Parliament has approved the National Cybersecurity Agency Order, 2026, paving the way to the establishment of the National Cybersecurity Agency (NCSA).
The Ministry of Interior welcomed the approval of the order on Monday, June 22, noting that it is a key step in the setting up of the NCSA.
“The Ministry welcomes the parliamentary approval of the National Cybersecurity Agency Order, 2026, a key step in the establishment of a national agency to regulate and coordinate cybersecurity and strengthen the protection of Kenya's digital infrastructure,” the Ministry stated.
Enacted under the State Corporations Act, NCSA will be an autonomous regulatory and technical body mandated to coordinate all national cybersecurity efforts and strengthen the protection of the country's digital infrastructure.
The agency will be responsible for coordinating national cybersecurity matters under the direction of the Cabinet Secretary for Internal Security.
Read More
Core functions of the agency include: formulating and implementing cross-sector national cybersecurity strategies, auditing and certifying the cybersecurity resilience of critical information infrastructure, managing the National Cybersecurity Operations Center, and supporting sectoral centers.
NCSA will also conduct digital network vulnerability assessments and issue technical advisories, develop specialized professional certifications to close the national skills gap, and serve as the primary technical liaison between the government and the digital industry.
NCSA will be based in Nairobi County with provisions to operate satellites and specialized units.
The agency will be managed by a board of directors consisting of a non-executive Chairperson appointed by the President, as well as the Internal Security, National Treasury, and ICT Principal Secretaries.
Th board will also have representatives from the Attorney General's Office, Kenya Defence Forces (KDF), National Police Service (NPS), National Intelligence Service (NIS), and Office of the Director of Public Prosecutions (ODPP).
It will also have representatives from academia appointed by the Interior Cabinet Secretary and the private sector, and a Director General who will be an ex officio member.
The Chairperson of NCSA will be required to hold a Master’s degree and have 15 years of experience. Members of the board will serve for a 3-year term, renewable once.
The NCSA board will competitively recruit a Director-General, subject to approval by the Interior Cabinet Secretary.
The Director-General must possess at least a master's degree and significant senior management experience in cybersecurity or related fields.
The agency will also have a Corporation Secretary who will be appointed by the Board to handle meetings, records, and compliance.
The Corporation Secretary must be a member of the Institute of Certified Public Secretaries of Kenya with 10 years of experience.
NCSA will be funded through Parliamentary appropriations, operational revenues, and approved gifts or grants.
For accountability, NCSA will be required to prepare annual budgets and estimates, maintain proper financial records, submit its accounts for audit by the Auditor-General, and prepare annual reports detailing its operations and performance
