Kenya’s Draft National Data Governance Policy (NDGP) 2026 signals a significant evolution in the country’s digital policy framework. While Kenya’s data governance agenda has traditionally centred on privacy and personal data protection under the Data Protection Act, 2019, the Draft NDGP broadens the conversation to include the governance, utilisation and economic value of data, particularly non-personal data.  

The policy reflects a growing recognition that data has become a strategic economic resource, underpinning public administration, digital services, artificial intelligence, innovation, and economic growth.   

A central premise of the policy is that existing legal and institutional frameworks do not adequately govern non-personal data, public-interest data sharing, or the broader data value chain. While the Data Protection Act sets out clear obligations for the processing of personal data, significant regulatory gaps remain over the generation, access, sharing, reuse, and commercialisation of non-personal datasets.  

The policy therefore seeks to establish a governance framework covering the entire data lifecycle, from generation and collection to storage, processing, access, sharing, analysis, protection and reuse. This includes addressing emerging concerns about exploitative data-sourcing practices, such as unconsented web scraping, low-paid data annotation and the absence of benefit-sharing mechanisms for communities whose data contributes to commercial value creation.  

In effect, the NDGP represents a shift from viewing data solely as an object of protection to recognising it as a strategic national asset that requires stewardship, governance and economic management.  

The Data Governance Architecture  

To operationalise this vision, the policy proposes a comprehensive institutional framework centred on coordination, accountability and standardisation.  

At the national level, the proposed National Data Governance and Emerging Technologies Council would provide strategic oversight and policy direction. Supporting this structure would be a dedicated Data Governance Office, led by a National Chief Data Officer, responsible for implementation, standards development and coordination across government entities.  

The policy also adopts a whole-of-government approach, requiring Ministries, Departments and Agencies, as well as county governments, to designate data officers responsible for governance, compliance and data management. This reflects an effort to move data governance from a purely technical function to an enterprise-wide management responsibility.  

Interoperability and the Elimination of Data Silos  

A recurring theme throughout the policy is the need to address fragmented data ecosystems that constrain service delivery, policy coordination and innovation.  

The NDGP proposes developing national interoperability infrastructure, including a National API Gateway to enable secure, real-time data exchange across government systems, a National Data Asset Register to catalogue public-sector datasets, and authoritative “single source of truth” registries for key datasets, such as population, land and business records.  

For both government and private-sector stakeholders, these reforms could substantially improve data discoverability, reduce duplication, enhance service integration, and create opportunities for data-driven innovation.  

Creating the Foundations of a Data Economy  

Perhaps the most consequential aspect of the policy is its explicit recognition of data as a factor of production. The NDGP proposes developing a regulated data economy, supported by data marketplaces, data intermediaries and standardised licensing frameworks that facilitate lawful data sharing and reuse. The policy also introduces the concept of benefit-sharing, in which public- or community-generated data contributes to the creation of commercial value.  

Strengthening Trust Through Governance and Literacy  

Recognising that trust remains a critical enabler of data-driven innovation, the policy includes measures to strengthen ethical data use and public confidence.  

These include the introduction of Data Governance Impact Assessments for high-risk data processing activities, enhanced governance requirements for emerging technologies such as artificial intelligence, and the integration of data literacy and ethics programmes across the public sector, private sector and education system. By embedding digital and data literacy across primary through tertiary education, the policy seeks to ensure that citizens understand the opportunities and risks of the data economy, including awareness of their rights and responsibilities in increasingly data-driven environments.  

Conclusion  

Organisations may face new obligations regarding data inventories, sharing protocols, governance frameworks, reporting requirements and participation in national interoperability initiatives. At the same time, improved access to trusted datasets, clearer rules for data sharing and the emergence of data marketplaces could unlock new opportunities for innovation, product development and artificial intelligence deployment.  

The policy, therefore, presents both a compliance challenge and a strategic opportunity. As implementation begins in July 2026, organisations that treat data not merely as an operational by-product but as a governed strategic asset will likely be best placed to benefit from Kenya’s transition to a data-driven economy.