On 14^th March 2024, the National Computer and Cybercrimes Coordination Committee (NC4), directed that all systems that are designated as critical information infrastructure as stipulated under Gazette Notice No. 1043 must adopt and only use .KE domain names and ensure that the security and reliability of the .KE domain names is safeguarded. The designated systems/information infrastructure generally fall under the following sectors:

1. Telecommunications Sector;
2. Electoral, Judicial, Education, Health, Food, Water and Land Sector;
3. Energy, Transport and Industry Sector;
4. Banking and Finance Sector;
5. Defence, Security and Public Safety Sector.

A detailed list of the systems/information infrastructure that the directive applies to can be found under Gazette Notice No. 1043 here

The Public Notice from the Communications Authority of Kenya (CA) can be found here

Additionally, the NC4 directed that all systems that are designated as critical information infrastructure as stipulated under the above-mentioned Gazette Notice must adopt and only use digital certificates, digital certification and PKI services from Electronic Certification Service Providers (E-CSPs) who have been both licensed and accredited by the CA. The list of licensed and accredited E-CSPs is available on the CA’s website here at page 59.

Please contact us at info@cfllegal.com should you require further information.