In Kenya, SMS and USSD shortcodes are widely used for banking alerts, service subscriptions, emergency communication, and promotional campaigns. But not all shortcodes operate within the law. If you’ve ever been spammed with unwanted messages or mysteriously lost airtime, chances are you’ve interacted with a non-compliant shortcode.
This article offers practical, factual insights for anyone seeking general knowledge or regulatory information about compliant shortcodes in Kenya — including how to recognize them, how they’re regulated, and what to do if you suspect abuse.
What Is a Compliant Shortcode?
A compliant shortcode in Kenya is an SMS or USSD number (typically 3 to 6 digits) that meets the regulatory, technical, and legal standards set by the Communications Authority of Kenya (CAK) and respective mobile network operators (Safaricom, Airtel, Telkom).
In simple terms:
It is licensed by CAK
It is approved by the mobile network operator
It follows consumer protection laws (like cost disclosure and opt-out options)
Who Regulates Shortcodes in Kenya?
All shortcode operations are regulated by the Communications Authority of Kenya (CAK), under the Kenya Information and Communications Act (KICA) and the Consumer Protection Guidelines for ICT services.
CAK ensures that:
- All content providers using shortcodes are licensed
- Users are protected from deceptive practices
- Services using premium shortcodes disclose costs upfront
- Consumers can easily opt out of any shortcode service
Additionally, mobile network operators (MNOs) like Safaricom and Airtel also perform internal screening and technical integration before allowing a shortcode on their network.
Features of a Compliant Shortcode
A compliant shortcode typically:
- Is traceable to a licensed content provider or corporate entity
- Clearly communicates cost of service before billing
- Has a visible opt-out option, e.g., by replying with “STOP”
- Doesn’t subscribe users without consent
- Is listed on CAK’s approved shortcode or CSP list
What Makes a Shortcode Non-Compliant?
Non-compliant shortcodes:
- Send unsolicited messages (spam)
- Charge users without consent
- Fail to disclose service charges
- Do not respond to opt-out requests
- Are operated by unregistered or unlicensed entities
CAK’s 2023 compliance bulletin reported that the most common consumer complaint involved unauthorized subscriptions and airtime deductions from rogue shortcodes.
How to Verify a Shortcode’s Legitimacy
- Ask your mobile operator — Call Safaricom (100), Airtel (100), or Telkom customer care.
- Check the shortcode online — Many network providers offer shortcode lookup tools on their websites.
- Confirm the license status — Visit www.ca.go.ke and view the list of licensed content service providers (CSPs).
- Check the sender’s name — Trusted shortcode messages usually come with branded IDs or are linked to known services (e.g., KRA, eCitizen, Mpesa).
How to Report or Block a Non-Compliant Shortcode
If you suspect a shortcode is abusing your number:
- Send “STOP” or “UNSUBSCRIBE” to the shortcode.
- If unsuccessful, report to your mobile operator with screenshots or message logs.
- Escalate to CAK via:
- SMS: 1566
- Email: consumers@ca.go.ke
- Website: ca.go.ke
How Businesses Get a Compliant Shortcode
If you’re an organization planning to use a shortcode, you must:
- Partner with a licensed CSP (Content Service Provider) or become licensed by CAK.
- Prepare documents — include KRA PIN, Certificate of Incorporation, service description, and contact details.
- Apply for integration with mobile networks (e.g., Safaricom, Airtel).
- Submit the full application to CAK through the CSP or operator.
- Receive compliance approval and activation.
Turnaround time: Typically 2 to 6 weeks depending on accuracy and operator feedback.
Lifecycle of a Compliant Shortcode
| Phase | Details |
|---|---|
| Application | Through CSP or mobile operator |
| Review & Approval | By mobile operators and CAK |
| Activation | Technical setup, keyword routing, testing |
| Monitoring | Continuous compliance checks by operators and CAK |
| Renewal or Shutdown | Based on use, compliance status, or misuse reports |
Frequently Asked Questions (FAQs)
1. What’s the difference between a compliant and non-compliant shortcode?
A compliant shortcode follows CAK rules, discloses charges, offers opt-outs, and is operated legally. A non-compliant shortcode does not follow these standards and may spam or defraud users.
2. Can I be subscribed to a shortcode service without knowing?
Yes, but it’s illegal. If this happens, report immediately to your mobile provider and CAK.
3. How do I stop receiving messages from a shortcode?
Reply with “STOP” or “CANCEL”. If that doesn’t work, contact your mobile provider or report to CAK via SMS (1566).
4. Can shortcodes be shared among businesses?
Yes. Shared shortcodes are used by multiple businesses with keyword differentiation (e.g., “JOIN XYZ” to 40205). However, all services must remain compliant.
5. What happens if a shortcode violates CAK rules?
The shortcode can be deactivated, the service provider fined or blacklisted, and complaints forwarded to consumer protection agencies.
The shortcode system is useful — but only when it’s operated transparently and lawfully. Knowing the difference between compliant and non-compliant shortcodes in Kenya helps you avoid airtime loss, spam, and fraud. Whether you’re a consumer or a business, stay informed and use verified services only.
For the most current list of licensed CSPs or to file a complaint, visit the official CAK website.
Get in touch today: Call/WhatsApp : 0795435940 | Email : dm@mobulkafrica.pro
Leave a Reply