When Rose Kendagor walked into her disciplinary hearing on 13 June 2017, she did so accompanied by her advocate — a prudent step, as events would confirm. By 21 June 2017, her contract had been terminated. What followed was eight years of litigation, culminating in a judgment by the Honourable Justice L. Ndolo of the Employment and Labour Relations Court, delivered on 9 October 2025.

The backdrop was deceptively straightforward: Kendagor, a Project Officer at Dig Deep (Africa), had been expressly instructed not to communicate with a former colleague — Caroline Kiugo — who was herself under live disciplinary investigation. Kendagor had forwarded work-related emails from her official account through her personal Gmail to Kiugo, between 17 and 19 May 2017. She had then, according to screenshots adduced by the employer, attempted to delete the email trail. The double whammy of insubordination and evidence-tampering proved fatal to her claim.

But the case is far more interesting than a standard insubordination dismissal. Layered beneath the facts were three questions of considerable constitutional and legal weight: the scope of an employee's freedom of association under Article 38 of the Constitution; the right to privacy over communications made using an employer's electronic systems (Article 31); and whether a disciplinary panel composed exclusively of external persons is permissible under the Employment Act, Cap. 226.

Kendagor's most striking ground was that the evidence used against her had been procured illegally — the employer had accessed her private email without consent, violating her constitutional right to privacy under Article 31 of the Constitution of Kenya 2010. The argument had teeth: in an era of pervasive digital monitoring, the weaponisation of personal communications data in employment proceedings is neither hypothetical nor uncommon.

The employer's answer was direct: the investigation had been conducted on Kendagor's office computer, using the employer's internet infrastructure, pursuant to clauses 30.16 and 30.18 of the Staff Handbook — clauses Kendagor had signed off on. Those clauses notified employees that personal use of institutional systems could be monitored and that the employer reserved the right to retrieve message contents for the purpose of investigating wrongful acts. In short, the surveillance was contractually disclosed and operationally justified.

Relying on Peter Apollo Ochieng v Instarect Ltd [2017] eKLR and Musa & another v Makini Schools Limited [2025] KEELRC 17 (KLR), the court affirmed a principle now firmly embedded in Kenyan employment jurisprudence: where an employee uses an employer's equipment, networks, and working time to transmit communications, those communications are the employer's property. The right to privacy does not extend to shield an employee's conduct on institutional infrastructure that they knew was subject to monitoring.

What the judgment does not address — and what remains a live question — is whether the employer's right to monitor would survive scrutiny under the Data Protection Act (Cap. 411C) and the Data Protection (General) Regulations 2021. Under that framework, an employer processing employee communications data must satisfy at least one lawful basis under Section 30 of the Act; must disclose processing activities through a privacy notice; and must, where monitoring involves systematic or large-scale processing, carry out a Data Protection Impact Assessment. A Staff Handbook clause, standing alone, may no longer be sufficient legal architecture.

Kendagor's secondary constitutional challenge invoked Article 38 of the Constitution — freedom of association — arguing that the instruction not to communicate with Kiugo was an unlawful infringement. The court gave this short shrift: the instruction was a reasonable and necessary limitation under Article 24(1)(d) and (e), protecting the integrity of live disciplinary proceedings without overstepping the bounds of proportionate managerial intervention.

On panel composition, the court tested the matter against Section 41 of the Employment Act, Cap. 226: was the employee informed of the grounds for termination; was she given opportunity to respond; and was a representative of her choice permitted to attend? All three conditions were satisfied. The Act, the court held, imposes no prohibition on externally constituted disciplinary panels. The minimum statutory standard is a floor, not a ceiling.

For advice on employment contracts, workplace investigations, or Data Protection Act compliance, contact Serah J & Company Advocates.

This article is prepared for general informational purposes only. It does not constitute legal advice and does not create an advocate-client relationship.

Every year, thousands of Nairobi residents sign tenancy agreements they have never properly read. They sign in excitement — new apartment, new neighbourhood, fresh start. They sign under pressure — the landlord wants the deposit by Friday or the unit goes to the next applicant. They sign because the document looks official, was prepared by a law firm, and surely cannot be that unreasonable.

