In the grand theatre of digital transformation, Kenya’s eCitizen platform was meant to be the shining star a centralized digital payment system simplifying citizen access to public services. Instead, what auditors found behind the digital curtains is a damning exposé of negligence, shadowy vendor control, and shocking irregularities in public finance. The Auditor-General’s March 2025 Special Audit Report on the Government Digital Payments Platform reads like a corruption thriller except this is real, and it’s costing Kenyans billions
How did a government platform handling over Ksh. 100 billion in transactions get built and operated without a legal framework? According to the report, the eCitizen system has been running on executive orders, vague gazette notices, and hope. There’s no overarching law governing its ownership, data privacy, or even its payment processes. The last government steering committee’s term expired in 2021 and no replacement was constituted. In a country where citizens are arrested for selling plastic bags, how does the state operate a national payment gateway with no legal mandate?
In a move that raises serious red flags, the eCitizen platform fully funded by Kenyan taxpayers via the World Bank’s IFC was mysteriously “handed over” back to its original private developer, Webmasters Kenya Ltd, in 2023. This, despite a formal handover by the IFC to the National Treasury in 2017. The audit report notes, with barely contained disbelief, that the government cannot explain how it lost control of its own system.
Even worse, the so-called handover agreement of 2023 was a façade. Webmasters continues to maintain administrative control, while key government departments including the Directorate of eCitizen Services are locked out of core system functionalities. The Treasury can’t even generate its own revenue reports without asking the vendor for access.
This isn’t just poor governance. It’s outright dereliction.
As of June 2024, over Ksh. 7 billion sits in “collection and settlement accounts” rather than being transferred to the ministries and agencies that need the funds. Why? Because of a manual, outdated remittance system that delays transfers by up to 8 days. Even more disturbing Ksh. 2.57 billion cannot be traced to any invoice. Where did it come from? Who paid it? Where’s it going? No one seems to know.
Meanwhile, service delivery suffers, patients are denied hospital services, and government departments are starved of their own revenue all because the money is trapped in a broken pipeline.
The audit exposes how citizens are being gouged by a “convenience fee” system that makes government services more expensive than private ones. A Ksh. 20 item like a small honey packet from the Kerio Valley Development Authority is slapped with a Ksh. 50 fee, inflating the price by 250%. Healthcare services are hit especially hard, with patients being charged multiple times during a single hospital visit. This isn’t digitization. It’s legalized extortion.
Worse, these fees were often levied illegally. Between 2014 and 2024, over Ksh. 2.1 billion in convenience fees were collected without proper authorization, violating gazette notices and government directives. The Treasury’s silence? Deafening.
How did Ksh. 127 million get transferred directly from the official Paybill number (222222) to private entities bypassing the Settlement Account? Where is the documentation? Where is the approval? The Auditor-General found none. This is a flagrant breach of Article 201 of the Constitution, which mandates public money be used lawfully and transparently.
Even more alarming, a shadowy “Pesaflow” account received nearly Ksh. 69 million and USD 48,000 without being listed among official government accounts. This unauthorised collection point operated in full view of the National Treasury and was never shut down.
The audit concludes with a long list of failures: nonexistent service level agreements with banks, duplicated and unmapped services, irregular payments to third parties not even named in government contracts, and total absence of effective help desk or incident management.
The recommendations? Sensible. But toothless if ignored, as so many before them have been.
Kenya’s eCitizen platform is not just a case of failed digital governance — it’s a cautionary tale of what happens when power, money, and technology converge without oversight. The rot is systemic. The implications are national. And the silence from key stakeholders is deafening.
This is not just about lost billions. It’s about lost trust. And until someone is held accountable really accountable Kenya’s digital dream will remain a costly illusion.
