Kenya's Maisha Namba digital ID is back in the headlines for the same reason its predecessor, Huduma Namba, ended up shelved in 2021: not because the technology is wrong, but because the procedural homework keeps coming late. As Nairobi deepens cooperation with New Delhi under India's '50-in-5' Digital Public Infrastructure (DPI) export push, the project sits at an awkward intersection — the strongest open-source identity stack on the market on one side, and a domestic legal record that keeps tripping over data-protection fundamentals on the other.
Our view at People of Internet is straightforward: Kenya's choice to build on the Modular Open Source Identity Platform (MOSIP), developed in Bengaluru, is a good one. The alternative — a proprietary, vendor-locked national ID — would be worse for innovation, worse for cost, and worse for sovereignty. But good infrastructure cannot launder bad process. Until Kenya runs the Data Protection Impact Assessment (DPIA) and public consultation that its own courts have repeatedly ordered, every fresh rollout invites another injunction.
The MOSIP Bet, in Context
MOSIP was incubated at IIIT-Bangalore as a foundational identity platform that countries can adopt, fork, and host themselves rather than licensing a foreign vendor's black box. The Philippines (PhilSys), Morocco, Ethiopia, Sri Lanka and Togo have all built national IDs on it. Kenya joined that list when it began Maisha Namba enrolment in late 2023.
The strategic logic is sound. Open source means Kenyan engineers can audit the codebase, fix bugs, and shape the roadmap rather than file support tickets with a multinational. The platform is modular: a country can pick biometrics, deduplication, credentialing, or wallet components without taking the whole bundle. And the cost curve is far better than what proprietary alternatives have historically charged African states. India's 50-in-5 initiative, launched at the UN General Assembly in 2023 with co-sponsorship from Norway, Sierra Leone, Brazil and others, is essentially an effort to scale this playbook across 50 countries by 2028 — covering ID, payments, and consented data sharing.
For a continent where roughly 470 million people still lack legal ID, according to World Bank ID4D estimates, this is exactly the kind of South-South tech transfer that should be encouraged, not viewed with suspicion. The geopolitical hand-wringing about 'India exporting Aadhaar' confuses a software stack with a policy regime. MOSIP is not Aadhaar. What countries build on top of it — the legal safeguards, the exclusion remedies, the scope-creep limits — is a domestic choice.
Where Kenya Keeps Stumbling
That domestic choice is precisely where Kenya keeps getting it wrong. In October 2021, the High Court in Katiba Institute v Attorney General halted Huduma Namba rollout because the government had skipped the DPIA required by Kenya's Data Protection Act, 2019. The remedy was simple: do the assessment, publish it, consult the public, then proceed.
The Ruto administration's relaunch as Maisha Namba in 2023 promised a cleaner slate. Yet by 2024 the program was back in court. The Haki na Sheria Initiative and other petitioners argued that the same procedural defects — no published DPIA, no meaningful consultation, no clear answer on how marginalised communities (Nubians, Somalis, coastal Muslims) who have historically faced 'vetting' for ID would be protected from algorithmic exclusion — had simply been rebadged.
According to reports, the High Court has repeatedly directed the government to complete and publish the DPIA before further enrolment expansion, and the Office of the Data Protection Commissioner has flagged concerns about lawful basis and data-sharing arrangements across ministries. Even with those orders pending, Nairobi has continued to deepen DPI cooperation with India — including additional MoUs in 2025 covering payments, data exchange and digital credentials.
The Proportionate Path Forward
None of this is an argument against Maisha Namba. It is an argument for sequencing.
- Publish the DPIA first. Not after enrolment hits a politically convenient milestone. The DPIA is not paperwork; it is the document that forces the state to articulate purpose limitation, retention periods, and access controls in writing.
- Build the exclusion remedy. Every digital ID program creates a non-trivial population that cannot or will not enrol. The proportionate design is to guarantee that public services remain accessible offline, with a real grievance channel — not a 'visit the nearest county office' fiction.
- Codify scope limits. India's Aadhaar experience shows that the political temptation to bolt the ID onto every transaction is enormous. Kenya should legislate a closed list of permissible uses, with parliamentary approval required to expand it.
- Keep MOSIP open. The Kenyan deployment should remain auditable by independent researchers and civil society, with source-code transparency for any local modifications.
Why This Matters Beyond Kenya
The 50-in-5 push is, on balance, a good thing for the open internet and for innovation in the Global South. Aadhaar's flaws are real, but the alternative being offered to most African and South-East Asian states a decade ago — single-vendor, biometric-heavy, closed-source national IDs sold by Western and Chinese firms — was significantly worse on cost, lock-in and sovereignty. An open-source, modular base is a structural improvement.
But DPI is not magic. It is infrastructure, and infrastructure inherits the politics of whoever builds it. Kenya has a chance to become the textbook case for how MOSIP should be deployed — with the DPIA done up front, exclusion handled by design, and scope tightly bounded by statute. Or it can become the textbook case for the opposite. The technology is not what decides which.