KENYA Law and Practice Contributed by: Sammy Ndolo, Brian Muchiri, Nicholas Owino and Valere Nyaboke, Cliffe Dekker Hofmeyr
• complying with the Data Protection Act in relation to personal data processing; and • incorporating measures for robustness, accuracy and cybersecurity. The AI Bill also requires that AI systems be designed and deployed in a manner that enhances, rather than replaces, human capabilities, incorporates features that support human involvement and provides for human oversight in critical decisions. Furthermore, the AI Bill mandates disclosure to users and affected persons regarding the nature, purpose and limitations of AI systems, the extent of automated decision-making and measures taken to mitigate bias. 8.2 AI Use-Related Risks Kenya does not currently have dedicated AI legislation in force. However, the existing regulatory framework addresses AI-related risks through several intercon - nected statutes. See response to 8.1 Board Oversight of AI . Key AI Governance Developments in 2025-2026 The most significant development is the introduction of the AI Bill, which had its first reading in the Senate on 2 April 2026. If enacted, the AI Bill will establish Kenya’s first comprehensive AI regulatory framework. Key governance elements are as follows. Risk classification The AI Bill establishes a four-tier classification sys - tem (unacceptable risk, high-risk, limited risk, minimal risk). Systems classified as unacceptable risk (those posing severe threats to health, safety, fundamental rights or societal welfare) are prohibited. High-risk system obligations The AI Bill imposes mandatory obligations on provid - ers and deployers of high-risk AI systems, including risk assessments, human rights impact assessments, transparency and explainability requirements, record- keeping for at least five years, data protection compli - ance and cybersecurity measures. Regulatory oversight The AI Bill establishes the Office of the Artificial Intel - ligence Commissioner as a body corporate with
powers to oversee implementation and enforcement, conduct audits and post-market surveillance, issue enforcement notices and impose administrative fines and maintain a public register of high-risk AI systems. Ethical guidelines The AI Bill requires the AI Commissioner to develop and publish ethical guidelines that address bias pre - vention, privacy protection, human oversight and accountability, environmental sustainability and the prohibition of non-consensual use of personal images or likenesses in AI-generated content. • Regulatory sandboxes: the AI Bill authorises the AI Commissioner to establish regulatory sandboxes for testing AI systems in controlled environments, with prescribed conditions including safeguards for ethics, data protection and risk monitoring. Allocation of Responsibility for AI Governance Under current law, responsibility for AI governance is distributed across organisational levels, with ultimate accountability resting on the board of directors. The board sets AI strategy, oversees key risks and ensures proper governance of AI systems in line with its fidu - ciary duties under the Companies Act to act in good faith, exercise reasonable care and skill and promote the company’s success. The audit and risk committee would typically over - see AI-related risks as part of the broader enterprise risk management framework, including cybersecurity, data governance, internal controls and legal compli - ance. Under the POLD Regulations, listed companies must establish audit committees with responsibility for reviewing internal controls and risk management sys - tems. In more advanced organisations, a dedicated technology or AI committee may be established to provide specialised oversight of AI deployment, algo - rithmic fairness and ethical considerations, although this remains best practice rather than a legal require - ment. Management would be responsible for the day-to-day implementation of AI systems, including deployment, monitoring and compliance with internal policies and applicable law, with support from IT, legal, data pro - tection and compliance teams. For reporting institu -
420 CHAMBERS.COM
Powered by FlippingBook