Identity verification in Kenya
Kenya is East Africa's largest economy, the birthplace of mobile money, and — since February 2024 — an FATF grey-listed jurisdiction racing to rebuild its AML credibility. The stack that matters: the POCAMLA 2009 framework as amended by the AML/CFT Laws (Amendment) Act 2023, the CBK Prudential Guideline CBK/PG/08 on Proceeds of Crime and Money Laundering, the CMA Guidelines on Prevention of Money
Documents supported
(Government IDs from 220+ countries)
Average verification time
Countries covered
(Government-issued IDs validated)
Market overview
Kenya has ~56 million people, a median age under 20, and is the fintech gateway to East and Central Africa. The country is the birthplace of mobile money: M-Pesa, launched by Safaricom in 2007, processes more than KES 40 trillion per year and covers >34 million active customers, more than the entire adult banked population of most neighbouring countries. Around the Safaricom orbit sits a dense tier of banks and challengers — Equity Bank, KCB Group, Co-operative Bank, NCBA, Absa Kenya, Standard Chartered Kenya, Stanbic Kenya, Diamond Trust Bank, I&M — and fintech EMIs and lenders like Cellulant, Pesapal, Chipper Cash, Tala, Branch, M-KOPA, Kwara and the SACCO digitisation wave. The Nairobi corridor hosts regional HQs for pan-African players, and Kenya routinely tops the ranks of Sub-Saharan
Supported documents
Didit templates cover national IDs, passports, residence permits and regional documents — plus 14,000+ documents globally for cross-border flows.
National Registration Bureau (NRB), Department of Immigration
Laminated card with 8-digit ID number, photo, fingerprint reference
Issued to citizens at 18. The de facto universal ID, accepted everywhere for KYC.
NRB
Polycarbonate card with microprocessor chip, MRZ, QR, embedded biometrics
Carries the Maisha Namba, Kenya's new lifetime unique personal identifier. Replaces the 2nd-gen ID for all new applicants and renewals.
NRB / ICT Authority
Virtual ID on smartphone
The digital counterpart to the Maisha Card; designed for remote verification.
Government of Kenya
Polycarbonate card issued under NIIMS
Struck down in January 2020 (Katiba Institute v AG) and again in October 2021 on data-protection grounds. Officially succeeded by the Maisha Namba programme. Still carried by some holders but not issu
Department of Immigration
ICAO-9303 biometric booklet with contactless chip
Chip-read with BAC/PACE; primary fallback for citizens without a current ID card.
Department of Immigration
Laminated/polycarbonate card
Required KYC document for non-citizens who are not on a work/visit permit basis.
Department of Refugee Services
Card issued to registered refugees and asylum seekers
Accepted for KYC in a growing number of financial institutions under UNHCR/FRC guidance.
Kenya Revenue Authority
Alphanumeric tax number with PDF certificate
Validated through the iTax portal; cross-checked in virtually every regulated onboarding.
Regulators
2019
supervised by CBK
supervised by SASRA
s exchanges, custodial wallets, payment-token and stablecoin providers; CMA licenses investment-type tokens and secondary markets — and makes VASPs reporting institutions under POCAMLA, with full CDD,
Principal Secretary Immigration
regulated
Master database linking Maisha Namba (unique identifier assigned at birth), Maisha Card (physical ID), Maisha Digital (virtual ID)
Kenya Revenue Authority
regulated
Government portal
regulated
BRS
open
Government & regulated databases
Compliance framework
AML framework
Supervised by Guidelines on Cyber Security for Payment Service Providers
Primary AML law. The Proceeds of Crime and Anti-Money Laundering Act, No. 9 of 2009 (POCAMLA) is the umbrella statute. It criminalises money laundering, creates the Financial Reporting Centre (FRC) as Kenya's financial intelligence unit, and imposes customer due diligence, record-keeping, and suspicious-transaction reporting obligations on "reporting institutions". POCAMLA has been amended several times — most significantly by the Proceeds of Crime and Anti-Money Laundering (Amendment) Act 2022
Data protection
Supervised by higher
The Data Protection Act 2019 restricts cross-border transfers of personal data: Section 48 permits transfers only where the data subject has consented, where the transfer is necessary for the performance of a contract, where it is necessary for reasons of public interest or legal claims, or where th
Penalties for non-compliance
- 2018 — NYS scandal fines. The CBK fined five commercial banks — KCB, Equity, Co-operative, Diamond Trust and Standard Chartered — a combined KES 392 million for AML failures tied to the National Youth Service corruption case. The fines were upheld on appeal and became the reference point for AML e
Use cases
Neobanks, EMIs, payment institutions, lenders, brokerages.
