Nairobi, Kenya – The Cabinet Secretary for Information, Communications and the Digital Economy, William Kabogo, has reiterated Kenya's commitment to ratifying the Budapest Convention on Cybercrime. This international treaty is a crucial instrument in the global effort to combat online criminal activities.

Kabogo's announcement followed a productive meeting on Wednesday, October 8, 2025, with officials from the Council of Europe, including Virgil Spiridon, Javier Gomez, and Catalina Stroe, as well as the Director of the National Computer and Cybercrimes Coordination Committee (NC4), Col. (Dr.) James Kimuyu. The discussions focused on Kenya's progress towards acceding to the Convention and its preparations for the upcoming Third African Forum on Cybercrime.

Kenya received an official invitation from the Council of Europe to accede to the Budapest Convention on October 9, 2024. This invitation is valid for five years. The National Computer and Cybercrimes Coordination Committee (NC4) established a Budapest Accession Preparations Team on November 26, 2024, to guide the country's accession process. The team is tasked with advising the government and implementing the necessary procedures within the five-year timeframe.

Escalating Cyber Threats in Kenya

The push for ratification comes amidst a significant increase in cybercrime in Kenya. In 2023, Kenya reportedly lost KSh 10.71 billion (USD 83 million) to cybercrime, making it the second-highest victim in Africa after Nigeria. Between April and June 2024, the National Kenya Computer Incident Response Team Coordination Centre (KE-CIRT/CC) detected 1.1 billion cyber threat events, a 16.50% increase from the previous quarter. System vulnerabilities accounted for over 90% of these attacks, totalling 1.9 billion attacks in the first half of 2024.

The financial services, government, fintech, hospitality, education, telecommunication, and manufacturing sectors were the most affected by cyber incidents and financial losses in 2023. Cybercriminals frequently exploit insecure Internet of Things (IoT) devices, insecure system configurations, outdated software, and emerging technologies like Artificial Intelligence (AI). Identity theft and phishing remain prevalent methods used to trick victims into disclosing sensitive information, leading to substantial financial losses.

Legal Framework and International Cooperation

The Budapest Convention, established in 2001 by the Council of Europe, is the first international treaty designed to harmonise national laws, improve investigative techniques, and enhance international cooperation against cybercrime. It focuses on criminalising offences such as illegal access, system interference, computer-related fraud, and child sexual abuse, while also providing a framework for cross-border access to electronic evidence.

Kenya's National Computer and Cybercrimes Coordination Committee (NC4), established under the Computer Misuse and Cybercrimes Act No. 5 of 2018, coordinates the country's cybersecurity efforts. NC4's mandate includes advising the National Security Council on cybercrimes, guiding on Critical Information Infrastructure security, and coordinating with national security organs. The government is also working on consolidating all cyber control units across ministries and agencies into a single national entity.

In a related development, Kenya and Romania signed a Memorandum of Understanding (MoU) on cybersecurity cooperation on Monday, October 6, 2025. This agreement, led by NC4 and Romania's National Cyber Security Directorate (DNSC), aims to strengthen collaboration on information sharing, joint incident response, and capacity building.

Upcoming African Forum on Cybercrime

Kenya is set to host the Third African Forum on Cybercrime from Tuesday, November 25, to Thursday, November 27, 2025, in Nairobi. Organised jointly by the African Union Commission (TBC), the European Union, and the Council of Europe, the forum will address emerging cybercrime threats, electronic evidence, and international cooperation. Over 300 participants from 30 countries are expected to attend.

Unanswered Questions and Future Outlook

While the commitment to ratifying the Budapest Convention is clear, specific timelines for its completion, associated costs, and the safeguards that will be put in place remain subjects of public interest. Stakeholders are keen to understand how the ratification will integrate with existing Kenyan laws, particularly the Computer Misuse and Cybercrimes Act, 2018, and the ongoing amendments through the Computer Misuse and Cybercrimes (Amendment) Bill, 2024. The Bill, currently facing opposition from digital rights groups, seeks to expand government powers in regulating online activities, including the blocking of websites and applications.

The ratification of the Budapest Convention is expected to significantly enhance Kenya's ability to combat cybercrime through harmonised laws and improved international collaboration. The upcoming African Forum on Cybercrime will provide a platform for further discussions and strategies to address the continent's growing cybersecurity challenges.