Answer ... Kenyan law does not regulate the creation of databases, record keeping or archiving generally. However, blockchain developers will encounter the following regulatory frameworks and accompanying issues.
Data protection and privacy: Kenya recently enacted the Data Protection Act (2019), which is largely modelled on the EU General Data Protection Regulation (GDPR). The act regulates the processing of (non-anonymised) personal data. For a detailed discussion of these challenges, see question 5.1.
Property in crypto-assets: Tokens (ie, digital assets that can be tokenised using a cryptographic protocol) are the main vehicles of value exchange within a blockchain system. However, no regulations specify which of such crypto-assets are considered property (eg, those that are not asset backed and derive their value mainly from scarcity), or whether some types of crypto-assets qualify as financial instruments. Moreover, conveyances of land can be effected only via written contract and must be authenticated and witnessed.
Anti-money laundering (AML) and know-your-customer (KYC) requirements: The Kenyan AML and KYC requirements are set out in the Proceeds of Crime and Anti-money Laundering Act.
The provisions on which entities can be caught under the reporting and monitoring obligations are drafted broadly and may include entities that employ blockchain technology. The act provides that the cabinet secretary in charge of finance may “designate such other business or profession in which the risk of money laundering exists..., to have to comply with the reporting and monitoring obligations”.
Blockchain technology poses a challenge with regard to compliance with KYC provisions. Practical recommendations would include:
- outsourcing the data validation function to external entities that can certify or validate the data being put into the blockchain, while responsibility and corresponding liability for compliance remains with the regulated entity; and
- using blockchain explorer software.
However, the Proceeds of Crime and Anti-money Laundering Act is silent on whether KYC due diligence obligations can be outsourced to third parties. That said, it does specifically prohibit the outsourcing of KYC due diligence obligations when transacting with jurisdictions that have been designated as high risk or are otherwise monitored by the Financial Action Task Force.
The Proceeds of Crime and Anti-money Laundering Act has extra-territorial application if the conduct in question would constitute an offence against a provision of any law in Kenya if it occurred in Kenya.
Taxation: Tax regulation in Kenya has only recently been updated to recognise income accrued from digital marketplaces. The Finance Act 2019 provides that income accruing from a digital marketplace falls within the ambit of taxable income. A ‘digital marketplace’ is defined as “a platform that enables the direct interaction between buyers and sellers of goods and services through electronic means”. This definition is broad enough to include a blockchain or distributed ledger technology (DLT) platform. The cabinet secretary in charge of finance has not yet promulgated the regulations that will put these provisions into effect.
Conflict of laws and dispute resolution: Distributed ledgers may have nodes (participants) located in multiple jurisdictions. This raises questions of governing law and jurisdiction. Kenyan law generally gives parties the freedom to choose the governing law and the forum for dispute resolution, except in relation to criminal offences and the protection of constitutional rights. The governing framework for blockchain should attempt to provide some clarity on how disputes should be resolved.