M-PESA to stop sharing full phone numbers with merchants,

Safaricom, Kenya's telecommunications behemoth, is implementing a significant privacy architecture upgrade across its M-PESA platform—Africa's most successful mobile money service—by the end of 2026. The initiative will prevent merchants and financial institutions from accessing customers' complete phone numbers during transactions, marking a watershed moment in data minimization practices across the continent's financial infrastructure.

This development arrives at a critical juncture for African fintech regulation. While Europe has long operated under stringent data protection frameworks like GDPR, most African markets have lacked comparable consumer privacy safeguards. M-PESA's move signals a maturation of regulatory thinking in East Africa and positions Kenya as a privacy-conscious hub for digital finance—a distinction increasingly valuable in attracting institutional capital.

**The Business Imperative Behind Privacy**

M-PESA's decision reflects both regulatory pressure and competitive positioning. Kenya's Data Protection Act (2019) has gradually tightened compliance requirements, while regional bodies like the East African Community have signaled stronger data governance priorities. However, Safaricom's timing suggests a strategic calculation: privacy protection enhances customer trust and reduces operational risk exposure from data breaches—a growing concern for the platform's 55+ million users.

The merchant and banking ecosystem has historically leveraged full phone number visibility for customer profiling, cross-selling, and credit assessment. Restricting this access forces financial institutions to innovate in customer intelligence methodologies, potentially shifting toward alternative identity verification systems and behavioral analytics rather than personally identifiable data harvesting.

**Market Implications for European Investors**

European financial institutions and fintech firms operating in East Africa must recalibrate their go-to-market strategies. For traditional banks expanding into mobile money partnerships, the privacy constraints necessitate investment in alternative customer scoring mechanisms—likely creating opportunities for European enterprise software and AI analytics providers specializing in fraud detection and credit assessment without PII dependency.

The move also advantages larger, more sophisticated players over smaller competitors. European-backed fintech platforms lacking proprietary data infrastructure will face higher compliance costs, potentially consolidating the market toward established players with deeper resources. Conversely, European cybersecurity and privacy compliance specialists should anticipate significant advisory opportunities as regional institutions restructure data handling protocols.

**Competitive Dynamics and Regional Spillover**

This announcement may establish a regulatory precedent beyond Kenya. Other East African nations—Uganda, Tanzania, Ethiopia—monitor Safaricom's moves closely as they develop their own fintech regulatory frameworks. Early adoption of privacy standards could differentiate Kenya's market as the region's compliance leader, potentially attracting headquarter functions for European financial services companies seeking African bases with predictable regulatory environments.

However, implementation challenges remain substantial. Legacy merchant systems lack modern tokenization infrastructure. Training thousands of small retailers and unbanked merchants on privacy-compliant alternatives requires significant resources. The 18-month transition period suggests Safaricom anticipates friction—creating a window where implementation delays could extend deeper into 2027.

**Strategic Positioning**

European investors should view this development as affirming East Africa's trajectory toward institutional-grade financial infrastructure. While privacy restrictions appear constraining short-term, they signal market maturation and risk reduction—precisely the factors international institutional investors prioritize when deploying capital across emerging markets.