Kenya ISP compensation rules will require internet and telecom providers to compensate customers when services go down through no fault of the subscriber.
The new Kenya Information and Communications (Consumer Protection) Regulations, 2026, introduce tougher obligations for telecom companies, internet service providers, broadcasters and other ICT licensees operating in the country.
The rules were issued by the Cabinet Secretary for Information, Communications and the Digital Economy in consultation with the Communications Authority of Kenya. They replace the older 2010 consumer protection framework.
The regulations affect nearly every part of the customer relationship, from complaints handling and billing to privacy, marketing messages, child protection and service shutdowns. Providers have three months from the effective date to comply, although the Authority may grant extensions where justified.
Kenya ISP Compensation Rules Cover Service Outages
One of the most direct consumer-facing changes is the requirement for an outage credit system.
Under the new rules, licensees must create a mechanism to compensate subscribers when service interruptions occur for reasons that are not the customer’s fault. Compensation may be automatic or issued after a subscriber requests it.
The outage credit system must be submitted to the Communications Authority for approval before use. Once approved, it becomes part of the standard agreement between the provider and the subscriber.
The rules do not make providers liable for every disruption. Outages caused by events outside a company’s control, including force majeure situations, are excluded.
Even with that limitation, the requirement changes the balance between providers and customers. Subscribers who previously had little recourse during service interruptions may now have a formal path to credit or compensation.
Customer Care Systems Must Be More Accessible
The regulations also require ICT licensees to operate customer care systems across multiple channels.
Providers must support physical offices, phone lines and electronic platforms. These systems must also be accessible to people with disabilities.
Complaints must be acknowledged within 30 days. Each complaint must receive a reference number so customers can track progress.
The complaint resolution process must be free of charge. If a provider fails to resolve the issue, the customer may escalate the matter to the Communications Authority.
That structure is designed to make service providers more accountable. It also gives consumers a clearer path when routine customer service channels fail.
Bills Must Be Clear and Itemized
Billing practices will face closer scrutiny under the 2026 regulations.
Companies must issue bills that clearly show the billing period, charge breakdown, applicable rates, total amount due and payment deadline.
Subscribers can also request itemized bills at no cost. That gives customers more visibility into how charges are calculated and whether they are being billed correctly.
Providers must notify customers in advance before changing tariffs or billing practices. The rules also explicitly ban charging customers for services they did not request.
That provision could be important in disputes involving bundled services, promotional add-ons or unexplained account deductions.
Marketing Messages Now Require Consent
The regulations introduce an opt-in standard for promotional messages.
Companies may not add customers to marketing lists without prior consent. Every marketing message must clearly identify the sender and include a working opt-out option.
That rule targets spam and unwanted promotions, which have become a common source of frustration for mobile and internet users.
For businesses, the change means marketing databases must be cleaned up and consent records must be properly managed. Sending promotional messages without permission could now create regulatory and legal exposure.
Children and Vulnerable Users Get New Protections
The rules also address harmful online content.
Licensees must provide tools that allow parents or guardians to control what content children can access. They must also take reasonable steps to block harmful material.
The regulations define harmful material to include unlawful, violent, abusive or sexually explicit content. Providers are also barred from knowingly helping children access such content.
This places a heavier responsibility on providers to support safer access to digital services, especially for minors and vulnerable users.
Data Privacy Duties Strengthened
Consumer data must be handled in line with Kenya’s Data Protection Act.
Providers may only share subscriber information with consent, legal authorization or where sharing is genuinely necessary to deliver the service. Even then, proper safeguards must be in place.
Customers must be told what data is being collected, why it is being collected and whether it is shared with third parties.
For telecom and internet companies, this reinforces privacy compliance as a core part of consumer protection rather than a separate legal issue.
Emergency Services Must Remain Free
The regulations guarantee free access to designated emergency numbers.
Where technically possible, providers should also be able to forward useful personal data to emergency responders once an emergency call connects.
That requirement could help improve emergency response by giving responders better information during urgent situations. However, the rules also imply that such data sharing must be handled within the broader privacy framework.
Service Shutdowns Need Regulatory Approval
Providers can no longer simply discontinue a service without following a formal process.
A company that wants to shut down a service must first obtain approval from the Communications Authority. It must also give affected subscribers at least three months’ notice.
The notice must explain why the service is ending, when the shutdown will take effect and what options customers have, including the possibility of moving to another provider.
Customers affected by a shutdown must be allowed to leave without penalty. They must also receive refunds for unused balances or deposits.
Penalties for Breaches
Violating the new consumer protection rules is a criminal offense.
A company or responsible party can face a fine of up to KES 1 million, imprisonment for up to six months, or both.
The penalty framework gives the regulations enforcement weight. It also signals that the government wants consumer protection obligations treated as legal duties, not voluntary service standards.
The next issue to watch is how quickly providers submit outage credit systems for approval and whether the Communications Authority enforces the rules consistently. For consumers, the biggest test will be whether the new framework turns service failures, billing disputes and unwanted marketing into problems that providers must fix quickly, transparently and at no extra cost.
Read Also: AI Transparency Rules Put EU-Facing Firms on Notice