The draft agreement considered in this analysis was prepared on behalf of a landlord, in respect of a two-bedroom apartment at a mid-to-upper market residential complex in Kileleshwa. Monthly rent: Kshs. 90,000. A clause-by-clause legal review identified fourteen issues — some technical, several with direct financial consequences running into hundreds of thousands of shillings, and at least two that were, on any fair reading, legally indefensible.

The title page read: "DATED THE DAY OF 2026." Both blanks were empty. This is not a minor administrative oversight. An undated agreement creates genuine legal ambiguity about when the tenancy commenced, when notice periods begin to run, and when the tenant's right to renew crystallises. Under the general law of contract in Kenya, an undated instrument may be challenged as to whether it has taken effect at all.

The lesson: Never sign an undated document. Fill in the date before you sign — or refuse to sign until it is done. This applies to any legal instrument, not only tenancy agreements.

One clause required the tenant to pay, on demand, "all Value Added Tax, other taxes, assessments, penalties, or other amounts payable of whatsoever nature now or hereinafter imposed… in respect of the Rent." Under the VAT Act, Cap. 476, residential rental income in Kenya is exempt from VAT. Under the Income Tax Act, Cap. 470, rental income tax is levied on the recipient of rent — the landlord, not the tenant. The phrase "hereinafter imposed" compounds the exposure: any future tax Parliament might introduce would automatically become the tenant's liability, with no cap and no right to negotiate.

The lesson: Tax clauses in residential leases are frequently boilerplate copied from commercial agreements. The law — Cap. 470 and the VAT Act , Cap. 476 — is on the tenant's side. Question every open-ended tax clause.

The deposit was Kshs. 180,000 — two months' rent — to be refunded "at the termination of this Lease… without interest." No deadline. No timeline. No mechanism for disputing deductions. "At the termination of this Lease" is not a refund obligation — it is a trigger event. A landlord who refunds the deposit six months after the tenant vacates, having made undisclosed deductions, would on the face of this clause be in technical compliance.

The lesson: Always negotiate a specific deposit refund deadline — 30 days is standard and reasonable. Insist on written notice before any deduction is made.

The agreement required the tenant to deliver vacant possession fifteen clear days before the end of the notice period to enable repairs. On a one-month notice period, the tenant would physically vacate while continuing to pay full rent for fifteen days. The deposit — not an accelerated departure — is the correct mechanism for covering end-of-tenancy repair costs.

The lesson: Requiring early vacation on top of holding a deposit is double-charging. Resist it.

Near the end of the landlord's lawyers' response letter came a footnote: "Note our client informed us that the termination period was two (2) months notice (and in error we indicated one (1) month) which was agreed by the parties as this would give our client time to market the premises." The draft agreement said one month. In two places. And now, mid-negotiation, the real agreement had always been two months — citing an oral understanding. Whatever was said across a viewing, whatever the agent communicated — if it is not in the written agreement, it does not exist for legal purposes.

The lesson: Get everything in writing. The moment something is left to oral memory, it becomes a dispute waiting to happen.

For advice on tenancy agreements, lease negotiations, or conveyancing matters, contact Serah J & Company Advocates.

This article is prepared for general informational purposes only. It does not constitute legal advice and does not create an advocate-client relationship.

Construction contracts in Kenya are frequently drafted by contractors or their architects. They are rarely balanced. An employer who signs without legal review is not a client who has saved on legal fees — they are a client who has deferred a far greater cost to a later and more painful date.

We recently reviewed a construction contract for fitout works on a residential property in Migori — a twelve-scope project valued at Ksh 16.2 million (approximately Ksh 18.8 million inclusive of VAT at 16%), with works scheduled to run from May to December 2026. Six critical gaps were identified — none of them unusual. They are the norm in contractor-drafted construction agreements in Kenya.

No milestone-linked payment schedule. Only the first instalment had a trigger event. Six further instalments — totalling over Ksh 12.9 million — had no milestone attached. The contractor could demand payment on any timeline it chose.

No defects liability period. Once the employer approved completion, there was no contractual mechanism to compel the contractor to return and fix defective work at its own cost.

No delay penalty. There was a completion date but no consequence for missing it. Without a liquidated damages clause, proving actual loss in court under the Civil Procedure Act, Cap. 21 is difficult, slow, and expensive.

