Kenya’s National Public Key Infrastructure (NPKI)

The National Public Key Infrastructure (NPKI) is managed by the Communications Authority of Kenya (CA). To enhance the adoption of digital certification services and electronic transactions across the public sector, the CA has accredited the ICT Authority (ICTA) as the Electronic Certification Service Provider (E-CSP) for the Government of Kenya.

1. About the NPKI

A Public Key Infrastructure (PKI) refers to a system for the creation, storage and distribution of digital certificates which are used to verify that a particular public key (online identity) belongs to a certain entity. A PKI is a technical infrastructure that comprises of a Root Certification Authority (RCA) and a Certification Authority (CA), referred to as an Electronic Certification Service Provider (E-CSP) in Kenya’s legal and regulatory framework. The PKI creates a framework for protecting communications and stored information from unauthorized access and disclosure by addressing the fundamentals of cyber security – confidentiality, integrity, authentication and non-repudiation. A PKI is key to the rollout of e-transaction services.

2. NPKI Laws and Regulations

The Kenya Information and Communications Act, 1998, mandates the Communications Authority of Kenya (CA) to issue a license to a person operating an Electronic Certification Service. In this regard, the Communications Authority of Kenya (CA) has developed a licensing framework for Electronic Certification Service Providers (E-CSPs).

Kenya’s National PKI comprises of a Root Certification Authority (RCA), which is managed by the Communication Authority of Kenya (CA) as a regulatory function, and the Government Certification Authority (GCA), an E-CSP which is managed by the ICTA. The NPKI is instrumental towards the effectiveness of the licensing of Electronic Certification Service Providers (E-CSPs) by the Communications Authority since a licensed E-CSP must be accredited by the RCA for its digital certificates to be globally recognized and trusted.

The ICT Authority (ICTA), which is the body responsible for the management of the mainstream government ICT services, operates the GCA. Other interested stakeholders who may be issued with an E-CSP license on application include the banking Sector and the Academia.

The benefits of a National PKI include:
i.    Locally available and cheaper digital certificates/signatures; and
ii.    Operations and services that are within Kenyan law (jurisdiction), among others.

3. Licensed & Accredited Electronic Certification Service Providers (E-CSPs)

LICENSED AND ACCREDITED E-CSP – CLEARED TO OFFER SERVICES  
NO. COMPANY NAME BOX NUMBER TOWN POSTAL CODE TELEPHONE EMAIL
1. GEDA LIMITED 29139 NAIROBI 00100 +254 20 353 6000
+254 702 333 333
 
2. TENDAWORLD LTD 25318 NAIROBI 00603 +254 721 138 882 MAIL@TENDA.WORLD
3. THE INFORMATION AND COMMUNICATION TECHNOLOGY AUTHORITY (ICTA) 27150 NAIROBI 00100 +254 20 208 9061 INFO@ICTA.GO.KE
4. EMUDHRA TECHNOLOGIES LIMITED 560102 BENGALURU, INDIA   +91 80 46 15 69 01
+971 52 929 60 00
ARVIND@EMUDHRA.COM
LICENSED E-CSP – AWAITING ACCREDITATION TO OFFER SERVICES
5. BLTA SOLUTIONS LIMITED          
6. CMCOM KENYA LIMIED 61120 NAIROBI 00200 +254 725 600 252 BRIANIRIA.MUCHIRI@GMAIL.COM
7. IDENTLY SYSTEMS LIMITED       +254 734 467 635 INFO@IDENTLY.COM
8. DIGICHETI LIMITED 12036 NAIROBI 00100 +254 703 041 000 FINDUS@DIGICHETI.COM
9. HAKISHA LIMITED 43123 NAIROBI 00100 +254 733 997 226 MAIL@HAKISHA.COM
10. KENSIGN LIMITED 27550 NAIROBI 00100

+254 705 368 526
+254 795 182 011

HOPEMUNGAI2019@GMAIL.COM