The Independent Electoral and Boundaries Commission (IEBC) might be obligated to host its election servers locally, if proposed regulations are anything to go by.
The Computer Misuse and Cybercrimes (Critical Information Infrastructure and Cybercrime management) Regulations, 2024 seeks to have government agencies dealing in critical information ensure that their infrastructure is domiciled in Kenya.
“An owner of critical information infrastructure shall ensure that the information is located in Kenya,” the regulations, proposed by the Ministry of Interior, say.
If approved by Parliament, owners of critical information infrastructure who insist on their servers located in a foreign country will have to apply to the ‘National Computer and Cybercrime Coordination Committee’, a body that will be headed by a Director-General.
In case of the aforementioned application, the committee shall then review and verify — if the application meets the security standards provided in the regulations — and provide a verdict within 30 days.
IEBC servers
According to the regulations, critical information infrastructures cover the sectors of the country’s defence, security, banking and finance, judiciary, as well as elections.
IEBC, according to the regulations, deals in critical operations that include voter registration and voting.
The opposition (Azimio La Umoja One Kenya Coalition) contested the 2022 Presidential Election, accusing some IEBC staff and commissioners of colluding with foreigners to access the servers and tamper with election results in favour of President William Ruto.
During the said presidential petition, Azimio Presidential Candidate Raila Odinga and his running mate Martha Karua argued that IEBC had four servers (two in the country and two outside the country), but only one (based in Venezuela) was transmitting “manipulated election results”.
In the event of a cybersecurity incident, the regulations dictate that only authorised individuals will have immediate access to critical information infrastructure.