VAT hidden in a sub-clause. A single sub-clause noted that VAT was excluded — adding Ksh 2.59 million to the total liability with no prominence given to the true all-in cost.

No NCA registration requirement. The National Construction Authority Act, Cap. 118 requires contractors to be registered with the NCA. This obligation was nowhere in the contract.

Mediation with no binding fallback. If mediation failed, there was no agreed next step — no arbitration pathway, no litigation mechanism. A dispute would default to unstructured court proceedings.

1. Fixed Lump Sum — No Re-measurement. The original contract described a fixed sum in one clause, then allowed final payment to be recalculated on "actual quantities" in another — a direct contradiction. The contract was amended to make unambiguously clear that the price is fixed, and the only mechanism for adjusting it is a written, signed Variation Order agreed by both parties.

2. Milestone-Linked Payment Schedule. Every instalment was tied to a specific, measurable site milestone — foundations and slab, roofing and drainage, finishes, and so on. No milestone achieved, no payment due.

3. Advance Payment Guarantee. The first instalment was 20% of the contract sum — over Ksh 3.2 million — payable before a single brick was laid. We introduced a requirement for the contractor to provide an unconditional, on-demand Advance Payment Guarantee issued by a licensed bank or insurer before those funds are released.

4. Certified Valuations. The original contract allowed payments based on valuations prepared by the contractor itself. We amended this to require that all payment claims be certified by the employer's appointed quality control representative before they become due.

5. Liquidated Damages for Delay. We introduced a Liquidated and Ascertained Damages (LAD) clause. The parties agreed the weekly rate — 0.1% of the contract sum per week is a reasonable starting point. Without it, an employer who suffers loss from a contractor's delay must prove that loss in court. LADs convert that uncertainty into a pre-agreed, deductible sum.

6. Defects Liability Period and Retention. We introduced a 12-month Defects Liability Period (DLP) commencing on Practical Completion, and restructured the final two instalments as a 10% retention sum: 5% released on Practical Completion, and the remaining 5% held until all defects notified during the DLP have been rectified.

7. Insurance Pre-Conditions. We amended the contract to require production of certified insurance certificates — contractor's all risks, public liability, and workmen's compensation under the Work Injury Benefits Act, Cap. 236 — before commencement and before release of the first payment.

8. NCA Registration and Subcontracting Controls. Under the National Construction Authority Act, Cap. 118, contractors are required to be NCA-registered. We made this a contractual condition precedent, required production of a current NCA certificate before first payment, and restricted subcontracting to parties approved in writing by the employer.

9. Tiered Dispute Resolution with Binding Fallback. We replaced the mediation-only clause with a three-tier mechanism: negotiation (14 days), then mediation, then — if mediation fails — binding arbitration under the Nairobi Centre for International Arbitration (NCIA) Rules pursuant to the Arbitration Act, Cap. 49, or litigation in the High Court of Kenya.

For advice on construction contracts, commercial agreements, or dispute resolution, contact Serah J & Company Advocates.

This article is prepared for general informational purposes only. It does not constitute legal advice and does not create an advocate-client relationship.

The Law of Succession Act, Cap. 160 of the Laws of Kenya governs both testate and intestate succession. Part V of the Act (Sections 35–42) sets out the rules of intestate distribution. The Act applies to all persons domiciled in Kenya at the date of death, subject to the express exclusions in Section 2(3) — most notably that it does not apply to the estate of a Muslim whose personal law governs succession, nor to agricultural land in certain circumstances governed by customary law where that law is preserved by the applicable land legislation.

Under Section 35, where the deceased leaves a surviving spouse and children, the spouse is entitled to the personal and household effects absolutely, a life interest in the remainder of the net estate (the "personal chattels"), and — critically — only a life interest in the matrimonial home if it forms part of the estate. Absolute ownership of the matrimonial home does not pass to the surviving spouse on intestacy; it passes to the children on the death of the surviving spouse. This is a point that surprises many families.

Where the deceased leaves no surviving spouse, Section 38 provides that the estate passes to the surviving children in equal shares. The Act's concept of "child" is broad — under Section 3, it includes any child born within or outside marriage, and adopted children. Stepchildren who have not been formally adopted or for whom a person has not assumed permanent responsibility; are, however, excluded from the statutory definition.

