PS Raymond Omollo says cybercrime rules will not hurt small businesses

PS Raymond Omollo before the National Assembly Delegated Legislation Committee. [Elvis Ogina, Standard]

The national government has moved to allay fears that operations of small businesses will be affected should Parliament approve the Computer Misuse and Cybercrimes (Critical Information Infrastructure and Cybercrimes Management) Regulations 2024.

Interior Principal Secretary Raymond Omollo who appeared before the National Assembly Delegated Legislation Committee at Parliament Building, Nairobi, Tuesday, explained that the new regulations are geared towards ensuring businesses operate without fear of cyber attacks.

The regulations, as presented, seek to enable the government to monitor, detect, prevent and respond to cyber threats and crimes. They also seek to ensure owners or administrators of critical information infrastructure are compelled to guarantee that the infrastructure on which critical information is domiciled, is located in Kenya.

Omollo pointed out that the regulations had been drafted to ensure small businesses adapt to new technological trends when needed and would continue thriving “without being worried of how the multi-nationals were operating.”

“We have been flexible enough with the regulations so that we are not stringent on the small businesses. In terms of regulation policies, we limited ourselves to what the Data Protection Act provides,” he said.

The PS told the committee that sufficient public participation was conducted before drafting the regulations.

He also submitted that his team had benchmarked five countries including the United States, Israel, Australia, India and the United Kingdom- and even engaged technology giants Google and Microsoft- before coming up with the regulations.

“The enforcement mechanisms outlined in these regulations will serve as a deterrent to cybercrimes such as disruption of critical systems, data breaches, and online fraud, mitigating financial losses and protecting the digital assets of the nation,” Omollo said.

The Ainabkoi MP Samwel Chepkonga-led committee however tasked the PS to explain what data protection measures had been put in place.

“How exactly will these regulations ensure the data of Kenyans is safe?” Posed Mandera North MP Abdullaij Bashir Sheikh.

Chairperson Chepkonga further queried whether ample public participation had been conducted to avoid court cases.

“The goal is to ensure that a piece of legislation that Parliament has pronounced itself on is not taken to court for lack of public participation…,” he said.

Kathiani MP Robert Mbui urged the committee not to adopt the regulations hastily but to take time to ensure that small businesses were not victimised.

Omollo assured the committee that he had consulted officials from the Data Protection office to ensure the safety of Kenyans' data.

“The team that was crafting these regulations was very deliberate to incorporate recommendations from the office of Data protection,” he said.

If approved the regulations will help the government establish a comprehensive framework for monitoring, detecting, and responding to cyber threats within Kenya. They will also bolster the government's ability to combat organized cybercrime effectively.

This includes the creation of Cybersecurity Operations Centers at national and sectoral levels, fostering collaboration with Computer Incident Response Teams (CIRTs) to facilitate real-time information sharing and coordinated responses to cyber incidents.

 “The regulations aim to streamline the reporting process for cybercrime-related offenses, with the establishment of dedicated cybercrimes desks in every police station. This initiative seeks to empower citizens to report cyber incidents promptly, facilitating swift and effective law enforcement responses,” reads the regulations in part.

They further seek to regulate cryptocurrency which has long been unregulated.