Skip to main content

Kenya Fintech Pack

Overview

KenyaFintechCompliance covers AI agents operating in Kenya's financial sector. It applies the Kenya Data Protection Act 2019 enforced by the Office of the Data Protection Commissioner (ODPC), combined with universal agent-safety policies.

from comply54 import KenyaFintechCompliance

compliance = KenyaFintechCompliance()
result = compliance.check(
    action="export_data",
    params={"destination_country": "CN", "data_type": "biometric"},
)
print(result.overall)   # "deny"

Included packs

Pack IDRegulationAuthorityKey controls
kenya/kdpaKenya Data Protection Act 2019ODPCCross-border restrictions §48, biometric prohibition, consent
universal/pii-leakageOWASP LLM01OWASPPII, financial identifiers in agent outputs
universal/prompt-injectionOWASP LLM01OWASPIndirect and direct injection patterns
universal/tool-permissionsOWASP LLM08OWASPExcessive tool scope
universal/human-approvalOWASP LLM08OWASPIrreversible or high-impact actions

Decision matrix

Data exports

DestinationData typeDecision
KenyaAnyallow
EAC / AU adequacy partnerNon-sensitiveallow
Non-adequate countryPersonal dataescalate — ODPC notification required
Any countryBiometric datadeny

Data collection

ScenarioDecision
Consent documentedallow
No consent, non-sensitive dataescalate
No consent, sensitive/biometric datadeny

Usage

from comply54 import KenyaFintechCompliance

compliance = KenyaFintechCompliance()

# Cross-border data export
result = compliance.check(
    action="export_data",
    params={
        "destination_country": "US",
        "data_type": "customer_pii",
        "record_count": 1000,
    },
    context={"consent_documented": True, "odpc_notification": False},
)

if result.overall == "escalate":
    # ODPC notification required before export can proceed
    notify_odpc(result.audit_id)

Properties

compliance = KenyaFintechCompliance()
compliance.jurisdictions   # ["KE"]
compliance.pack_ids        # ["kenya/kdpa", "universal/pii-leakage", ...]