The Kenya scheme of a National Public Key Infrastructure (NPKI) consists of a hierarchy of Certification Authorities (CAs) that issue and manage digital certificates, which are used to verify the identity of individuals or entities and establish trust in online transactions. In Kenya scenario the National Public Key Infrastructure (NPKI), there are three levels of Certification Authorities

1.Root Certification Authority (RCA):

This is the top level of the hierarchy and is responsible for issuing certificates to other Certification Authorities.The Kenya Root CA function is performed by the Communications Authority of Kenya (CA) (https://www.ca.go.ke)

2. Certification Authorities (CA):

These are the second level of the hierarchy and are responsible for issuing certificates to individuals or entities. They are typically issued a certificate by a root Certificates Authority and are trusted by all parties within the PKI ecosystem. They are licensed as Electronic Certification Service Provider (E-CSP) in Kenya’s legal and regulatory framework.

3.Registration Authorities(RA):

These are the lowest level of the hierarchy and are responsible for issuing certificates to subscribers. The E-CSP licensee can delegate the role of registration and issuance to accredited entities.

In this hierarchy, trust flows downwards from the Root Certification Authority (RCA)to the Certification Authorities(CA). ICT Authority shall delegate the role of registration to accredited entities who shall become Registration Authorities(RA). The Registration Authorities (RA) will be responsible for verifying the identity of the subscribers that will use the certificates.