HOME/All Jurisdictions/NG

NG — Country Profile

Nigeria

77TOTAL
54OFFICIAL SOURCES
14TOPIC AREAS
Law / Act23
Executive Order28
National Strategy6
Working Paper1
Other19
20 APR 2026 · Working Paper

Africa AI Strategies Cannot Say No - AU Framework

African AI governance efforts (AU Continental AI Strategy, and national strategies in Ghana, Zimbabwe, Nigeria, Kenya, Rwanda) are framed around "development" but reproduce existing global governance paradigms without necessarily addressing African-specific needs.

AU Framework ·National Strategies ·Developmentjustsecurity.org ↗
30 MAR 2026 · Executive Order

Directive on deployment of cybersecurity self-assessment tool

On 30 March 2026, the Central Bank of Nigeria issued a directive announcing the deployment of a Cybersecurity Self-Assessment Tool (CSAT) for regulated financial institutions, including payment service providers. The measure requires institutions to complete and submit the CSAT through a dedicated portal, providing information on cybersecurity governance, risk management, third-party controls, incident response, and operational resilience, with supporting documentation based on data as of 31 ...

✓ OfficialNational Strategycbn.gov.ng ↗
20 MAR 2026 · Law / Act

Nigeria - National Digital Economy and E-Governance Bill Signed into Law

Nigeria signed into law the National Digital Economy and E-Governance Bill in March 2026, establishing a risk-based AI regulatory regime with NITDA as the technical regulator. The framework introduces risk-based licensing requirements for high-risk AI systems, making Nigeria one of the first major African economies to mandate AI governance. A National AI Council is established, and providers of high-risk AI must register and comply with requirements.

✓ OfficialNational AI Law ·Risk-Based Framework ·Licensing ·+1betar.africa ↗
20 MAR 2026 · National Strategy

Nigeria - National Artificial Intelligence Strategy (NAIS) Finalized

Nigeria finalized its National Artificial Intelligence Strategy and accompanying policy framework in late March 2026, with the government seeking legislative approval from the National Assembly. The strategy establishes comprehensive policy direction for AI development and governance in Nigeria, complementing the National Digital Economy and E-Governance Bill.

✓ OfficialNational AI Strategy ·AI Policy ·Digital Economythesun.ng ↗
03 MAR 2026 · Other

Endorsement of joint statement on AI generated imagery

On 3 March 2026, the Nigeria Data Protection Commission (NDPC) issued a statement on joining 60 other data protection authorities in endorsing the joint statement on Artificial Intelligence (AI)-generated imagery and the protection of privacy. The endorsement is part of a broader national framework for responsible artificial intelligence (AI), which includes the National AI Strategy and the NDPC General Application and Implementation Directive (GAID). The statement aims to address privacy con...

✓ OfficialNational Strategyndpc.gov.ng ↗
03 MAR 2026 · Other

Advisory on android systems compromised by multiple malware

On 3 March 2026, Nigeria's Computer Emergency Response Team (ngCERT) issued a high-risk advisory warning that multiple Android malware families, including Triada, Hummer, Rootnik, Prizmes, Uupay, and Android Backdoor, are actively compromising devices through pre-installed firmware, repackaged applications, and third-party downloads. The malware exploits known vulnerabilities to gain root access, enabling data theft, financial fraud, botnet participation, and persistent backdoor control that ...

✓ OfficialNational Strategycert.gov.ng ↗
13 FEB 2026 · Executive Order

Guidance notes for implementation and enforcement of Internet Code of Practice 2026

On 13 February 2026, the Nigerian Communications Commission issued guidance notes on implementing and enforcing the Internet Code of Practice 2026 under the Nigerian Communications Act 2003. The note clarifies regulatory oversight and governance expectations for licensees and digital platforms. The note sets expectations on open internet standards, traffic blocking and prioritisation, cyber security supervision, enforcement over non-personal transactional data, collaboration with the Nigeria ...

✓ OfficialContent Moderationncc.gov.ng ↗
02 FEB 2026 · Other

Inquiry into innovation, inclusion and integrity in financial technology sector

On 2 February 2026, the Central Bank of Nigeria adopted a report on innovation, inclusion, and integrity in the financial technology sector, including ethical and transparent Artificial Intelligence (AI) practices. The report encourages firms to adopt ethical and transparent AI practices, particularly in credit and risk decision-making, and proposes a dedicated "Responsible AI in finance" workstream to bring together regulators, industry, academia, and international peers to develop governanc...

