Kenya’s National Public Key Infrastructure (NPKI)
The National Public Key Infrastructure (NPKI) is managed by the Communications Authority of Kenya (CA). To enhance the adoption of digital certification services and electronic transactions across the public sector, the CA has accredited the ICT Authority (ICTA) as the Electronic Certification Service Provider (E-CSP) for the Government of Kenya.
Laws and Regulations
The Kenya Information and Communications Act, 1998, mandates the Communications Authority of Kenya (CA) to issue a license to a person operating an Electronic Certification Service. In this regard, the Communications Authority of Kenya (CA) has developed a licensing framework for Electronic Certification Service Providers (E-CSPs).
Kenya’s National PKI comprises of a Root Certification Authority (RCA), which is managed by the Communication Authority of Kenya (CA) as a regulatory function, and the Government Certification Authority (GCA), an E-CSP which is managed by the ICTA. The NPKI is instrumental towards the effectiveness of the licensing of Electronic Certification Service Providers (E-CSPs) by the Communications Authority since a licensed E-CSP must be acredited by the RCA for its digital certificates to be globally recognized and trusted.
The ICT Authority (ICTA), which is the body responsible for the management of the mainstream government ICT services, operates the GCA. Other interested stakeholders who may be issued with an E-CSP license on application include the banking Sector and the Academia.
The benefits of a National PKI include:
i. Locally available and cheaper digital certificates/signatures; and
ii. Operations and services that are within Kenyan law (jurisdiction), among others.