Kenyan retail bank and mobile-money onboarding has converged on a five-step pattern built on POCAMLA 2023, CBK/PG/08 and the CBK Guidelines on Cyber Security for PSPs:
Exchanges, custodians, wallets, on/off-ramps.
Until November 2025, virtual-asset activity in Kenya sat in a grey zone: CBK's repeated public warnings since 2015 discouraged banks from servicing exchanges, the Finance Act 2023 introduced a 3% Digital Asset Tax on the gross transfer value (later replaced on 1 July 2025 by a 10% excise duty on cry
Sports betting, online casinos, age-gated platforms.
Kenyan iGaming is one of the largest and most competitive markets in Africa, and has just been reset by the Gambling Control Act 2025. Under the new Act administered by the GRA:
Gig platforms, delivery, creator economy, e-commerce.
Kenyan digital marketplaces — Jumia, Kilimall, Copia (courts have dealt with its collapse but the model persists), Glovo, Bolt Food, Uber, Little, Wasoko and creator platforms — fall under the Data Protection Act 2019, the Consumer Protection Act 2012, and (where they handle funds) POCAMLA and CBK p
Biometric liveness
The Data Protection Act 2019 classifies biometric data as sensitive personal data and requires explicit consent, a clear lawful basis and a Data Protection Impact Assessment (DPIA) before large-scale biometric processing. POCAMLA and CBK/PG/08 do not prescribe a specific biometric modality, but the CBK Guidance Note on ML/TF Risk Assessment, the Cyber Security Guidelines for PSPs 2019 and the FATF action-plan work all push institutions toward facial biometrics with passive liveness for remote on
CERTIFICATIONS
Our platform meets the highest international standards for information security, data privacy, and biometric accuracy.
Full EU data protection compliance
Information security management
PAD (liveness + face match)
TRUSTED WORLDWIDE
Join thousands of companies that trust Didit for their verification needs
Didit’s NFC + active biometrics technology blocks the most advanced fraud scenarios, offering a level of security equivalent to or superior to in-person verification.
Spanish Financial Sandbox
CNMV, SEPBLAC & Spanish Treasury — Conclusions Report
Didit is an exceptionally valuable partner, delivering a stable and highly adaptable solution”.
Vuk Adžić
Head of the E-Business Department at Crnogorski Telekom
Didit offered us a robust technology with a simple implementation and adaptability to different markets”.
Fernando Pinto
CEO & CoFounder at TucanPay
Thanks to Didit we have been able to reduce manual processes and improve data extraction accuracy”.
Diana Garcia
Trust & Safety Executive at Shiply
Didit’s integration slashed verification times and costs, freeing resources for other projects”.
Guillem Medina
COO at GBTC Finance
Didit removed KYC costs, enabling faster scaling with high verification standards and less fraud.”
Paul Martin
VP Marketing & Growth at Bondex
Didit’s secure, user-friendly verification boosts customer trust and optimizes our process.”
Cristofer Montenegro
Executive assistant to the CEO at Adelantos
Didit ensures a precise, secure digital onboarding without slowing negotiations or client time.”
Ernesto Betancourth
Gerente de riesgos at CrediDemo
FAQ
Yes. Kenya permits remote KYC onboarding under its national AML framework, including document verification, biometric liveness and video identification where required by regulation.
Didit verifies all major national IDs, passports and residence permits issued in Kenya, plus 14,000+ document types globally for cross-border flows.
Didit charges $0.30 per verification with 500 free checks per month. No contracts, no minimums. Competitors typically charge $1.00–$2.50+ per verification.
Yes. Didit screens against 1,000+ global watchlists including PEP databases, sanctions lists (EU, UN, OFAC, OFSI), and adverse media — covering all AML obligations in Kenya.
Most regulated sectors in Kenya require or strongly recommend biometric liveness detection for remote onboarding. Didit provides ISO 30107-3 PAD Level 2 certified liveness.
Yes. Didit supports document verification, liveness, AML screening and ongoing monitoring aligned with Kenya’s crypto regulatory framework, including EU Travel Rule compliance where applicable.
Yes. Didit provides document-based age verification and identity confirmation suitable for Kenya’s iGaming regulatory requirements.
500 free verifications per month. No contracts, no minimums. $0.30 per verification after the free tier.