✓ OfficialConsumer Protectioncbn.gov.ng ↗
20 JAN 2026 · Law / Act

Nigeria - National Digital Economy and E-Governance Bill (NITDA)

Nigeria is on track to pass a comprehensive AI law by the end of March 2026 through the National Digital Economy and E-Governance Bill, giving NITDA authority over algorithms, data governance, and AI systems. The proposed legislation aims to establish Nigeria as a leading AI governance hub in Africa, covering high-risk AI systems in finance, public administration, surveillance, and automated decision-making.

✓ OfficialNational AI Law ·High-Risk AI ·NITDAthelegalwire.ai ↗
15 JAN 2026 · Other

United States-Nigeria Data Protection Privacy Project

On 15 January 2026, the Nigeria Data Protection Commission (NDPC) announced the data protection privacy project with the United States (US). The NDPC agreed with a United States delegation on an implementation roadmap for the project. The project concerns cross-border data governance and is relevant to digital service providers engaged in Nigeria–US data flows. The NDPC highlighted structured cooperation and alignment of regulatory approaches, building on the NDPC’s Strategic Roadmap and Acti...

National Strategyndpc.gov.ng ↗
04 JAN 2026 · Other

Data Protection Commission investigation into Remita Payment Services and Sterling Bank over alleged data breach

On 1 April 2026, the Data Protection Commission (NDPC) opened an investigation into an alleged data breach involving Remita Payment Services, Sterling Bank, and other entities. The investigation covers the types of personal data involved, the nature and scope of the alleged breach, the risk to data subjects, and the mitigation measures carried out where a breach is confirmed. The aim of the investigation is to ensure that data subjects are protected with appropriate technical and organisation...

National Strategy
04 JAN 2026 · Executive Order

Data Protection Commission's assessment of compliance with compliance audit returns under Data Protection Act

On 1 April 2026, the Nigeria Data Protection Commission (NDPC) extended the filing deadline for the data protection compliance audit by 60 days. The extension applies to all data controllers and processors of major importance who are required to submit an annual compliance audit return under the Data Protection Act. It was stated that covered entities are now obligated to submit their returns by the new deadline of 30 May 2026.

✓ OfficialNational Strategy
01 JAN 2026 · Other

Data Protection Commission's annual report on implementation of Data Protection Act and enforcement expansion

On 1 January 2026, the Nigeria Data Protection Commission (NDPC) adopted a report focusing on the implementation of the Nigeria Data Protection Act 2023, including strengthening enforcement mechanisms, expanding sector-wide compliance monitoring, and issuing the General Application and Implementation Directive (GAID) 2025. The Directive mandates semi-annual reporting and credential assessments for Data Protection Officers, strengthens lawful basis and consent requirements, imposes privacy not...

✓ OfficialNational Strategyndpc.gov.ng ↗
31 OCT 2025 · Executive Order

Cybersecurity regulation in Nigerian Communications (Enforcement Process, etc.) Regulations, 2025

On 31 October 2025, the Nigerian Communications Commission (NCC) closes the public consultation, open since 9 October 2025, on the Draft Nigerian Communications (Enforcement Process, etc.) Regulations, 2025. The draft mandates that all operators retain call data records securely and make them available to competent authorities for lawful investigation in accordance with the Cybercrime (Prohibition, Prevention, etc.) (Amendment) Act, 2024. It prohibits tampering, destruction or distortion of c...

National Strategyncc.gov.ng ↗
19 SEP 2025 · Executive Order

Data protection regulation in Data Protection Commission's General Application and Implementation Directive (NDPC/NDP ACT-GAID/01/2025)

On 19 September 2025, the Nigeria Data Protection Commission’s (NDPC) General Application and Implementation Directive (GAID) 2025 (NDPC/NDP ACT-GAID/01/2025) under the Nigeria Data Protection Act (NDP Act) 2023 enters into force, establishing rules for the processing of personal data. The directive outlines the rights of data subjects, including access, rectification, and erasure, and imposes obligations on data controllers and processors to ensure lawful, fair, and transparent processing. I...

✓ OfficialNational Strategy
19 SEP 2025 · Executive Order

Registration as a data controller or data processor of major importance requirement in Nigeria Data Protection Act 2023 General Application and Implementation Directive 2025 (NDPC/NDP ACT-GAID/01/2025)

On 19 September 2025, the Nigeria Data Protection Commission’s (NDPC) General Application and Implementation Directive (GAID) 2025 (NDPC/NDP ACT-GAID/01/2025) under the Nigeria Data Protection Act (NDP Act) 2023 enters into force, mandating registration for data controllers and processors of major importance. Articles 8–9 and Schedule 7 classify entities into Ultra-High, Extra-High, and Ordinary-High levels, requiring annual registration and compliance audit returns (CAR) filings with prescri...

