The Kenyan government is planning to turn public data into a new source of revenue under a proposed national data governance framework.

A new draft policy outlines the creation of a national marketplace where researchers, businesses, and other approved users can purchase anonymised and aggregated datasets from systems such as eCitizen and other government platforms.

The proposal is contained in the Draft Final National Data Governance Policy, May 2026, developed by the Ministry of Information, Communications and the Digital Economy. The policy positions data as a strategic national asset with growing economic value.

In the foreword, Cabinet Secretary William Kabogo Gitau says:

“Data is no longer merely a by-product of transactions or administration; it is a strategic national asset that can strengthen governance, improve service delivery, promote innovation, and accelerate inclusive socio-economic transformation.”

The policy seeks to address long-standing challenges, including fragmented systems, inconsistent data quality, and limited use of the vast information already held by government institutions.

Why Kenya says it needs the policy

Kenya has developed a strong digital infrastructure over the years, with platforms such as eCitizen processing millions of transactions annually, including passports, driving licences, and business registrations. Mobile penetration stands at 149.4 per cent, and internet usage continues to expand.

However, the draft policy notes that government agencies still operate in silos. Many collect similar data repeatedly, store it in incompatible systems, and rarely share information effectively.

It highlights several structural problems:

• Inconsistent data quality across institutions
• Lack of standardised collection and storage systems
• Skills gaps in data management at multiple levels
• Low public awareness of data rights
• Inefficient and fragmented cross-border data flows

According to the draft, these weaknesses limit Kenya’s ability to use data effectively for planning, service delivery, and economic development.

To address this, the government proposes a unified national framework covering the entire data lifecycle – from collection to reuse – while strengthening privacy protections. The focus is primarily on non-personal data, meaning anonymised or aggregated information that cannot identify individuals. Personal data remains protected under the Data Protection Act, 2019.

Proposed national data marketplace

A central feature of the policy is the creation of a government-run data marketplace.

Under this system, ministries and agencies will be required to register anonymised datasets in a central national catalogue. Approved users – including private companies, researchers, NGOs, and innovators – will be able to access the data through a paid licensing model.

The government says the model is intended to both generate revenue and promote innovation.

Examples provided in the draft include:

• Agricultural data supporting improved insurance products
• Transport data enabling better logistics planning
• Health statistics supporting medical research

The policy emphasises that all datasets will be subject to strict quality, security, and ethical standards.

It also introduces the concept of “data as a factor of production,” with clear frameworks for ownership, licensing, and benefit-sharing. While some datasets may remain open, higher-value or sensitive datasets may require payment or restricted access.

New institutions to run the system

To implement the policy, several new governance structures are proposed.

These include:

• A National Data Governance and Emerging Technologies (DGET) Council, chaired by the Principal Secretary for ICT, bringing together senior government officials and representatives from key institutions
• A Data Governance Office within the Ministry of ICT to handle daily coordination and serve as the secretariat
• Data officers and committees are established in every ministry, agency, and county government

The framework is designed to reduce duplication and create “single sources of truth” for key national datasets such as identity records, business registries, and land information.

It also proposes a national API gateway and a master data management system to enable secure data sharing across government.

Principal Secretary Eng. John Tanui notes in the preface that implementation will begin in July 2026 through a phased approach focused first on standards and capacity building.

Core principles of the policy

The draft policy is anchored on several guiding principles:

• Data sovereignty, ensuring Kenya retains control over data generated within its borders
• Standardisation and interoperability across systems
• Human-centred governance that protects rights
• Secure sharing and responsible reuse of data
• Transparency and trust in data management
• Inclusive benefits for citizens and the wider economy

It also adopts the international FAIR principles, requiring data to be Findable, Accessible, Interoperable, and Reusable.

What it means for ordinary Kenyans

The idea of government “selling data” may raise concerns, but the policy stresses that only anonymised and non-personal data will be commercialised. Personal records remain protected under existing law.

Citizens will still retain rights to access, correct, or delete their personal data where applicable.

The government argues that better use of aggregated data will ultimately improve public services by:

• Reducing repetitive data collection
• Enabling faster, evidence-based decision-making
• Supporting the development of improved digital services

Public awareness campaigns are also planned to help citizens understand how data is used and protected.

Risks and safeguards

The policy acknowledges potential risks, including weak enforcement, skills shortages, institutional resistance, and possible misuse of data.

To address these concerns, it proposes:

• Mandatory impact assessments for high-risk data projects
• Regular audits and compliance checks
• Capacity building across government institutions
• A new Data Governance Law to strengthen enforcement

For cross-border data transfers, the draft adopts a risk-based approach aligned with regional frameworks such as the African Continental Free Trade Area (AfCFTA). Sensitive datasets may be required to remain within Kenya.