Late last year, the Communications Authority of Kenya (CA) published six Draft Kenya Information and Communications Regulations inviting stakeholders and members of the public to provide comments on these Regulations. One of these Regulations is the Kenya Information and Communications (Electronic Transactions) Regulations 2016 which are a new set of regulations developed following amendments to the Constitution in 2010 and the Kenya Information and Communications Act in 2013.
From the discussion of the draft below, one forms the general view that these proposed Electronic Transactions Regulations ought to be re-drafted as a stand-alone Act of Parliament as opposed to being mere subsidiary legislation. Be it as it may, the draft contains a number of technically impracticable provisions, unclear terms blurring the line between service providers and clients.

The draft Regulations define a “service provider” as “any person in Kenya who offers on a commercial basis, the sale, hire or exchange of goods or services through an electronic transaction.” This definition is so broad that it could include a person who sells goods using whatsapp. The draft goes further to state that: “such service providers shall require an authorization from CA.” This is a problematic provision since ideally CA should be going after the platform’s owner and not the platform’s clients. Put differently, the draft seems to suggest that if a person is selling goods on OLX.co.ke, such person must be licensed by CA along with the owners of the OLX platform. Therefore it is important that the draft is clear on who exactly is a “service provider” and that this definition must be alligned with the definitions in other regulations such as the Cyber-Security Regulations previously discussed here.
A curious provision in the draft is the section on obligations of service providers. It states, in part, as follows:
“5. (1) A service provider shall provide to the consumers on the website or electronic communication where goods or services are offered, the following-
d) membership of any self-regulatory or accreditation bodies to which the person belongs or subscribes and the contact details of that body;
f) in the case of a legal person, the registration number; names of the directors and place of registration;
g) the physical address where the person may be served with documents;
i) the full price of the goods or services, including transport costs, taxes and any other fees or costs”
One wonders whether these onerous details are really necessary even in the case of electronic transactions. Some may argue that Kenya’s Consumer Protection Act and other legislation adequately cover all the interests of customers buying products or paying for services online or any other electronic means.
Another concerning provision in the draft is the section on contractual obligations. It states, in part, as follows:
“9. (1) where a person makes an order for goods or services by electronic means, unless otherwise agreed by the parties, the supplier shall execute the order within thirty days.
(4) A provision in an agreement, which excludes any rights in this section, is void.”
It is clear that such a provision violates the freedom to contract and is a total affront to the sanctity of contract. Parties to a contract must have the freedom to agree on the terms of their contract without the government dictating which terms should govern private contractual relationships.
While the draft has several provisions relating to limitation of liability for intermediaries, these provisions ought to be revisited to ensure that there is no conflict with the proposed amendments to the Copyright Act on ISP liability previously discussed here.
Finally, as in the case of the Cyber-Security Regulations, the present draft provides for offences and penalties that are not grounded in the enabling statute namely, the Kenya Information and Communications Act. Many argue that delegated legislation such as regulations cannot both criminalise and prescribe penalties outside the enabling statute.