✓ OfficialNational Strategy
30 AUG 2025 · Executive Order

Cybersecurity regulation in Guidelines for Insurtech Operations

On 30 August 2025, the National Insurance Commission’s Guidelines for Insurtech Operations, including cybersecurity regulation, enter into force. The guidelines introduce requirements for logical access controls, periodic penetration testing, dual verification for website updates, and secure transmission of client data within three days. They also require operators to maintain their digital systems, conduct annual independent technology audits, encrypt transmitted data, and implement business...

✓ OfficialNational Strategynaicom.gov.ng ↗
29 AUG 2025 · Other

Nigerian Communications Commission review of Internet Code of Practice 2019

On 29 August 2025, the Nigerian Communications Commission (NCC) closes the public consultation on the review of the Internet Code of Practice 2019. The review sets out seven areas for reform. These include the governance of offensive and misleading content such as deep fakes, misinformation and incitement, with stronger safeguards for child online protection. They also cover governance principles for online platforms and parameters for international cooperation, as well as measures to ensure ...

Content Moderationncc.gov.ng ↗
25 AUG 2025 · Other

Data Protection Commission investigation into compliance with Data Protection Act of 2023

On 25 August 2025, Nigeria's Data Protection Commission (NDPC) announced a sector-by-sector investigation into organisations' compliance with the Nigeria Data Protection Act of 2023. The investigation applies to insurance companies, pension firms, gaming companies, banks, and insurance brokers. The organisations are required to provide compliance evidence within 21 days, including 2024 audit returns, Data Protection Officer appointments, technical protection measures, and registration as Data...

National Strategy
10 AUG 2025 · Other

Nigeria-Zambia Memorandum of Understanding on Cooperation in Data Protection

On 8 October 2025, representatives of the Nigeria Data Protection Commission (NDPC) met with the Office of the Data Protection Commissioner (ODPC) of Zambia in Lusaka on the sidelines of the Digital Government Africa (DGA) Summit 2025. Both authorities announced plans to sign a Memorandum of Understanding (MoU) on cooperation in data protection. The MoU will formalise collaboration between the NDPC and ODPC in areas including compliance, enforcement, policy development, and regulatory capacit...

National Strategyndpc.gov.ng ↗
07 JUN 2025 · Other

Data Protection Commission investigation into Multichoice over alleged data protection violations

On 6 July 2025, the Nigeria Data Protection Commission (NDPC) fined Multichoice Nigeria NGN 766,242,500 for violating the Nigeria Data Protection Act (NDP Act). The ruling applies to Multichoice Nigeria, an entertainment and broadcasting provider that processes personal data of subscribers and others. NDPC’s investigation, launched in the second quarter of 2024, found that Multichoice engaged in intrusive and disproportionate data processing and carried out illegal cross-border transfers of N...

✓ OfficialNational Strategy
16 MAY 2025 · Other

Whitepaper on the National Blockchain Policy

On 16 May 2025, the Federal Ministry of Communications, Innovation and Digital Economy published the Whitepaper on the National Blockchain Policy to provide a structured plan for the use of blockchain in Nigeria. The Whitepaper states that blockchain can support financial inclusion by reducing transaction costs, improve supply-chain transparency in agriculture, and allow secure digital identity. It expands on the National Blockchain Strategy. It explains the need for cooperation between gover...

✓ OfficialNational Strategyfmcide.gov.ng ↗
08 APR 2025 · Other

Nigeria's associate membership to global cross-border privacy rules forum

On 4 August 2025, the Global Cross-Border Privacy Rules (CBPR) forum membership committee submitted a recommendation to the Global Forum Assembly (GFA) to admit Nigeria as an associate member. The committee evaluated Nigeria’s application under the Forum’s terms of Reference and determined that the criteria for Associate status were satisfied. Nigeria confirmed its support for the 2022 Global CBPR declaration and framework and indicated that Nigeria's Data Protection Act 2023 focuses on the p...

National Strategyglobalcbpr.org ↗
19 MAR 2025 · Law / Act

Digital Health Services (Establishment) Bill, 2025 (HB 2198)

On 19 March 2025, the Digital Health Services (Establishment) Bill, 2025 (HB. 2198) was introduced in the House of Representatives. The Bill provides a legal framework for the integration, regulation, and promotion of digital technologies in the delivery of healthcare services in Nigeria, aiming to improve access, quality, and efficiency across the health sector. It applies to all healthcare providers utilising digital technologies for patient care, including telemedicine, mobile health appli...

