rights and the International Covenant on Civil and Political Rights.

Internet and social media disruptions stifle citizens’ right to organise, express themselves, and access information. Disruptions also undermine electoral transparency and accountability and may perpetuate political instabilities since they breed distrust in the credibility of elections. Furthermore, they have significant economic implications as they disrupt businesses and impede financial transactions and other economic activities that rely on digital platforms.

Given the current development involving Tanzania’s arrest, detention and deportation of human rights activists from the East African region and the upcoming general elections, the restriction is part of the wide measures to keep people in the dark, which is contrary to democratic values and impairs citizen participation. It is a deliberate attack on digital rights enjoyment and impairs the underpinnings of open, accountable and participatory democracy.

We reiterate the call of the African Commission on Human and Peoples Rights in the Resolution on Internet Shutdowns and Elections in Africa (ACHPR Res. 580 (LXXVIII) 2024) on states to refrain from ordering the interruption of telecommunications services, shutting down the internet, or disrupting access to any other digital communication platforms before, during or after elections.

We call on the government of the United Republic of Tanzania to:

  1. Immediately lift the restriction on X and restore unfettered access.
  2. Adhere to the rule of law and human rights principles including the observance of judicial oversight before any service suspension are imposed in the future.
  3. Refrain from imposing onerous orders on telecommunication companies and other Internet Service Providers (ISPs) to shutdown the internet.
  4. Ensure consultation with all stakeholders including private sector and civil society to determine appropriate steps for addressing emerging concerns in public interest without disrupting internet and platform access.

Zambia’s Cybersecurity and Cybercrimes Laws Raise Alarms for Digital Rights

By Edrine Wanyma |

In April 2025, the Zambian Parliament enacted two laws – the Cyber Security Act, 2025, and the Cyber Crimes Act, 2025 – which pose significant threats to digital rights and civil liberties in the country.

Despite significant concerns raised by civil society and digital rights advocates, including the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) and Bloggers of Zambia, the two laws were passed with minimal revisions, leaving intact several provisions that undermine fundamental freedoms, including the right to privacy, freedom of expression, access to information, assembly and association.

Last December, CIPESA and Bloggers of Zambia submitted to the parliament a detailed analysis highlighting critical human rights concerns with the two proposed laws. The concerns include the overly broad surveillance powers and the weak oversight mechanisms that provide latitude for wantonly interfering with individuals’ rights.

Broadly Worded and Vague Definitions

The laws are riddled with broadly worded and vague definitions. Terms such as “law enforcement officer,” “critical information,” “critical information infrastructure,” “internet connection record,” and “call-related information” are so vague that they risk being interpreted to serve the interests of those in power. There is also a high risk they could be weaponised to target government opponents, critics, journalists and online activists.

For instance, the expansive definition of “critical information” refers to computer data that relates to a broad range of areas, including public safety, public health, economic stability, national security, international stability and the sustainability and restoration of critical cyberspace, providing authorities with a carte blanche to monitor and control information flow.

Similarly, the definition of “law enforcement officer” extends beyond traditional roles to include officers from the Anti-Corruption Commission, Drug Enforcement Commission and even individuals designated by the President. This expansion raises concerns about accountability, particularly as these officers can apply for communication interception orders ex parte (without notifying the target), thereby denying affected parties the right to contest such actions. This dangerously expands the scope of surveillance without meaningful judicial oversight or accountability.

Oversight and Accountability Concerns

Section 4 of the Cyber Security Act establishes the Zambia Cyber Security Agency under the general direction of the President. This arrangement can undermine the agency’s independence and increase the risk of political interference in its operations. The agency’s mandate, which includes regulating service providers, coordinating cybersecurity responses, and auditing information systems, requires robust oversight mechanisms, which are glaringly absent in the law. 

Similarly, the establishment of the Central Monitoring and Coordination Centre under section 21 (Part V) of the Cyber Security Act, with powers to lawfully intercept communications, raises red flags. Section 21 grants this body sweeping authority without creating adequate checks and balances. The lack of robust judicial oversight and transparency mechanisms raises alarms about privacy violations, which would contravene Zambia’s constitution and international human rights instruments.

