As an early adopter of digital solutions in both business and government, Kenya leads discussions on digital identity, zero trust, cloud infrastructures, and trust service partnerships. Key initiatives include policies like the Digital Master Plan from the Ministry of ICT and the Digital Economy and forums like the National Public Key Infrastructure (NPKI) Forum 2024.
In its latest public notice, the CA has redefined the standards for the use of digital certification services. Now, all critical information infrastructure (CII) providers and services must only use digital certificates and PKI services from Electronic Certification Service Providers (E-CSPs) licensed by the CA.
Why this new requirement?
Gazette Notice No. 1043, issued in 2022 by the National Computer and Cybercrimes Co-ordination Committee (NC4), designates certain sectors, services, and infrastructure as "critical" due to their high sensitivity and potential impact on public services. Examples include systems that manage electoral data, banking and savings services, insurance providers, pharmaceuticals, epidemic control, domain and IP management services, and public safety monitoring.
Because these systems often work with third-party services, the CA mandates that any partnerships by CII providers for digital signatures, PKI services, or digital certificates be conducted only with E-CSPs accredited by the CA.
What is an E-CSP?
E-CSPs are licensed providers recognized and authorized by the CA to issue, authenticate, renew, and revoke digital identity and trust services. Some common services E-CSPs offer include digital signatures, signer authentication, and PKI systems.
To ensure friction-free and tamper-resistant digital transactions, the CA conducts a rigorous process for the accreditation of E-CSPs in Kenya, where applicants are audited to see if they meet standards set for technical capabilities, security, and digital governance.The list of licensed and accredited E-CSPSs can be accessed here.
However, thanks to the Kenya Information and Communications Act, foreign E-CSPs can apply for accreditation in Kenya, opening opportunities for wider global collaboration in digital trust and identity services.
Who does this impact?
A large range of sectors and services fall under the CII classification issued in the gazette. From insurance providers, banks, and cellular network providers to real estate services, pharmacies, and transport, any CII provider that uses simple electronic signatures or digital signatures without proper E-CSP backing will have to explore alternatives to ensure their agreement management stays compliant with the CA's mandate.
How Zoho Sign helps CII providers comply with the CA mandate
Zoho Sign offers digital signatures backed by unique digital signature certificates tied to the signer. This protects the integrity and security of digital transactions. Zoho Sign is ideal for the secure transactions conducted by CII providers, as the platform offers:
Signer identity authentication
AES-256 encryption at rest and TSL/SSL protocol followed in transit
Non-repudiation of agreements
Audit trails providing a single source of truth
Integrations with government-based ID authentication services and E-CSPs for compliance and maintenance of global digital trust standards
Zoho Sign integrates with Geda by Evrotrust, an E-CSP recognized by the CA, and is also legally valid in Kenya as per the Kenya Information and Communications Act, No. 2 of 1998 (KICA).This makes it the perfect option if your organization regularly signs and manages large volumes of paperwork.
How Zoho Sign provides E-CSP-backed digital signatures
Simply put, Zoho Sign's integration with Geda, which is technologically supported by Evrotrust, lets you verify your signer's identity and enable signing through the bring your own key (BYOK) method. BYOK gives your signer control over their cryptographic keys in the cloud for an added layer of protection. This ensures that only the signer can access their keys.
But Zoho Sign is more than just your trusted digital signature partner. It also:
Automates agreement generation
Auto-fills fields
Highlights risks
Reminds you about deadlines
Generates reports and audit trails
Authenticates signer identity through ID verification
Streamlines approval workflows
Collects payments
Enforces eWitnessing
Offers signing from mobile devices
Connects with more than 50 business applications (including Google Workspace, Microsoft 365, Zapier, HubSpot, and of course, the Zoho suite)
With its court admissibility, E-CSP backed security, and a range of advanced features, Zoho Sign is the ideal agreement management partner for digital Kenya.
Zoho Sign has also been a consistent champion of digital trust strategies in Kenya and engages regularly with the CA to empower its digital trust frameworks.
Dennis Loyatum, Cyber Security Specialist at the Communications Authority of Kenya, addressing delegates at Zoholics Kenya 2024.
Zoho Sign experts were a part of the panel discussions at Kenya's Digital Trust Form 2025, National PKI Forum 2024, and the Kenya Internet Summit 2024, where they discussed policy strategies on trust services, collaborative capacity building, interoperability, cybersecurity, compliance, and legal frameworks with the CA, eminent government officials, legal consultants, and other beneficiaries. You can read more about these events here: NPKI Forum | KeNIC summit | Digital Trust Forum
Resources: Zoho Sign + Geda | Help guide | Blog | Tutorial video
Have questions or feedback? Reach out to us at support@zohosign.com or connect with us through the comment section below. Happy Zoho Signing!
Our local office address:
Zoho Corporation
5C, The Address
Muthangari Drive
Westlands
Nairobi
Phone: 080 0601 167
Comments