← Muchangi Patrick Published Work
⇩ Download PDF
Muchangi Patrick & Co. Advocates logo Muchangi Patrick & Co. Advocates ← Back to Insights

The Compliance Brief

Vol. 03 — Issue 33
Nairobi Edition
Regulation, technology & the business of Kenya
Texas App Store Case · SCOTUS, July 2026

Age-Gating the Internet: what Texas's app-store law means for Kenya

The Supreme Court let a contested, ID-linked age-verification law stand. Kenya's own child online safety framework — still being drafted — has a rare chance to learn from the fight before its own version reaches court.

Analysis 9 min read Public Law & Child Safety
By Patrick Muchangi, Founder & Advocate — Muchangi Patrick & Co. Advocates · Published July 2026
Download PDF

On 6 July 2026, the U.S. Supreme Court declined to block Texas's App Store Accountability Act, letting a sweeping, ID-linked age-verification regime operate on millions of phones while a First Amendment challenge continues at the Fifth Circuit. That single procedural decision is a useful stress test for Kenya's own, still-forming child online safety framework.

§1 What the Supreme Court actually decided

Not a ruling on the merits — a live, unresolved contest between two courts.

Texas's law requires accounts belonging to under-18s to be linked to a parent's account, with notice and approval required before download. A federal judge in Austin enjoined it in December 2025, comparing it to requiring every bookstore to check ID at the door. The Fifth Circuit stayed that injunction in June 2026, finding Texas has a substantial interest in protecting children. The Supreme Court's 6 July order simply left the stay in place — the underlying constitutionality question remains open.

"No state has ever required its citizens to prove their age before reading a newspaper, entering a bookstore, or even accessing the internet" — Computer & Communications Industry Association, in its Supreme Court filing.

§2 Kenya's own — fragmented — approach

Three instruments, not yet reconciled with each other.

The civil society view

ICJ Kenya and Wamae & Allen LLP have both concluded that blanket national-ID verification for all social media users — not just minors — risks mass surveillance and digital exclusion for Kenyans without formal ID.

§3 Why Kenya doesn't need to wait for its own court battle

A binding precedent already tells us how a Kenyan court is likely to treat an overbroad mandate.

In March 2026, the Court of Appeal struck down Sections 22 and 23 of the Computer Misuse and Cybercrimes Act in Bloggers Association of Kenya (BAKE) v Attorney General & 6 others — finding those provisions unconstitutionally overbroad. That case is now before the Supreme Court. It establishes, as binding precedent, that Kenyan courts will strike down internet-facing legislation that restricts protected activity without narrow, precise tailoring — precisely the standard the KICA Amendment Bill's blanket ID-verification requirement risks failing.

§4 Six amendments worth making now

§5 How the two approaches compare

QuestionTexas / U.S. approachKenya's current framework
Scope of verificationApp downloads and purchases by minorsProposed: all social media users, via national ID
Judicial postureActively contested — district court vs Fifth Circuit splitUntested, but BAKE precedent signals likely vulnerability
Regulatory coordinationSingle statuteThree uncoordinated instruments (CA, KICA Bill, DPA)
Privacy-preserving designNot built into the Texas modelNot yet built into the KICA Bill, either

§6 The bottom line

Kenya has a rare advantage: it can watch America's contested experiment play out from the outside, and it already has its own Court of Appeal precedent telling it exactly where the constitutional line sits. The KICA Amendment Bill remains a genuine opportunity to lead on this issue — but only if it is redrafted before a challenge, not after one.

Where this goes next

The KICA Amendment Bill has not yet passed. The window to build in privacy-preserving design and narrow tailoring — before enforcement begins — is still open.

How this touches your data protection exposure

An AI governance framework doesn't sit apart from data protection law — most AI systems in Kenya run on personal data, which means your obligations under the Data Protection Act, 2019 are already live even before the AI Bill passes.

Muchangi Patrick & Co. Advocates advises boards, AI deployers, and startups on data protection compliance, AI governance readiness, and cross-border data flows. If you're building or deploying AI systems in Kenya, we can help you map your exposure before the regulator does it for you.

Talk to us

Muchangi Patrick & Co. Advocates advises fintechs, startups, corporates and institutions on data protection and data privacy compliance across Kenya — from ODPC registration and DPIAs to outsourced DPO services and cross-border data transfer advisory. If the issues raised above touch your business, we can help you get ahead of them.

Book a Consultation → Chat on WhatsApp