Liability of telecom providers in unauthorised SIM lending – High Court issues key ruling

9 May 2025 The High Court has recently held that telecommunications companies cannot automatically be held liable for unauthorised lending or adverse credit listings arising from SIM cards they have been registered, provided that they have complied with all relevant registration requirements. In this case, the plaintiff alleged that Safaricom PLC (Safaricom) had unlawfully registered a SIM card using his national identity card without his consent. The mobile number associated with the SIM card was subsequently used to obtain loans from third parties, resulting in a negative credit listing by a credit reference bureau (CRB). The plaintiff sought orders: declaring the registration of the SIM card illegal; holding the defendant liable for any loans obtained using the mobile number, and; requiring the defendant to secure his clearance from the CRB. Findings The High Court found that Safaricom had complied with all applicable laws regarding SIM card registration and verification protocols, and had played no part in the loan transaction or the subsequent CRB listing. As a result, the High Court held that the defendant could not be held liable for unauthorised lending conducted through the SIM card in question. The court further emphasised that imposing such obligations on mobile operators would create an unmanageable burden and could hinder the growth of Kenya’s digital financial ecosystem. This decision reinforces the legal principle of causation, whereby liability only arises if there is a direct and attributable link between the alleged wrongful act and the resulting harm. Conclusion The High Court’s decision underscores the importance of clearly delineating the roles of different entities involved in the provision of fintech services. Each party must perform its role under the applicable laws to mitigate the risk of liability. In this instance, the defendant’s role was limited to providing and maintaining the platform used by the parties, which it did in compliance with the law, and was therefore not found culpable. Given the High Court’s suggestion that the appropriate parties to be sued would have been the lending institution and/or the CRB, these entities need to consider what additional measures they can implement to mitigate liability arising from parts of their services conducted through third-party systems and infrastructure. For instance, in this case, lending institutions and CRBs should consider enhancing their due diligence processes to better manage such risks.