National Strategy
20 FEB 2025 · Law / Act

Data localisation requirement in Nigerian Digital Sovereignty and Fair Data Compensation Bill, 2025 (SB. 722)

On 20 February 2025, the Nigerian Digital Sovereignty and Fair Data Compensation Bill, 2025 (SB. 722) was introduced in the Senate. The Bill would require that Nigerian user data be stored within the country’s borders rather than on foreign cloud servers. The Bill applies to foreign companies offering data services in Nigeria and sets conditions on how Nigerian user data is held to enhance national and data security.

National Strategynass.gov.ng ↗
12 DEC 2024 · Law / Act

Online Harms Protection Bill

On 12 December 2024, the National Information Technology Development Agency (NITDA) published a White Paper on the Framework for an Online Harms Protection Bill in Nigeria, developed in partnership with Advocacy for Policy and Innovation (API). The White Paper outlines a proposed regulatory framework aimed at addressing online harms such as cyberbullying, hate speech, misinformation, and child exploitation, while balancing the protection of digital rights and freedoms. It advocates for a co-r...

Content Moderationnitda.gov.ng ↗
21 NOV 2024 · Law / Act

Nigeria Data Protection Act (Amendment) Bill (SB 650)

On 21 November 2024, Nigeria Data Protection Act (Amendment) Bill, 2024 (SB 650) was introduced to the Senate and passed its first reading. The Bill proposes changes to Sections 5 and 65 of the Data Protection Act 2023, requiring entities to maintain a fixed operational business location staffed to engage with regulators and fulfil legal obligations. Non-compliance for a continuous period of 30 days would result in a prohibition from operating within Nigeria. The amendment also introduces def...

National Strategynass.gov.ng ↗
23 OCT 2024 · Other

US and Nigeria Bilateral Liaison Group for Illicit Finance and Cryptocurrencies

On 23 October 2024, the United States and Nigeria announced the launch of the US and Nigeria Bilateral Liaison Group on Illicit Finance and Cryptocurrencies. The collaboration aims to strengthen Nigeria's capacity in cybercrime investigation and prosecution, focusing specifically on illicit finance and cryptocurrency misuse. The partnership, facilitated by the US Department of Justice, seeks to enhance cooperation in tracking, investigating, and prosecuting financial crimes involving digital ...

✓ OfficialNational Strategystate.gov ↗
30 SEP 2024 · Executive Order

Nigeria Data Protection Commission guidance notice on registration of data controllers and data processors of major importance (NDPC/HQ/GN/VOL.02/24)

On 30 September 2024, the Nigeria Data Protection Commission Guidance Notice on Registration of Data Controllers and Data Processors of Major Importance NDPC/HQ/GN/VOL.02/24 (Pursuant to Sections 5d, 6(c), 44, 45, and 65 of the Nigeria Data Protection Act) entered into force. The implementation was postponed from 30 June 2024 to 30 September 2024. This notice mandates the registration of data controllers and processors that handle personal data of over 200 data subjects within six months or o...

✓ OfficialNational Strategyndpc.gov.ng ↗
21 AUG 2024 · Other

NDPC investigation into Fidelity Bank for alleged data protection regulation breach

On 21 August 2024, the Nigerian Data Protection Commissioned (NDPC) issued a fine of NGN 555.8 million in its investigation into Fidelity Bank for breach of the Nigerian Data Protection Act. In particular, the NPDC found that Fidelity Bank processed personal data without data subject consent and used non-compliant third-party data processors.

✓ OfficialNational Strategyvon.gov.ng ↗
18 JUL 2024 · Other

Federal Competition and Consumer Protection Commission investigation into Meta Platforms and WhatsApp over alleged violations of antitrust laws, data protection regulations, and consumer protection acts

On 18 July 2024, the Federal Competition and Consumer Protection Commission (FCCPC) issued a final order to Meta Platforms, Inc. and WhatsApp LLC, following a 38-month joint investigation with the Nigeria Data Protection Commission (NDPC). The order mandates changes to Meta's data handling in Nigeria, including requirements to reinstate users' control over their data, update privacy policies to comply with Nigerian law, cease sharing WhatsApp user information with Facebook companies without e...

✓ OfficialNational Strategyfccpc.gov.ng ↗
25 JUN 2024 · Executive Order

Designation and Protection of Critical National Information Infrastructure Order, 2024

On 25 June 2024, the Designation and Protection of Critical National Information Infrastructure Order 2024 was published in the official gazette and subsequently implemented, establishing cybersecurity measures across 13 economic sectors. The Order designates specific computer systems, networks and communication infrastructure as Critical National Information Infrastructure (CNII), placing them under enhanced protection and oversight by the Office of the National Security Adviser (ONSA). The ...

