Who Controls Your Data? Lessons from Kenya’s eCitizen Platform

In the era of digital government, the question is no longer whether services should be digitized, but how they are governed. Kenya’s ambitious eCitizen platform, hailed as a one-stop shop for accessing over 20,000 public services, has become the center of both innovation and controversy. Two key documents shed light on its underlying fragilities: a 2019 court case (Goldrock Capital v Cabinet Secretary, Treasury & Others) and a 2025 Special Audit Report by the Auditor-General.

Together, these documents reveal a sobering reality — Kenya’s digital revenue infrastructure may be thriving on weak governance, blurred ownership lines, and troubling lapses in data protection.

Executive Summary of the Special Audit on the Government Digital Payments Platform (eCitizen)

The special audit on the eCitizen platform, presented to the National Assembly Public Accounts Committee by the Office of the Auditor-General, highlights critical issues in governance, management, and revenue collection. The audit found significant gaps in the platform’s operation despite its potential to enhance transparency and service delivery. The report recommends a legal framework, unconditional handover of the platform from vendors, and enhanced system functionalities to ensure prudent use of public resources.

Key Audit Findings

The audit identified several weaknesses in the platform’s operation:

• Governance and Legal Issues: The platform operates without a comprehensive legal framework or a clear governance structure, which creates risks of non-compliance and inefficient service delivery. There are no documented Standard Operating Procedures (SOPs) for daily operations, leading to inconsistencies and potential data breaches. Furthermore, there were no Service Level Agreements (SLAs) with Financial Service Providers, which has led to significant funds being held in collection accounts.
• Ownership and Control: The government took ownership of the eCitizen platform in August 2017 after a handover from the World Bank/IFC. However, it was unclear how ownership and control reverted to the vendor, Webmasters Kenya Limited, who then “retransferred” it in January 2023. This continued reliance on the vendor creates a single point of failure and a strategic risk for public service delivery.
• Implementation and Operational Challenges: The platform’s implementation deviates from its design to automatically settle revenue in real time. Instead, a manual process of bulk fund transfers from a Settlement Account to MDAs and County Governments causes an average delay of eight days, which negatively impacts the MDAs’ cash flow and service delivery. The audit also found an unaccounted balance of Kshs.2.57 billion in the Settlement Account that could not be linked to any invoices and should be refunded to payees.
• Impact on MDAs: The eCitizen platform has increased the workload for MDAs due to the manual reconciliation required between the platform’s reports and the funds received. Inconsistencies in settlement reports were also noted, such as a variance of Kshs. 515 million for the Tourism Fund, which suggests revenue is being withheld and raises concerns about the system’s reporting reliability. Additionally, levying a standardized convenience fee on low-priced goods and services makes them uncompetitive.
• Irregularities in Revenue Collection: The audit revealed several irregularities, including:
  • Irregular Payments: Payments totaling Kshs. 492 million and USD 414,000 were made to a company, Electronic Citizen Solutions Ltd, that was not a party to the contract.
  • Unauthorized Diversion: Funds amounting to Kshs. 68 million and USD 48 million were collected from an unapproved account named ‘pesaflow.’
  • Unauthorized Transfers: Four transactions totaling Kshs. 127 million were made from the Paybill 222222 account directly to private entities instead of the designated Settlement Account.
  • Unauthorized Gateway: The eCitizen platform had two parallel Pesaflow Payment Gateways without evidence of authorization from the National Treasury.
  • Irregular Convenience Fee: A flat fee of Kshs. 50 was charged per transaction instead of the prorated percentage required by Gazette Notice No. 9290 of 2014. This resulted in an irregular collection of Kshs.1.8 billion and USD 3.3 million. A similar overcharge of Kshs. 30 million and Kshs. 319 million was found between December 14, 2023, and June 30, 2024, on the two gateways.

A Legal Storm: Goldrock Capital vs. the State

These audit findings echo the earlier warning signs in the 2019 Goldrock Capital v Cabinet Secretary, Treasury case. Goldrock claimed it was unlawfully denied Ksh. 127 million in convenience fees collected via Paybill 206206 — a mobile payment number it operated for the eCitizen platform. The court noted that Webmasters Kenya Ltd was the primary owner and operator of the platform and was responsible for subcontractors like Goldrock.

Crucially, the court rejected Webmasters Kenya’s argument that it was uninvolved, ruling that it was a necessary party given its central role in collecting and disbursing digital revenues. The case also exposed serious lapses in contract enforcement, vendor oversight, and transparency.

Recommendations for Reform

To address the systemic issues raised in both the audit and litigation, several urgent steps are recommended:

1. Establish a legal framework and oversight body for the eCitizen platform’s governance, operations, and data handling.
2. Ensure the unconditional handover of the platform, including source code, administrative rights, and data, from all vendors to the government.
3. Develop and enforce Standard Operating Procedures (SOPs) for platform operations, especially around onboarding, settlement, and data access.
4. Automate collections and reconciliations, allowing for real-time transfers to MDAs and removing reliance on manual settlements.
5. Audit and refund unaccounted or irregularly charged convenience fees, particularly those charged contrary to gazetted regulations.
6. Investigate and recover unauthorized transfers, including those made to private accounts outside formal banking channels.
7. Implement a robust data protection regime, including Data Protection Impact Assessments (DPIAs) for all new integrations and changes.

Conclusion: Digital Sovereignty or Digital Dependency?

Kenya’s digital transformation journey has produced remarkable progress in public service access. But as these revelations show, technology without control is a governance risk. A platform that handles billions in public funds and processes sensitive citizen data must be firmly within the legal, technical, and ethical control of the state, not private vendors.

Digitization is not just about building systems. It is about building trust. Until Kenya addresses the ownership, data protection, and governance weaknesses in the eCitizen platform, it risks delivering public services through a system it doesn’t fully own or understand.