Sending SMS in Kenya: Sender ID Rules, Safaricom Approval, and the Promotional Restriction Most Teams Miss

Your SMS program is reaching Safaricom numbers. Except the ones that silently dropped. And the campaign you sent after 6 PM that delivered to no one. And the branded sender name you configured that only works on transactional messages, not promotional ones, something your provider may not have mentioned when you set it up.

Sending SMS in Kenya requires per-operator sender ID registration through a licensed content service provider, separate classification of transactional and promotional traffic, and compliance with the Communications Authority of Kenya's rules on consent, opt-out, and sending hours. Alphanumeric sender IDs, the kind that show your organization's name, are restricted to transactional messages only. Promotional campaigns must use numeric sender IDs or shortcodes.

That last point is the one that catches teams most often. Nigeria has a similar registration requirement but allows alphanumeric IDs for both message types. Kenya draws a harder line. If your program sends both operational messages and marketing messages, and most do, plan for two separate sender IDs from the start.

The regulatory framework: two bodies, one set of problems

Kenya's SMS compliance environment is governed by two overlapping authorities. The Communications Authority of Kenya (CA) oversees telecommunications services, sets sender ID rules, and licenses the content service providers that every business must use to reach Kenyan networks. The Office of the Data Protection Commissioner enforces Kenya's Data Protection Act of 2019, which governs how personal data, including phone numbers, is collected, stored, and used.

The practical effect is that compliance has both a delivery dimension and a legal dimension. A sender ID registered correctly through the right channels solves the first. Documented consent, working opt-out mechanisms, and a suppression list you actually maintain solve the second. Organizations that focus only on the technical setup and ignore data governance are still exposed, and the two bodies can act independently.

Sender ID registration: how Safaricom shapes the whole market

Safaricom holds over 60 percent of Kenya's mobile subscribers, which means its approval process effectively dictates how any national SMS program runs. You cannot register a sender ID directly with Safaricom as a business. The process runs through a licensed content service provider (CSP), a company authorized by the CA to connect directly to Kenyan mobile networks.

Your CSP submits the sender ID application on your behalf, typically with your company registration certificate, an authorization letter, and in some cases trademark documentation if the sender name is a product name rather than your legal entity name. Safaricom reviews applications submitted on Mondays and Thursdays, with approvals typically returned on Tuesdays and Fridays. Airtel and Telkom Kenya take longer, up to 7 to 14 working days. There is a one-time registration fee on Safaricom and Airtel networks.

A few details worth knowing before you begin. The sender ID is capped at 11 characters. Spaces are not allowed, though hyphens and underscores are. Generic terms like "INFO" or "ALERT" are rejected; the ID needs to represent your brand clearly. If you want to send both transactional and promotional messages under different sender names, those require separate applications and separate approval processes, since each registered ID must specify its traffic category in the authorization documentation.

The transactional and promotional split, and why it matters operationally

Kenya's networks enforce a hard boundary between transactional and promotional SMS traffic, and the consequences of misclassifying are the same as in most regulated markets: operator filtering, sender ID throttling, or suspension, none of which generates a clear error message on your end.

Transactional messages, such as OTPs, payment alerts, loan reminders, service notifications, and system downtime updates, can be sent at any time. They do not require an opt-out instruction. They reach your full list regardless of DND status. They can carry your branded alphanumeric sender name.

Promotional messages, meaning anything that markets a product or service to an audience, must carry a working opt-out instruction, can only be sent between 8 AM and 6 PM local time, must filter against DND-registered numbers, and cannot use an alphanumeric sender ID. That last rule is frequently glossed over in generic compliance guides, but it is enforced by Safaricom and directly affects how recipients perceive your messages. A promotional campaign arriving from a numeric string instead of your brand name looks different to the recipient and performs differently as a result.

The practical consequence for any organization running a mixed program, say a PAYGo solar operator sending payment alerts to borrowers and occasional product promotions to prospects, is that the two workflows need separate sender IDs, separate classification at the point of sending, and separate suppression logic. Transactional SMS and promotional SMS are not just different message types. In Kenya, they are different routing lanes with different rules at every point of the journey.

Consent and the Data Protection Act

Kenya's Data Protection Act of 2019 is not optional for foreign organizations sending into Kenya. If you process the personal data of Kenyan residents, including their phone numbers, the law applies to you regardless of where your organization is based.

For SMS programs, the operational requirements are: explicit consent collected before sending, stored with a timestamp and source record; an opt-out instruction included in every promotional message; and a suppression list that is actually honored, meaning a number that has opted out never receives another promotional message. Purchasing contact lists is prohibited and a direct liability. Every contact in your database needs a documented reason for being there.

