The Compliance Brief
The Supreme Court let a contested, ID-linked age-verification law stand. Kenya's own child online safety framework — still being drafted — has a rare chance to learn from the fight before its own version reaches court.
On 6 July 2026, the U.S. Supreme Court declined to block Texas's App Store Accountability Act, letting a sweeping, ID-linked age-verification regime operate on millions of phones while a First Amendment challenge continues at the Fifth Circuit. That single procedural decision is a useful stress test for Kenya's own, still-forming child online safety framework.
Not a ruling on the merits — a live, unresolved contest between two courts.
Texas's law requires accounts belonging to under-18s to be linked to a parent's account, with notice and approval required before download. A federal judge in Austin enjoined it in December 2025, comparing it to requiring every bookstore to check ID at the door. The Fifth Circuit stayed that injunction in June 2026, finding Texas has a substantial interest in protecting children. The Supreme Court's 6 July order simply left the stay in place — the underlying constitutionality question remains open.
Three instruments, not yet reconciled with each other.
ICJ Kenya and Wamae & Allen LLP have both concluded that blanket national-ID verification for all social media users — not just minors — risks mass surveillance and digital exclusion for Kenyans without formal ID.
A binding precedent already tells us how a Kenyan court is likely to treat an overbroad mandate.
In March 2026, the Court of Appeal struck down Sections 22 and 23 of the Computer Misuse and Cybercrimes Act in Bloggers Association of Kenya (BAKE) v Attorney General & 6 others — finding those provisions unconstitutionally overbroad. That case is now before the Supreme Court. It establishes, as binding precedent, that Kenyan courts will strike down internet-facing legislation that restricts protected activity without narrow, precise tailoring — precisely the standard the KICA Amendment Bill's blanket ID-verification requirement risks failing.
| Question | Texas / U.S. approach | Kenya's current framework |
|---|---|---|
| Scope of verification | App downloads and purchases by minors | Proposed: all social media users, via national ID |
| Judicial posture | Actively contested — district court vs Fifth Circuit split | Untested, but BAKE precedent signals likely vulnerability |
| Regulatory coordination | Single statute | Three uncoordinated instruments (CA, KICA Bill, DPA) |
| Privacy-preserving design | Not built into the Texas model | Not yet built into the KICA Bill, either |
Kenya has a rare advantage: it can watch America's contested experiment play out from the outside, and it already has its own Court of Appeal precedent telling it exactly where the constitutional line sits. The KICA Amendment Bill remains a genuine opportunity to lead on this issue — but only if it is redrafted before a challenge, not after one.
The KICA Amendment Bill has not yet passed. The window to build in privacy-preserving design and narrow tailoring — before enforcement begins — is still open.
An AI governance framework doesn't sit apart from data protection law — most AI systems in Kenya run on personal data, which means your obligations under the Data Protection Act, 2019 are already live even before the AI Bill passes.
Muchangi Patrick & Co. Advocates advises boards, AI deployers, and startups on data protection compliance, AI governance readiness, and cross-border data flows. If you're building or deploying AI systems in Kenya, we can help you map your exposure before the regulator does it for you.
Muchangi Patrick & Co. Advocates advises fintechs, startups, corporates and institutions on data protection and data privacy compliance across Kenya — from ODPC registration and DPIAs to outsourced DPO services and cross-border data transfer advisory. If the issues raised above touch your business, we can help you get ahead of them.