Nairobi, July 24- The revelation that Ksh44.8 billion collected via the eCitizen platform is unaccounted for has stunned the country. But beneath the shocking figures lies a deeper, more systemic concern — Kenya’s growing dependence on private vendors to run critical state infrastructure.
A recent audit by Auditor General Nancy Gathungu has exposed glaring weaknesses not just in financial reporting, but in the very architecture of how Kenya’s digital government operates. The report shows that the government does not have full control over the eCitizen payments system, a platform it relies on to collect revenue for everything from passport applications to business registration.
Private Control of Public Systems
According to the audit, the eCitizen platform is run by a private consortium, ECS, made up of Webmasters Kenya, Pesaflow, and Olive Tree Media. Shockingly, the National Treasury has no signed service level agreements (SLAs) with these vendors. This lack of formalized control has rendered the government powerless in overseeing how billions in public funds are collected, stored, or reported.
Even more worrying is the clause in the contract that allows vendors to withdraw all technical infrastructure including software and systems if the agreement is terminated. This gives private entities the power to essentially shut down a national payments platform at will.
“This is a textbook case of surrendering digital sovereignty,” said one tech policy analyst, who asked not to be named. “If Kenya cannot operate its own digital revenue systems independently, what else is outsourced?”
A Weak Foundation for Digital Governance
The report highlights other systemic flaws, such as the absence of real-time monitoring tools, inconsistent reporting templates, and a fragmented approach to onboarding ministries, departments, and agencies (MDAs). Many MDAs operate in silos, with little to no coordination from the Treasury or Ministry of ICT.
Worse still, revenue collected through eCitizen was often retained by MDAs instead of being remitted to the Consolidated Fund, in direct violation of Article 206 of the Constitution.
“This is not just an accounting issue,” said Auditor General Nancy Gathungu. “It is a governance issue.”
Data Security and Public Interest
The eCitizen contract raises other troubling concerns, especially regarding data security and public accountability. The vendors are exempt from liability including for data loss and service outages — and the government is contractually obligated to insure them against claims.
This means that in the event of a major data breach or system failure, Kenyan taxpayers would foot the bill, not the service providers.
“This kind of agreement puts citizens at risk,” said a cybersecurity expert. “We don’t know how citizen data is stored, where it is stored, or who has access to it.”
Parliament Pushes Back
Two parliamentary committees Security and National Administration, and ICT have launched investigations into the eCitizen contract. Lawmakers are particularly concerned about the legality of the deal signed on May 25, 2023, and the level of power it grants to private vendors.
MPs are expected to summon Treasury Principal Secretary Chris Kiptoo and other officials to explain the terms of the contract and the whereabouts of the missing funds.
But even as investigations proceed, the bigger question remains: Should the Kenyan government continue to outsource critical national systems to private companies with minimal oversight?
A Wake-Up Call for Digital Kenya
The eCitizen debacle is not just a scandal about missing money, it’s a wake-up call about the urgent need to rethink how Kenya builds and secures its digital future.
Without strong institutional frameworks, enforceable accountability mechanisms, and full ownership of digital infrastructure, Kenya risks becoming a tenant in its own digital house.