One of the most contested areas of succession practice in Kenya arises at the intersection of the Law of Succession Act, Cap. 160 and the land registration statutes — in particular the Land Registration Act, Cap. 300 (which repealed the Registered Land Act) and the Land Act, Cap. 280. A beneficiary who obtains a grant of letters of administration and a succession certificate must still have the title to land registered in their name under the Land Registration Act. Until registration is effected, the deceased's name remains on the title — and in practice, property can remain in a deceased person's name for decades.

Generally, letter of administration or grant of probate, standing alone, does not transfer title to land. The formal process of transmission under the Land Registration Act must be completed. Beneficiaries who believe that obtaining probate completes the process are mistaken; it is the beginning of it.

Kenya's Marriage Act, Cap. 150 recognises customary marriages, which may be polygamous. The Law of Succession Act, Cap. 160 does not create a hierarchy among wives in a polygamous union — all are entitled to share in the estate as "surviving spouses" under Section 40. In practice, disputes about the number of recognised marriages, the legitimacy of children from different unions, and the identification of the "matrimonial home" where there are multiple homes are among the most contentious succession matters before Kenyan courts.

For advice on wills, estate planning, probate, or succession disputes, contact Serah J & Company Advocates.

This article is prepared for general informational purposes only. It does not constitute legal advice. Specific situations require specific legal counsel.

The Companies Act, No. 17 of 2015 replaced the former Companies Act, also Cap. 486, and modernised the legal architecture for corporate registration in Kenya. It introduced single‑member companies, statutory directors’ duties, modern share buy‑back rules, digital filings, and a strengthened transparency regime including beneficial ownership disclosure. The Act is administered by the Registrar of Companies, operating through the Business Registration Service (BRS) portal.

The key requirements for registering a private company limited by shares under the Companies Act, No. 17 of 2015 are: at least one shareholder (an individual or a body corporate); at least one director who is a natural person; a registered office address in Kenya; and a Memorandum of Association and Articles of Association that comply with the First Schedule to the Act. The minimum share capital requirement that existed under the old Act has been abolished — a company may be incorporated with shares of any value but which must be stated.

Step 1 — Name Reservation. The process begins on the BRS portal (brs.go.ke) with a name search and reservation. A name will be refused if it is identical or misleadingly similar to an existing registered name, if it is offensive or contrary to public policy, or if it is likely to mislead the public. Proposed names containing words like "National," "Kenya," "Government," or "Municipal" require prior approval from the relevant ministry. Reservation is valid for thirty (30) days.

Step 2 — Submission of Incorporation Documents. The incorporator submits: the completed Form CR1 (Application for Registration); the Memorandum and Articles of Association; the Statement of Nominal Capital; details of the first directors and company secretary; and the registered office address. Where a director or shareholder is a foreign national, a copy of their passport and proof of physical address is required.

Step 3 — Certificate of Incorporation. On approval, the Registrar issues a Certificate of Incorporation. Under efficient BRS processing, this can be achieved within two to five working days for straightforward applications. In practice, delays occur where the documentation is incomplete or where the name approved at reservation stage has been changed in the submitted documents.

Step 4 — KRA PIN and Tax Registration. Following incorporation, the company must obtain a KRA PIN from the Kenya Revenue Authority portal (itax.kra.go.ke) — a prerequisite for VAT registration, PAYE obligations, and corporate tax filing under the Income Tax Act, Cap. 470. A company that begins trading without a KRA PIN and proper tax registration is immediately non-compliant and is exposed to penalties and interest under the Tax Procedures Act, Cap. 469B.

Step 5 — Sector-Specific Licences. Depending on the nature of the business, additional regulatory registrations may be required: a Single Business Permit from the relevant county government; and any sector-specific licence — for example, from the Capital Markets Authority (Cap. 485A), the Communications Authority of Kenya, or the Insurance Regulatory Authority, as applicable.

Pitfall 1: Using Template Articles Without Legal Review. The BRS portal offers standard Articles of Association. Many companies incorporate using these template Articles without considering whether they reflect the founders' actual agreement on matters such as share transfer restrictions, pre-emption rights, dividend policy, director appointment and removal, and dispute resolution. These are the Articles that will govern the company in a dispute — and they are notoriously thin on protection for minority shareholders.

