Common Problems

Common Problems

  • Is Huawei Cloud available to individuals, enterprises, or institutions operating in Kenya?

    Huawei Cloud has been launched in Kenya. Individuals, enterprises, and organizations can register local accounts on the Huawei Cloud International website and purchase cloud services. Applicable laws and regulatory requirements must be complied with during the use of cloud services.

  • What laws, regulations, and regulatory requirements on privacy protection require special attention in Kenya?

    In terms of personal data protection, on November 8, 2019, the Kenyan Parliament promulgated the Data Protection Act No. 24, which clarifies the regulatory responsibilities of security authorities and establishes a collaborative governance system for data security. The Act contains the obligations of data controllers and data processors, as well as the principles of personal data protection and requirements for data transmission outside Kenya. On March 14, 2022, Kenya's Congress reviewed and approved the Data Protection (General) Regulations, which aims to clarify the applicable scope of the principles and obligations specified in the Data Protection Act. This regulation specifies the rights of authorized data subjects, restrictions on the commercial use of personal data, obligations of data controllers and data processors, data protection elements, and compliance requirements for transferring personal data outside Kenya.


    For details about how Huawei Cloud complies with these requirements and how you can securely build cloud services that comply with these regulations, see the Huawei Cloud Compliance with Kenya Privacy Protection Regulations.

  • How are Huawei Cloud and I each responsible for security compliance?

    Huawei Cloud is committed to providing you with secure and compliant infrastructure and services. Each service has built-in security features and is guaranteed to run securely through continuous O&M. Huawei Cloud ensures that the infrastructure and services it provides have been assessed by authoritative, independent, third-party agencies and reviewed by the relevant certifying bodies.


    When using Huawei Cloud services, you are responsible for the security and compliance of internal applications and custom configurations of your workloads on the cloud. As the owner and controller of your data, you are responsible for data security configuration, confidentiality, integrity, availability, as well as identity authentication and authorization for data access.


    You are also responsible for compliance with the applicable regulatory requirements for your workloads on the cloud.


    You can download HUAWEI CLOUD Security White Paper to view details about the responsibilities of Huawei Cloud and yours.


    For more security and compliance issues, contact your account manager or Huawei Cloud.


  • Which certifications for Huawei Cloud infrastructure and services can help me more quickly meet the compliance requirements of Kenya?

    Huawei Cloud is committed to building secure and trusted cloud services. The infrastructure and services provided by Huawei Cloud have been assessed by authoritative, independent, third-party agencies and reviewed by the relevant certifying bodies.


    Huawei Cloud is compliant with a wide range of international standards and practices, including:


    • Security standards: ISO 27001, ISO 27017, CSA STAR, PCI DSS, PCI 3DS, ISO 27034, and NIST cyber security framework (CSF), and more


    • Privacy standards: ISO 27018, ISO 27701, BS 10012, ISO 29151, and ISO 27799


    • Other standards: ISO 22301 (for business continuity management), ISO/IEC 20000 (for IT service management), TL 9000 and ISO 9001 (for quality management), SOC 1, SOC 2, and SOC 3(for audit)


    Learn more from Compliance Certificates in the Compliance Center.

  • What are the applicable laws, regulations, and regulatory requirements for financial institutions using Huawei Cloud?

    To maintain and strengthen the financial security and stability of financial institutions, Kenya's financial regulators have issued many regulations, including:

    (a) Risk Management Guidelines. This document outlines the essential requirements for risk management systems and frameworks across all agencies. It covers various aspects including the risk management framework, strategic risk management, credit risk management, liquidity risk management, market risk management, operational risk management, information and communication technology risk management, and compliance risk management.

    (b) IRA Guideline on Risk Management and Internal Controls. This guideline requires insurance companies to have effective risk management and internal control systems as part of the overall corporate governance framework, including effective functions for risk management, compliance, and internal audits.

    (c) CBK Prudential Guideline on Outsourcing (CBK/PG/16). This guideline states specific requirements related to internal controls, standard of care, risk management practices for outsourced financial services, regulatory and supervisory requirements, and offshore outsourcing of financial services in Part IV.

    (d) Guidance Note on Cybersecurity. This note specifies the minimum requirements all institutions shall comply with in developing and implementing strategies, policies, procedures, and related activities aimed at mitigating cyber risks. The note mainly covers areas such as risk management, outsourcing, information and communications technology, internal control, and corporate governance.

    (e) Guideline on Cybersecurity for Payment Service Providers. This guideline outlines the minimum requirements that payment service providers (PSPs) shall adopt in the development and implementation of cyber security governance and risk management frameworks.


    For more details, see HUAWEI CLOUD Compliance with Kenya Privacy Protection Regulations.

Compliance Resources

Documents related to compliance with laws and regulations of Kenya. More documents are available from Resource Center.

  • HUAWEI CLOUD Compliance with CSA CCM

    Introduce the cloud security measures taken by HUAWEI CLOUD based on CCM and CAIQ which are published by Cloud Security Alliance.

  • Practical Guide for PCI DSS

    Based on the main content of PCI DSS, the whitepaper introduces the data protection measures took by HUAWEI CLOUD and how HUAWEI CLOUD's products and services help customers respond the requirements of the certification.

  • HUAWEI CLOUD Compliance with ISO/IEC 27001

    Based on the main content of ISO/IEC 27001, the whitepaper introduces HUAWEI CLOUD’s overall information security policies and specific control measures and how HUAWEI CLOUD's products and services help customers respond the requirements of the certification.