Kenyan authorities have issued a demand that SpaceX’s Starlink satellite internet provider supply national identity cards, postal addresses and phone numbers of its subscribers to aid efforts to counter cybercrime, a requirement that is prompting debate around privacy, surveillance and regulatory compliance. The move stems from updated rules that bring satellite internet services fully under local ICT subscriber registration regulations.
In a February 2026 announcement, the Communications Authority of Kenya (CA) required all Internet services, including satellite providers such as Starlink, to register customers with detailed personal information, including government issued identification and contact details. Kenyan regulations already require mobile phone operators to capture similar subscriber details to help authorities investigate and prevent fraud and other unlawful activities.
Starlink users in Kenya have been told they must complete an identity verification process that includes submitting a government issued ID and other personal details. Customers were informed that if they fail to do this by April 30 2026, their services risk interruption. The company notified users that completion of identity verification in person at authorised Starlink retailers is required under local directives.
Supporters of the regulation note that requiring accurate subscriber data helps law enforcement tackle phone based crime and cybercrime. In Kenya, strict Know Your Customer requirements are already part of telecoms regulation, designed to prevent fraud, scam operations and other online misconduct. Tying accounts to verified physical identities is intended to give authorities clearer information about who is accessing digital services and from where, making it easier to trace malicious activity back to responsible parties.
However critics and digital rights advocates are raising concern over surveillance and privacy risks associated with such data collection. Mandating submission of personal identification information, including photos of IDs and detailed address information, expands the scope of what is collected and can be stored by authorities and service providers. In a context where online data misuse has been flagged by users and data protection advocates, questions linger over how this sensitive information will be stored, secured and accessed.
Kenya’s Data Protection Act, 2019 sets out principles for the lawful and transparent processing of personal data, including explicit consent requirements and limits on data collection. While the regulatory push aims to strengthen cybercrime enforcement, the broad collection of user data may run up against privacy expectations and raise concerns about how personal information will be treated once in the hands of both the company and government agencies. This is particularly relevant in cases where enforcement mechanisms already rely on traditional telecom subscriber registration systems.
From a policy perspective, balancing cybersecurity needs with privacy protection is critical. Kenya is not the first jurisdiction to require internet service providers to keep detailed subscriber records, but the inclusion of satellite services like Starlink whose users often rely on connectivity in remote areas underscores how tech regulation is evolving to encompass new technology models.
As the April 30 deadline nears, understanding how the data will be managed and the safeguards in place to protect subscriber privacy could influence public acceptance of the requirement. Clear guidance on data use, retention and access rights will be vital to alleviate concerns while delivering on the law enforcement objectives that motivated the demand.
