Laws & Regulations
Legal Notice No. 183
Under Section 4 of the aforementioned Order, ICTA is mandated to amongst others, promote e-Government services, facilitate optimal electronic, electronic form, electronic record and equipment use in the public service.This implies that it is incumbent upon ICTA to be the Government Certification Authority (GCA) with respect to operationalization of the NPKI.ICTA is a licensee of Communication Authority.
Kenya Information and Communications Act (KICA) CAP 411A of 1998
The Act mandates the Communication Authority to license and regulate Electronic Certification Service Providers (E-CSPs).
Other Laws Supporting Use of NPKI & Digital Certificates
❖ The PFM Regulations 2015, Section 12(1) states that any public officer signing any document or record pertaining to a financial transaction shall ensure that the signature is given in such a manner so as to preclude subsequent alteration or addition to the information contained in such document or record.
❖ The Public Procurement and Asset Disposal Regulations(2020) Section. 59
Section 59(1) of the PPADR(2020) States that a digital signature certificate required by a procuring entity shall be obtained from a certifying agency licensed by the Communications Authority of Kenya for accounting officer, head of procurement function, tender opening and evaluation committee, as the case may be
❖ Land Registration Act (Electronic Transactions) Regulations( 2020) Section .14 Section 14(2) states that for Purposes of an instrument or document for electronic registration of filing,an authorized User shall-cause the instrument or documents to to be executed by use of an advanced electronic signature of parties
Certificate Policy (CP)
The Certificate Policy (CP) sets out the rights, duties, and obligations of each party involved in National Public Key.Infrastructure. It is compliant with the Web Trust Principles and Criteria for Certification Authorities. Download
Certificate Practice Statement (CPS)
The Certificate Practice Statement (CPS) specifies the practices that GovCA employs for certificate lifecycle services. Download
Subscriber Agreement
Subscriber Agreement is a legal agreement between a subscriber and GovCA. It governs the issuance and use of a digital certificate that the subscriber must read and accept before receiving a digital certificate. Download
Registration Authority Charter
The Registration Authority Charter (RA Charter) is subject to the GovCA certification practice statement (CPS) and describes the practices and procedures specific to be used by RAs for validating and maintaining the confidentiality, integrity and authenticity of NPKI informational assets. Download
These are user manuals illustrating the steps the subscriber needs to follow on the GovCA portal.
- User guide on registration of a Registration Authority
- User guide on registration of an Authorized Organization Representative
- User guide on application for digital certificates
- User guide on token loss and return
- User guide on verification of digital certificates status
- User guide on digitally signing a document using acrobat reader
- User guide on installation of the token drivers in your PC