Kazakhstan Considers National Messaging App Aitu for Insurance Companies

Kazakhstan’s Agency for Regulation and Development of the Financial Market is considering the use of the domestic messaging platform Aitu for remote communication between insurance companies and other non-bank financial institutions and their clients. According to Bloomberg, the regulator has recommended that market participants consider using the Kazakh-developed messenger Aitu as a communication tool. Sources cited by the publication said that insurance and brokerage firms received proposals last month regarding the potential use of the platform, partly aimed at strengthening personal data protection. Market participants expressed concerns, pointing to Aitu’s relatively small user base, limited functionality, potential integration costs, and the absence of clear regulatory guidelines for handling personal and financial data on such platforms. In response, the regulator clarified that the use of Aitu is not being considered mandatory, but rather as an additional secure communication channel between financial institutions and their clients. “This issue is being considered by the Agency in connection with the need to strengthen information security, including the protection of personal data amid rising fraud in financial services. The initiative is also aimed at standardizing communication channels between financial organizations and their clients,” the agency said in a statement. According to the regulator, Aitu’s infrastructure ensures a high level of data protection, in part due to the physical localization of servers within Kazakhstan. This, it argues, reduces risks associated with cross-border data transfers and potential interception of financial information. Additional security features include end-to-end encryption, with access keys stored only on users’ devices, as well as the Aitu Passport system, which incorporates biometric identification and a cloud-based electronic digital signature. The regulator states that these tools provide legally valid user verification and help minimize risks such as phishing and identity theft. The agency also noted that the use of open APIs and business dashboards would allow financial institutions to integrate their systems with the platform at relatively low cost, making use of national digital infrastructure. Government agencies and quasi-state companies had earlier been encouraged to adopt Aitu for official communications. As previously reported by The Times of Central Asia, the rollout of the national messenger has sparked broader debate over the balance between cybersecurity and internet freedom in Kazakhstan.

Kazakhstan Introduces Mandatory Biometric ID for Mobile Phone Subscribers

Kazakhstan is implementing mandatory biometric identification for all new mobile phone subscribers as part of broader efforts to combat telephone and internet fraud, the Ministry of Artificial Intelligence and Digital Development has announced. The ministry noted that the country already enforces several measures to address SIM card misuse, including efforts to prevent fraud, illegal SIM registration, and the use of devices for mass calls and bulk messaging. From the start of 2026, these safeguards will be tightened further. Under the new regulations, SIM cards will only be issued after biometric identification is completed. Communication services will not be activated until the subscriber's identity is verified through facial scanning. The policy applies to both individuals and legal entities. “For businesses and organizations, this requirement also applies to employees issued SIM cards for work-related purposes. Biometric identification eliminates anonymous number usage and increases accountability,” the ministry stated. Authorities expect the measure to curb illegal SIM sales via dealers and intermediaries. Regardless of where a number is purchased, service activation will only occur once the end user’s identity is confirmed. Additionally, a cap has been introduced on the number of SIM cards that can be registered to a single individual: up to ten for personal and family use. Exceeding this limit requires documented justification and identification of the devices in which the extra SIMs will be used. “This approach reduces the risk of mass SIM registration, a hallmark of fraudulent operations,” the ministry added. A key component of the new anti-fraud framework is the expansion of collaboration between mobile operators and the Anti-Fraud Center of the National Bank of Kazakhstan. This cooperation is intended to ensure the swift identification and deactivation of numbers linked to criminal activity. “In the case of suspicious calls or SMS messages, including those made using SIM boxes, telecom operators will relay subscriber information to the National Bank's Anti-Fraud Center and launch an investigation. If fraud is confirmed, the number will be blocked immediately and telecom services suspended,” the ministry explained. As previously reported by The Times of Central Asia, Kazakhstan also intends to introduce joint liability for banks and mobile operators in cases of internet fraud perpetrated through their infrastructure.