Risk of Abuse and Shrinking Civic Space

The two new laws are an addition to a catalogue of restrictive laws, regulations and policies that control the enjoyment of civil liberties in online spaces. For instance, in 2021, the government ordered restrictions on social media platforms such as WhatsApp, Facebook, Twitter, and Instagram during the general elections. With general elections due in August 2026, the passage of these laws fuels fears of heightened controls, intensified censorship, surveillance, and clampdowns on civic actors.

Section 39 of the Cyber Security Act requires electronic communications service providers to install systems that can facilitate real-time interception of communications. These provisions can enable real-time surveillance of individuals’ private communication. Such provisions can be misused by the government, unscrupulous individuals and other unauthorised persons to snoop on individuals’  private communications, particularly since the laws do not provide for adequate oversight over surveillance.

Section 22 of the Cyber Crimes Act criminalises vague offences such as the use of digital platforms for harassment or humiliation, terms that are open to subjective interpretation and could be used to suppress legitimate speech, including criticism of public officials. It also reintroduces aspects of defamation which have attracted wide calls for decriminalisation, including by the African Commission on Human and Peoples’ Rights. In 2022, Zambia had shown progress when plans to decriminalise defamation were revealed. Defamation has been widely employed to arrest and prosecute government critics  and opponents in the country.

The enactment of these laws highlights a disturbing trend across Africa, where cyber laws are increasingly being used to curtail democratic participation rather than protect citizens from cyber threats. The overreach seen in Zambia’s laws mirrors similar patterns in other countries, where digital regulation is co-opted for political control.

The history of elections in Africa has further shown the elevation of controls over the civic space, including online spaces, to curtail speech, engagements and participation for civil society organisations (CSOs), human rights defenders (HRDs), journalists, bloggers and other online activists including through enhanced surveillance. The developments in Zambia raise fears of similar occurrences of high-handed control.

Zambia’s parliament should get back on the drafting table and ensure that the two new laws are aligned with regional and international human rights standards, including the African Charter on Human and Peoples’ Rights, the African Union Convention on Cybercrime and Personal Data Protection, and the Declaration of Principles on Freedom of Expression and Access to Information in Africa.

  • Overbroad criminal provisions should be expunged from the laws or narrowed.
  • Oversight mechanisms should be strengthened to ensure independence and accountability in surveillance activities.
  • All responsible parties, including enforcement and judicial officials, should be trained and their capacities built to ensure application of the laws within the acceptable human rights standards including legality and proportionality.
  • Zambia should ensure compliance with data protection and privacy standards in implementation of the laws to avoid overlaps and wanton infringements.

As Zambia prepares for its 2026 general elections, it is vital that cybersecurity and cybercrime measures do not become tools for political repression. Instead, they should serve to protect users, enhance trust in digital systems, and uphold the rights and freedoms guaranteed to all.

CIPESA Submissions to White Paper on ICT Tax Reduction – Uganda

Policy Brief | 

The Information and Communication Technology (ICT) sector is not a standalone sector. Beyond broadcast and [tele]communications, it is increasingly integrating and digitalising critical parts of the economy, including manufacturing, finance, health, and transport. In Uganda, the ICT sector has been recognised as vital for enabling and boosting revenue generation and collection.

In this position statement, we showcase revenue-generation practices in Uganda’s ICT sector and benchmark them against East African jurisdictions, namely Kenya, Rwanda, and Tanzania, while occasionally drawing lessons from other markets.

By reviewing Uganda’s ICT sector tax policies, licensing fees, and regulatory regimes, this position statement demonstrates that although Uganda has registered considerable growth in the sector and made important steps toward revenue generation, the short-term gains have perhaps come at the expense of a more sustainable growth of the nascent digital economy.

In particular, the taxes on digital devices and connectivity infrastructure, combined with gaps in leveraging technology to support the domestic tax revenue mobilisation strategy, might be causing more harm than good. Although countries in the region face similar challenges – especially on the persistence of informality and tax complexities introduced by international technology data transfers and exchanges – Uganda’s ICT sector could learn from successes from elsewhere and undertake a comprehensive review of digital devices taxes and telecommunications license regimes, and also conduct tax impact assessments of emerging technologies such as Artificial Intelligence (AI).

We make a series of recommendations to the National Task Team on Enhancement of Government Revenue from the ICT Sector—Ministry of ICT in Uganda. We also stress that by carefully reviewing the country’s current ICT tax policies and drawing lessons from regional practices and tax frameworks, Uganda can substantially improve its capture of tax revenues from the digital economy. 

