Kenya has taken a major step toward strengthening its national cyber resilience following Parliament’s approval of the National Cybersecurity Agency Order, 2026, paving the way for the establishment of the National Cybersecurity Agency (NCSA). Created under the State Corporations Act through a presidential order issued by President William Ruto, the agency will serve as an autonomous institution tasked with coordinating the country’s cybersecurity strategy, protecting critical digital infrastructure, and enhancing national preparedness against evolving cyber threats.
The creation of the NCSA comes at a crucial time as Kenya’s digital economy continues to expand rapidly across sectors including government services, financial technology, telecommunications, e-commerce, and critical infrastructure. As digital adoption accelerates, so does the sophistication and frequency of cyber threats, making a coordinated national cybersecurity framework increasingly important. The agency is expected to play a central role in safeguarding the country’s digital ecosystem while supporting Kenya’s broader digital transformation agenda.
Among its key responsibilities, the NCSA will oversee the National Cybersecurity Operations Centre and coordinate cybersecurity efforts across government institutions and critical sectors. Its mandate includes monitoring cyber risks, conducting security assessments and audits, issuing technical guidance on emerging threats, strengthening incident response capabilities, and ensuring greater coordination among stakeholders responsible for protecting essential digital infrastructure and services.
A significant component of the agency’s mandate is the establishment of a Cybersecurity Centre of Excellence dedicated to research, innovation, skills development, and capacity building. The center is expected to foster collaboration between universities, regulators, industry leaders, security agencies, and technology experts to address the growing cybersecurity skills gap while supporting the development of local expertise and innovative solutions to emerging cyber challenges.
The NCSA’s multi-stakeholder governance structure, which will include representatives from government, security agencies, law enforcement, academia, the ICT sector, and private industry, reflects a collaborative approach to national cybersecurity. While the agency is expected to strengthen Kenya’s ability to detect, prevent, and respond to cyber threats, discussions around transparency, accountability, and oversight remain equally important. As Kenya builds its cybersecurity capabilities, the long-term success of the NCSA will depend not only on protecting digital assets but also on maintaining public trust, safeguarding digital rights, and ensuring responsible governance in an increasingly connected world.
