Consumer protection in the digital age

Issue 1: The global shift from traditional finance to virtual assets 

From caveat emptor to consumer rights: A quick history 

The idea of protecting consumers isn’t new. It grew from the simple recognition that in any marketplace, there’s an imbalance of power. For centuries, the guiding principle was caveat emptor—”let the buyer beware”. But as economies grew more complex, this was no longer enough. Major crises, like the Great Depression and the 2008 global financial meltdown, served as harsh lessons, proving that market stability and consumer welfare are two sides of the same coin. 

These events spurred the creation of foundational consumer rights: the right to safety, to be informed, to choose, and to have a way to seek redress when things go wrong. In the United States, this led to landmark legislation and the creation of dedicated agencies like the Consumer Financial Protection Bureau (CFPB), tasked with policing everything from mortgages to credit cards. Kenya’s own journey saw the establishment of the Central Bank (CBK) in 1966 and the passing of the Consumer Protection Act in 2012, codifying these essential rights. 

The first digital wave, led by mobile money pioneers like M-Pesa, forced regulators to adapt. The CBK’s “test-and-learn” approach allowed innovation to flourish while gradually building a framework, like the National Payment Systems (NPS) Act, to ensure stability and safety. However, just as the world was adapting, a new and far more disruptive force emerged: blockchain technology and virtual assets. 

The blockchain disruption: New rules for a new game 

Virtual assets/cryptocurrencies, stablecoins, and NFTs don’t just change the speed of finance; they change its fundamental structure. Key features of this new paradigm present direct challenges to traditional consumer protection: 

1. Decentralization: With no central intermediary, who is held accountable when a consumer is harmed? 

2. Pseudonymity: Transactions are public but not tied to real-world identities, making it a challenge for law enforcement to trace illicit funds. 

3. Immutability: Once a transaction is recorded, it cannot be deleted. This directly conflicts

with data privacy principles like the “right to be forgotten” enshrined in Kenya’s Data Protection Act. 

4. Borderless Nature: A scammer in one country can target a victim in another and cash out in a third, creating a jurisdictional nightmare for enforcement agencies. 

This new reality has created a fertile ground for sophisticated fraud and systemic risks, forcing a global re-evaluation of what it means to protect consumers. 

The Global regulatory playbook: A world of approaches 

Nations across the globe are responding to this challenge, creating a diverse tapestry of regulatory models. 

1. The European Union: The comprehensive blueprint. The EU’s Markets in Crypto-Assets (MiCA) Regulation is the world’s first major harmonized framework for crypto-assets. Fully applicable since late 2024, it moves beyond a narrow focus on money laundering to establish robust, consumer-centric rules. Key pillars include mandatory “white papers” (similar to a prospectus) for new assets, a strict licensing regime for service providers, and an outright ban on market abuse like insider dealing and wash trading. Enforcement is coordinated across member states by bodies like the European Securities and Markets Authority (ESMA), with hefty fines and even criminal charges for serious breaches. 

2. The United States: A multi-pronged strategy. The U.S. has historically relied on a multi-agency, enforcement-led approach, with the SEC treating many crypto-assets as securities and the CFTC regulating those deemed commodities. However, a landmark development occurred in July 2025 with the passage of the 

Guiding and establishing national innovation for U.S. Stablecoins (GENIUS) Act. This is the first major piece of federal crypto legislation, creating a comprehensive framework for payment stablecoins. It mandates 1:1 backing with high-quality liquid assets, requires monthly public disclosure of reserves, and gives consumers first-priority claims in the event of insolvency. This act signals a move towards creating clearer rules of the road to protect consumers and foster responsible innovation. 

3. The United Kingdom: A pragmatic integration. The UK is weaving crypto-assets into its existing, well-established Financial Services and Markets Act (FSMA). The Financial Conduct Authority (FCA) is rolling this out in phases, starting with a strict financial promotions regime to curb misleading advertising. In a sign of the market’s maturation, the FCA is now consulting on lifting the ban on retail investors accessing crypto-asset Exchange Traded Notes (cETNs), provided there are strong consumer protection safeguards in place. 

4. Australia: Proactive enforcement. The Australian Securities and Investments Commission (ASIC) has taken a notably proactive stance on enforcement. Recognizing that many scams begin online, ASIC has expanded its capability to include taking down fraudulent social media ads, in addition to websites. In two years, this capability has led to the removal of over 14,000 scam and phishing websites, over 3,000 of which involved cryptocurrencies. This hands-on approach directly targets the entry points for consumer harm, from fake AI-powered trading bots to deepfaked celebrity endorsements. 

5. Other key markets: Jurisdictions like Singapore are creating sophisticated frameworks that balance innovation with strong safeguards, including the segregation of customer assets. Japan has a robust framework under its Payment Services Act, also focusing on consumer protection through strict licensing and asset segregation rules. Meanwhile, countries like Türkiye are actively cracking down on unauthorized crypto service providers to protect local residents. 

Continental perspectives: Navigating regulatory diversity in Africa 

African nations are charting their own courses, creating a dynamic and varied regulatory landscape. 

• South Africa: A consumer-centric model. South Africa has adopted a unique approach guided by its “Treating Customers Fairly” (TCF) framework. By declaring crypto-assets as “financial products,” regulators have brought them under the oversight of the Financial Sector Conduct Authority (FSCA). The TCF model is outcomes-based, requiring firms to demonstrate that their entire business culture—from product design to complaints handling—results in fair outcomes for consumers, a standard that is now being applied to the digital asset space. 
• Nigeria: From prohibition to proactive regulation. Nigeria provides a compelling case study in policy evolution. An initial ban by the Central Bank of Nigeria (CBN) in 2021 has given way to a multi-regulator framework. The Securities and Exchange Commission (SEC) has established rules for licensing service providers, while the 
• Federal Competition and Consumer Protection Commission (FCCPC) has shown its consumer protection mandate by tackling abuses in the adjacent digital lending sector. However, recent crackdowns on major exchanges over allegations of currency manipulation have shown that the path to regulatory clarity is not always smooth. 
• Emerging frameworks: Other nations are actively developing their own rules. Ghana is finalizing a comprehensive framework, with the Bank of Ghana (BOG) set to introduce new rules targeting service providers with a focus on consumer protection and cybersecurity. Rwanda has introduced a draft law that designates the Capital Markets Authority (CMA) as the principal regulator and takes a firm stance by explicitly banning certain high-risk activities like crypto mining and the use of “mixer or tumbler” services designed to obscure transactions. 

In Part 2 of our bulletin, we will bring the focus home to Kenya. We will conduct a deep dive into our domestic legal architecture, critically analyze the proposed VASP Bill, 2025, and explore the profound “enforcement deficit” that presents the greatest challenge to safeguarding Kenyan consumers in the new digital frontier.