Data breach obligations also apply. If contact data is exposed, the Office of the Data Protection Commissioner and affected individuals must be notified within 72 hours. Organizations processing data at scale should have a designated Data Protection Officer and conduct periodic impact assessments.

If your team is already familiar with compliance requirements from other markets, the Kenya framework will feel structurally similar to what we covered in our Nigeria SMS compliance guide and our Philippines messaging compliance post. The regulator names differ. The underlying structure of registration, classification, and consent is consistent.

Grey routes and the delivery quality problem

Kenya has an active grey route problem. Providers offering unusually low per-message rates are often routing through unauthorized international paths that bypass proper Kenyan network interconnects. Messages sent through grey routes may appear delivered in your dashboard while never reaching the recipient's handset, or may deliver inconsistently depending on current network enforcement activity, which fluctuates.

The test is simple: send a message and check whether it arrives. Then ask your provider directly whether they use direct connections to Safaricom, Airtel, and Telkom Kenya, or whether traffic passes through international intermediaries. A provider that cannot answer that question clearly is telling you something.

For programs where delivery reliability matters, whether that is an M-Pesa payment confirmation, a field agent dispatch, or a welfare check alert, grey routes are not a cost optimization. They are a program reliability risk. The BYOC model solves this at the platform level: your workflow and contact data sit independently of whichever connectivity provider carries the message, so you can change routes when performance degrades without dismantling the program.

Designing for a market where SMS is not the only answer

Kenya is a high-WhatsApp market in urban areas. Smartphone penetration is well above the regional average, and for younger demographics in Nairobi, Mombasa, and other urban centers, WhatsApp is the default messaging channel. At the same time, SMS and USSD remain essential for rural reach and for populations on feature phones or prepaid plans where data costs are a consideration.

This means most programs serving Kenya need a routing decision, not just a sender ID. For a smartphone-heavy audience, WhatsApp may be the right primary channel with SMS as fallback. For a mixed audience, classification matters: route to WhatsApp where available, fall back to SMS, fall back again to USSD or voice where data connectivity is unreliable. Our guide to what a backup channel actually means versus a real channel strategy covers how that logic works in practice. Africa's Talking, Twilio, and Vonage all carry Kenya routes, and the routing sequence should be built above the connectivity layer rather than tied to any one provider.

For a structured view of how to make channel decisions across a mixed audience, the Telerivet knowledge base guide on channel selection is a practical starting point. And if a message fails at the SMS layer, the question to ask is not how to retry. It is whether the right channel for that recipient was SMS in the first place.

Frequently asked questions

How do I register an SMS sender ID in Kenya? You must work through a licensed content service provider (CSP) authorized by the Communications Authority of Kenya. The CSP submits your application to Safaricom, Airtel, and Telkom Kenya on your behalf, with company documentation and an authorization letter. Safaricom reviews applications twice a week; other networks take up to 14 working days. Specify at registration whether the ID will be used for transactional or promotional traffic, since different rules apply and the category is fixed at approval.

Can I use my brand name as a sender ID for bulk SMS campaigns in Kenya? Only for transactional messages. Promotional messages in Kenya must use a numeric sender ID or shortcode. Alphanumeric sender IDs are restricted to transactional traffic by Safaricom and enforced across the network. If you send both message types, plan for separate sender IDs from the start.

What are the sending hour restrictions for SMS in Kenya? Promotional messages must be sent between 8 AM and 6 PM local time. Transactional messages, such as OTPs, payment alerts, and service notifications, have no time restriction and can be sent around the clock.

Why are my SMS messages not delivering in Kenya? The most common causes are an unregistered sender ID, promotional traffic sent outside allowed hours or to DND numbers, a mismatch between message content and the registered sender ID category, or routing through a grey route provider that bypasses proper Kenyan network interconnects. Check delivery receipts from the operator, not just your platform's send confirmation, and verify your provider's connectivity directly.

Does the Kenya Data Protection Act apply to my organization if I am based outside Kenya? Yes. The Data Protection Act of 2019 applies to any organization that processes the personal data of Kenyan residents, regardless of where the organization is located or incorporated. Phone numbers are personal data. Consent, opt-out, suppression lists, and breach notification obligations apply.

This article provides general operational information and should not be considered legal advice. Organizations should consult qualified legal or data protection professionals regarding their specific compliance obligations.


See how Telerivet routes and classifies SMS traffic across Safaricom, Airtel, and 150+ other networks worldwide. Talk to our team about your messaging program.

« Blog