Pitfall 2: No Shareholders' Agreement. The Companies Act, No. 17 of 2015 does not require a shareholders' agreement, but for any company with more than one shareholder — particularly joint ventures and family businesses — a shareholders' agreement is essential. It deals with the matters the Articles leave open: capital calls, exit mechanisms, drag-along and tag-along rights, deadlock resolution, and founder vesting. A company that reaches a deadlock without a shareholders' agreement is heading for an expensive High Court petition.

Pitfall 3: Annual Returns and Statutory Filings. Under Section 706 of the Companies Act, every company must file annual returns with the Registrar. Failure to file attracts penalties, and persistent failure can result in the company being struck off the register with the consequence that any property vested in the company vests in the State as bona vacantia.

For advice on company formation, shareholders' agreements, or corporate compliance, contact Serah J & Company Advocates.

This article is prepared for general informational purposes only. It does not constitute legal advice and does not create an advocate-client relationship.

The Data Protection Act, Cap. 411C (the "Act") came into force in November 2019. It is administered by the Office of the Data Protection Commissioner (ODPC), established under Section 5 of the Act. The Data Protection (General) Regulations 2021 (the "General Regulations"), the Data Protection (Registration of Data Controllers and Data Processors) Regulations 2021, the Data Protection (Complaints Handling Procedure and Enforcement) Regulations 2021 and the Data Protection (Civil Registration) Regulations, give detailed operational content to the Act's framework.

The Act applies to the processing of personal data: (a) by a data controller or data processor established or ordinarily resident in Kenya; (b) by a data controller or data processor not established in Kenya but processing the personal data of data subjects in Kenya; and (c) in relation to the processing of personal data of a data subject who is a citizen or resident of Kenya. "Personal data" is defined broadly in Section 2 to include any information relating to an identified or identifiable natural person — including names, identification numbers, location data, online identifiers, and factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.

Under the Data Protection (Registration of Data Controllers and Data Processors) Regulations 2021, data controllers and data processors who process personal data are required to register with the ODPC. Registration is effected through the ODPC's online portal and attracts a prescribed fee. Failure to register where required is an offence under Section 73 of the Act, attracting a fine not exceeding Ksh 5 million (under Section 63) / three million (under Section 73) or imprisonment not exceeding ten years, or both.

In practice, this means that virtually every business or organisation that employs staff, serves customers, or maintains any database of natural persons is required to register. The question is not whether you process personal data — almost every organisation does — but whether your processing triggers the registration threshold as a data controller or data processor. However, Regulation 13 of the Data Protection (Registration of Data Controllers and Data Processors) Regulations exempts entities whose annual turnover is below five million shillings or has less than ten employees. These exemptions are substantively qualified under the Regulations

Section 30 of the Act requires that every processing activity have a lawful basis. The lawful bases available are: (a) consent of the data subject; (b) performance of a contract to which the data subject is party; (c) compliance with a legal obligation to which the data controller is subject; (d) protection of the vital interests of the data subject; (e) performance of a task carried out in the public interest; and (f) legitimate interests pursued by the data controller, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.

In employment contexts, the most commonly relied-upon bases are (b) — processing necessary for the performance of the employment contract — and (c) — processing required by statute (for example, PAYE obligations under Cap. 470, NSSF contributions under Cap. 258, and NHIF contributions). Consent, while frequently cited by employers, is a problematic basis in employment relationships: the power imbalance between employer and employee means that consent given in that context is rarely truly freely given, as the General Regulations acknowledge.

The Act confers eight rights on data subjects, enforceable against data controllers and data processors. These are: the right to be informed (Section 26(a)); the right of access (Section 26(b)); the right to rectification (Section 26(d)); the right to erasure (Section 26(e)); the right to object to processing (Section 26(c)); the right to data portability (Section 38); the right not to be subject to solely automated decision-making (Section 35); and the right to lodge a complaint with the ODPC (Section 56). Data controllers must have clear, documented procedures for handling data subject requests — and must respond within a prescribed period under the General Regulations.

Employment relationships generate some of the most sensitive categories of personal data: payroll data, health and medical information, disciplinary records, performance assessments, biometric data (where used for access control or time-keeping), and email and communications data. Each of these categories attracts specific obligations under the Act.

