The latest Auditor General’s report has cast a spotlight on Kenya’s E-Citizen platform, revealing troubling gaps in governance, transparency, and financial accountability.
While the platform has digitized over 22,000 government services since 2023, its rapid expansion has outpaced legal safeguards, raising serious questions about data protection, revenue flows, and institutional oversight.
Speaking during the “The Big Picture Podcast” hosted by The African Censored on August 12, 2025, Victor Kapiyo, advocate of the High Court and Trustee at KICTANet, emphasised that “Such a critical platform cannot just be left to administrative whims” given the legal ambiguity regarding the platform.
He added that, “E-Citizen is such a critical infrastructure… that it needs a legal framework to operate properly.” Further, that: “Currently, the platform operates under scattered legal notices and administrative directives, lacking a clear statutory foundation. Capio warned that without a defined institutional structure, “it is hard to hold [anyone] responsible when something goes wrong.”
He further noted that multiple ministries, The National Treasury, Ministry of Information, Communications & The Digital Economy, Interior, are involved, alongside private contractors, but none are clearly accountable:
“The Treasury is saying we’ve not lost money. The others are saying we don’t have the money. These ones are saying we have a contract.”
Financial Transparency: “We just put a blanket on it called technology”
Tech entrepreneur Muraya Kamau, Deveint Ltd, a subsidiary of Jambo Pay, acknowledged the platform’s efficiency but flagged opacity in its financial model:
“We had a corruption problem before E-Citizen. We still have a corruption problem today.”
He explained that while automation should make transactions auditable, “all the invoices that were raised… and the monies collected”—the lack of a centralised accountability mechanism has allowed billions to move through shadowy channels.
The Auditor General’s report cited shifting transaction fees and unexplained settlements. Camo noted:
“There’s so much opacity in these contracts… We’ve seen the page with six signatures, but not the other pages of the contract.”
Convenience Fee Controversy
One of the most contentious issues is the KES 50 convenience fee charged on every transaction, regardless of value. Kapiyo argued:
“Government services are rights… not a convenience. The naming itself [convenience fee] is a misnomer.”
He added that the fee violates gazetted service costs and lacks legal grounding, “The Auditor General said it was an illegality that you’re charging people more for services contrary to the specified value.”
Muriah defended the fee’s original intent to address sustainability:
“The spirit of the convenience fee was that this service needed to be sustainable… so that there is no day the system will not be working because there was no allocation.”
Yet both agreed that the fee structure must be re-evaluated, standardised, and legislated transparently.
Data Protection & Cybersecurity
The platform’s centralised architecture poses significant risks. Muraya warned:
“We have a platform that collects Kenyans’ data… held centrally. If there is a breach, the risk exposure is massive.”
He advocates for decentralized data storage and privacy-by-design principles, citing Estonia’s model where MDAs retain their own data and access is request-based.
Kapiyo added that Kenya’s Data Protection Act must be enforced rigorously, especially given past cyberattacks and the sensitive nature of citizen data.
Cybersecurity expert and lawyer Mutheu Khimulu adds a sobering layer to the conversation, framing E-Citizen’s vulnerabilities as a national security crisis, “It is inconceivable that a platform collecting billions monthly is still floating in legal ambiguity.”
Khimulu calls for a binding legislative framework that defines custodianship, audit trails, accountability lines, and crisis response protocols.
“Any system that holds citizen data, national revenue, and service access must fall under critical national infrastructure classification.”
She warned against the unchecked embedding of third-party vendors and questioned why the government doesn’t own its own source code.
“We are not just losing money. We are losing credibility, digital sovereignty, and public trust.”
Governance & Ownership
Both guests called for a clear governance framework. Muraya suggested the government should consider buying out the platform’s IP:
“Pay them off. Let the government own the platform. We start from there.”
Kapiyo emphasised the need for a public-private partnership (PPP) structured under the 2021 PPP Act, not vague service-level agreements: “If you’re doing a PPP, then we need to go through what the PPP Act says… and follow that structure.”
Final Takeaway
The conversation concluded with a reflection: Kenya’s digital transformation is promising, but without integrity, legal clarity, and citizen-centered design, platforms like E-Citizen risk becoming tools of elite capture rather than public empowerment.
“We want it to work… but we want it to work well for everybody, not just some people,” says Victor Kapiyo.