✓ OfficialNational Strategycert.gov.ng ↗
22 MAY 2024 · Law / Act

Promoting local content obligation in Digital Marketing Regulation Bill 2024 (HB 1435)

On 22 May 2024, the Digital Marketing Regulation Bill, 2024 (HB. 1435) was introduced in the House of Representatives. The Bill would require designated gatekeepers to promote local content by allocating platform space to content creators established in Nigeria.

Content Moderationlegis360.org ↗
17 MAY 2024 · Executive Order

Central Bank of Nigeria circular on withdrawing guidance on collection and remittance of the national cybersecurity levy

On 17 May 2024, the Central Bank of Nigeria (CBN) adopted circular Ref: PSM/DIR/PUB/LAB/017/005, withdrawing the previous circular Ref: PSM/DIR/PUB/LAB/017/004 on the National Cybersecurity Levy. The withdrawn circular required financial institutions to start deductions by 19 May 2024 and complete system reconfigurations within four to eight weeks, with a 0.5% levy on electronic transactions funding the National Cybersecurity Fund (NCF).

✓ OfficialNational Strategycbn.gov.ng ↗
12 APR 2024 · Executive Order

National Information Technology Development Agency analysis of compliance with laws and misinformation management by social media platforms

On 4 December 2024, the National Information Technology Development Agency (NITDA) released an analysis of compliance with laws and misinformation management by social media platforms. The Code of Practice for Interactive Computer Service Platforms and Internet Intermediaries requires platforms with over one million users to submit annual compliance reports in alignment with Part II, Section 10 of the Code. This regulation promotes transparency and adherence to regulatory standards, aiming to...

Content Moderationnitda.gov.ng ↗
07 APR 2024 · Law / Act

Consumer protection requirements in National Digital Economy and E-Governance Bill, 2024

On 4 July 2024, National Digital Economy and E-Governance Bill, 2024 (SB 498) passed its first reading. The Bill requires service providers or vendors to provide clear and accessible information, including their name, address, email, and telephone number. Consumers are granted the right to cancel contracts before processing. It mandates compliance with data protection standards for personal information collected during transactions and requires the disclosure of detailed terms, conditions, an...

Consumer Protectionfmcide.gov.ng ↗
07 APR 2024 · Law / Act

Service provider regulation in National Digital Economy and E-Governance Bill, 2024

On 4 July 2024, National Digital Economy and E-Governance Bill, 2024 (SB 498) passed its first reading. The Bill requires service providers to meet specified standards for interoperability, scalability, and the use of approved government ICT resources in public procurement processes. It also includes provisions for the adoption of sandboxes to test emerging technologies.

National Strategyfmcide.gov.ng ↗
28 FEB 2024 · Law / Act

Cybersecurity regulation in Cybercrimes (Prohibition, Prevention, etc.) (Amendment) Act 2024

On 28 February 2024, the President signed the Cybercrimes (Prohibition, Prevention, etc.) (Amendment) Bill 2024 into law. The amendments to the Cybercrimes (Prohibition, Prevention, etc.) (Amendment) Act No. 17, 2015, clarify the criteria for cybercrimes and reduce the reporting timeframe for cybersecurity incidents to 72 hours, mandating reporting through sectoral Computer Emergency Response Teams (CERTs) or Security Operation Centres (SOCs). The scope of the Act is expanded to include all p...

✓ OfficialNational Strategyncc.gov.ng ↗
10 JAN 2024 · Law / Act

Registration obligation for data controllers and processors of major importance in Nigeria Data Protection Act, 2023 (Act No. 37)

On 1 October 2024, the obligation for data controllers and processors of major importance to register with the Nigeria Data Protection Commission (NDPC) under the Data Protection Act entered into force. The Act required controllers and processors meeting the criteria established by the NDPC to register by 12 December 2023 and provide information on the risks, safeguards, and security measures adopted to protect the data stored. The NDPC issued a guidance outlining criteria and obligations. Th...

✓ OfficialNational Strategycert.gov.ng ↗
07 JAN 2024 · Executive Order

CBN Risk-Based Cybersecurity Framework and Guidelines for Deposit Money Banks and Payment Service Banks

On 1 July 2024, the "Risk-Based Cybersecurity Framework and Guidelines for Deposit Money Banks (DMBs) and Payment Service Banks (PSBs)" was implemented. The framework was issued by the Central Bank of Nigeria (CBN) on 31 May 2024, requiring DMBs and PSBs to implement these measures by 1 July 2024. It sets out minimum cybersecurity requirements for financial institutions to strengthen their defences against cyber threats. It covers areas such as governance, risk identification, third-party ris...

✓ OfficialNational Strategycbn.gov.ng ↗