Kenya’s flagship digital payment platform, eCitizen, is under fire following a parliamentary probe that has laid bare glaring contractual gaps and questionable governance frameworks, raising fears over data security and potential misuse of billions in public funds.
The revelations emerged during a session by the National Assembly’s Administration and Internal Affairs Committee, which is scrutinizing the contract governing the operations of eCitizen a mandatory portal for accessing and paying for government services.
MPs expressed outrage that the multibillion-shilling agreement was not signed by key state officials, including the Attorney-General, the Treasury Cabinet Secretary, or the Interior Ministry Cabinet Secretary, despite the platform handling payments worth “trillions of shillings” across various ministries.
Equally troubling is a clause that reportedly grants the private consortium managing the platform comprising Webmasters Kenya, Pesaflow, and Olive Tree the right to “rescind, withdraw or otherwise uninstall” the system’s infrastructure upon contract termination. Legislators warned that such provisions could leave the country’s digital backbone exposed and critical government data at risk.
“This is a national security issue. A platform that processes all payments and sensitive citizen data cannot be operating without proper oversight or ministerial accountability,” said a visibly concerned committee member during the session.
ALSO READ: Number Of Kenyans Waived By KRA Under Tax Amnesty Program
The concerns come amid a special audit by the Office of the Auditor-General, prompted by Sh44.8 billion in unexplained discrepancies in eCitizen’s financial records for the 2023/24 fiscal year. The audit seeks to determine the reliability of the revenue data captured on the platform, after inconsistencies were flagged between the revenue statements, e-portal system, and the government ledger.
Principal Secretary for Immigration and Citizen Services, Bellio Kipsang, came under fire for failing to provide key documents and explanations surrounding the contract. Lawmakers noted that it was the CEO of the ICT Authority considered a junior official who signed the agreement on behalf of the government, instead of appropriate ministerial heads.
Further scrutiny revealed that the contract, which is valid from 2023 to 2026, lacks specific effective and due dates creating what MPs described as a loophole that could be manipulated “at the government’s expense.”
With Kenya ramping up its digital transformation efforts, legislators are now calling for a complete overhaul of eCitizen’s operational framework to ensure transparency, accountability, and national data integrity.
The platform, introduced in 2014 and expanded under the Ruto administration, has become a central pillar of the government’s service delivery system.
In August 2023, President William Ruto directed that all payments for government services be made exclusively through eCitizen in a bid to seal revenue leakages and boost efficiency.
READ: NSSF Savings Skyrockets As State Enforces 2013 Act
However, the lack of a solid data protection framework, combined with revelations that the system is not registered with the Office of the Data Protection Commissioner as a data processor or controller, has now cast a shadow over its credibility.
As the special audit continues, Kenyans will be watching closely. What was once hailed as a symbol of digital progress is now a flashpoint in the ongoing debate around data security, public trust, and accountability in government digitization.
Lawmakers are expected to table their recommendations once the audit is complete, but early indicators suggest a push for the renegotiation of the contract, greater ministerial oversight, and stricter legal frameworks governing public-private partnerships in digital service delivery.
