Laws & Regulations

National Laws on NPKI

Legal Notice No. 183

Under Section 4 of the aforementioned Order, ICTA is mandated to amongst others, promote e-Government services, facilitate optimal electronic, electronic form, electronic record and equipment use in the public service.This implies that it is incumbent upon ICTA to be the Government Certification Authority (GCA) with respect to operationalization of the NPKI.ICTA is a licensee of Communication Authority.

Kenya Information and Communications Act (KICA) CAP 411A of 1998

The Act mandates the Communication Authority to license and regulate Electronic Certification Service Providers (E-CSPs).

Other Laws Supporting Use of NPKI & Digital Certificates

❖ The PFM Regulations 2015, Section 12(1) states that any public officer signing any document or record pertaining to a financial transaction shall ensure that the signature is given in such a manner so as to preclude subsequent alteration or addition to the information contained in such document or record.

❖ The Public Procurement and Asset Disposal Regulations(2020) Section. 59

Section 59(1) of the PPADR(2020) States that a digital signature certificate required by a procuring entity shall be obtained from a certifying agency licensed by the Communications Authority of Kenya for accounting officer, head of procurement function, tender opening and evaluation committee, as the case may be

❖ Land Registration Act (Electronic Transactions) Regulations( 2020) Section .14 Section 14(2) states that for Purposes of an instrument or document for electronic registration of filing,an authorized User shall-cause the instrument or documents to to be executed by use of an advanced electronic signature of parties

GovCA Governing Documents

Certificate Policy (CP)

The Certificate Policy (CP) sets out the rights, duties, and obligations of each party involved in National Public Key.Infrastructure. It is compliant with the Web Trust Principles and Criteria for Certification Authorities. Download

Certificate Practice Statement (CPS)

The Certificate Practice Statement (CPS) specifies the practices that GovCA employs for certificate lifecycle services. Download

Subscriber Agreement

Subscriber Agreement is a legal agreement between a subscriber and GovCA. It governs the issuance and use of a digital certificate that the subscriber must read and accept before receiving a digital certificate. Download

Registration Authority Charter

The Registration Authority Charter (RA Charter) is subject to the GovCA certification practice statement (CPS) and describes the practices and procedures specific to be used by RAs for validating and maintaining the confidentiality, integrity and authenticity of NPKI informational assets. Download

Manuals & User Guides

These are user manuals illustrating the steps the subscriber needs to follow on the GovCA portal.

User guide on registration of a Registration Authority
User guide on registration of an Authorized Organization Representative
User guide on application for digital certificates
User guide on token loss and return
User guide on verification of digital certificates status
User guide on digitally signing a document using acrobat reader
User guide on installation of the token drivers in your PC