Section 44 of the Act establishes enhanced protection for "sensitive personal data," which includes data revealing health information, biometric data, and criminal records. Processing of sensitive personal data requires an explicit lawful basis — consent is insufficient unless given explicitly and in writing — and must be accompanied by appropriate technical and organisational safeguards.

The decision in Kendagor v Dig Deep (Africa) [2025] KEELRC (discussed elsewhere in this Newsroom) is directly relevant: the court upheld employer monitoring of office communications on the basis of contractual disclosure in a Staff Handbook. However, as that article notes, the events pre-dated the Data Protection Act, Cap. 411C. A contemporaneous monitoring regime must also satisfy the Act's lawful basis requirements, be disclosed in a privacy notice, and — where systematic or large-scale — be accompanied by a Data Protection Impact Assessment (DPIA) under Regulation 49 of the General Regulations.

For advice on Data Protection Act compliance, ROPA preparation, privacy notices, or regulatory audits, contact Serah J & Company Advocates.

This article is prepared for general informational purposes only. It does not constitute legal advice and does not create an advocate-client relationship.

The Children Act, Cap. 141 (the 2022 Act) repealed and replaced the Children Act, No. 8 of 2001 (repealed) in 2022. The 2022 Act came into force following Presidential assent and substantially revised the legal architecture for child welfare matters, including guardianship. The Act must be read alongside the Constitution of Kenya 2010, which under Article 53 enshrines the fundamental rights of the child — including the right to parental care and protection and the right to be protected from abuse, neglect, harmful cultural practices, and exploitation.

The central principle governing all proceedings under the 2022 Act is the paramountcy principle: the best interests of the child are the paramount consideration in every decision made affecting a child. This principle is codified in Section 8 of the Act and has been consistently affirmed by the Supreme Court in decisions including MAK v RMAA & 4 others (Petition 2 (E003) of 2022) [2023] KESC 21 (KLR) (2 March 2023) (Judgment) eKLR and CMM (Suing as the Next of Friend of and on Behalf of CWM) & 6 others v Standard Group & 4 others [2023] KESC 68 (KLR) eKLR.

Guardianship and custody are frequently confused. Under the 2022 Act, custody relates to the day-to-day physical care and control of a child; guardianship relates to assuming parental responsibility — the bundle of legal rights and duties that parents or appointed guardians have in respect of a child's upbringing, welfare, education, and property.

A parent who has custody of a child does not necessarily hold exclusive guardianship. Conversely, a guardian may have parental responsibility without having physical custody. The distinction matters most when decisions must be made about a child's education, medical treatment, or property — all of which require the consent of the guardian, not merely the custodial carer.

Under Part X of the 2022 Act, an application for appointment as guardian of a child may be made by: (a) the surviving parent of a child; (b) a relative of the child; (c) a person with whom the child has been living; (d) a person appointed as guardian by a deceased parent in a valid will; or (e) any other person who has had parental responsibility over the child.

The Children's Court has jurisdiction to hear guardianship applications as provided under Section 91. The Children's Court has jurisdiction over other applications involving parental responsibility, custody and maintenance and adoption.

Foreign nationals and non-resident applicants may apply for guardianship, but the court will scrutinise such applications with particular care — especially where the application is the precursor to an adoption application under Part XIV of the 2022 Act, given that international adoption is governed by both the Act.

In making a guardianship order, the court applies the best interests of the child as the paramount consideration (Section 8), and has regard to the non-exhaustive checklist in Section 95 of the Act. Relevant factors include: the ascertainable wishes of the child, having regard to the child's age and maturity; the child's physical, emotional, and educational needs; the likely effect on the child of any change in circumstances; the child's age, sex, background, and any characteristics relevant to the application; the capacity of each applicant to meet the child's needs; and any harm the child has suffered or is at risk of suffering.

The court will also consider the recommendation of a Children's Officer where a report has been ordered. In practice, for contested applications, the appointment of a Children's Officer to conduct a welfare inquiry and file a report with the court is standard. Applicants should be prepared for a home visit, interviews, and a period of assessment before the report is filed.

For advice on guardianship applications, custody proceedings, or child welfare matters, contact Serah J & Company Advocates.

This article is prepared for general informational purposes only. It does not constitute legal advice and does not create an advocate-client relationship.