By facilitating wider access to devices such as smartphones as well as implementing a tax system based on significant economic presence and simplified tax collection mechanisms, Uganda could better harness the potential of its digital economy while ensuring that mobile network operators and digital platforms contribute fairly to the country’s total tax revenue. 

A key plank in this agenda should be a reduction in taxes on smartphones, tablets and entry-level laptops and a contemporaneous incentivisation regime to turn Uganda into a regional manufacturing hub for high-quality but affordable products in eastern and central Africa.

Find the full position paper here.

CIPESA Welcomes ACHPR Resolution on Monitoring Technology Companies

By Patricia Ainembabazi |

The Collaboration on International ICT Policy for East and Southern Africa (CIPESA) welcomes the African Commission on Human and Peoples’ Rights (ACHPR) Resolution on Developing Guidelines to Assist States Monitor Technology Companies in Respect of Their Duty to Maintain Information Integrity Through Independent Fact-Checking. Adopted on March 11, 2025, during its 82nd Ordinary Session, ACHPR/Res.630 (LXXXII) 2025 responds to growing concerns about the role of technology companies in undermining information integrity across Africa.

The Resolution mandates the ACHPR Special Rapporteur on Freedom of Expression and Access to Information to develop guidelines to assist States, civil society, and regulatory bodies in holding technology companies accountable. It marks a significant advancement in aligning digital governance practices with the African Charter on Human and Peoples’ Rights and international human rights standards.

The ACHPR Resolution comes on the heels of worrying trends with regards to platform accountability and content moderation in Africa. These include social media threatening social cohesion and elections integrity, a reduction of human fact-checkers, overreliance on automated systems, and insufficient coverage of African languages. While the use of platforms is governed by standards and policies, the Commission cautions that they are not substitutes for corporate responsibility or independent fact-checking mechanisms. The Resolution calls for neutrality to overcome the weaponisation of certain social networks, particularly during elections and conflict situations.

Key Highlights of Resolution 630

Affirmation of Human Rights Standards: The Resolution reaffirms Articles 2 and 9 of the African Charter, emphasising the right to freedom of expression and access to information both offline and online. It also aligns with Principle 5 of the Declaration of Principles on Freedom of Expression and Access to Information in Africa, which calls for equivalent online protections.

Call for Human Rights Impact Assessments (HRIAs): Digital companies operating in Africa are urged to conduct transparent HRIAs, particularly when contemplating policy changes or during high-risk events such as elections and public health crises, in line with the UN Guiding Principles on Business and Human Rights.

Demand for Data Transparency: The ACHPR stresses that African researchers, regulators, and civil society should have equitable access to platform data to facilitate independent assessments of systemic risks to information integrity.

Development of Monitoring Guidelines: The Resolution instructs the Special Rapporteur to collaborate with civil society, regulators, and technology companies to create Guidelines that enable effective monitoring of platforms, including assessing the role and effectiveness of independent fact-checking initiatives.

Initial Recommendations from CIPESA

CIPESA views Resolution 630 as a timely intervention for platform accountability and a significant opportunity to strengthen digital rights in Africa. To ensure the effective implementation of ACHPR Resolution 630, we recommend:

  • A multi-pronged approach that begins with active engagement by civil society organisations to facilitate meaningful participation in the Special Rapporteur’s consultations to shape practical, contextually grounded, and enforceable Guidelines that reflect African realities and priorities.
  • Policy advocacy for national adaptation, encouraging African States to formally integrate the forthcoming Guidelines into their national digital governance laws and regulations, thereby ensuring their applicability and enforcement beyond soft commitments.
  • Support for the creation and sustenance of independent monitoring initiatives by the private sector and other players, including civil society-led observatories that can track, assess, and publicly report on the performance of technology companies in adhering to the Guidelines, thus fostering greater transparency, accountability, and respect for digital rights throughout the continent.

The adoption of ACHPR Resolution 630 signals a critical shift toward building an African digital ecosystem rooted in human rights, transparency, and accountability. The forthcoming Guidelines, if well-designed and widely adopted, could set a new global benchmark for regulating technology companies’ role in safeguarding information integrity.

CIPESA remains committed to contributing to this process and advancing an open, inclusive, and rights-respecting internet in Africa.