The deadline was March 31, 2026. If your organisation processes the personal data of more than 1,000 people and you have not filed your annual Compliance Audit Return with the Nigeria Data Protection Commission, you are already in default. The penalty for late filing is a 50% administrative surcharge on top of the base fine.…
Nigeria’s regulatory approach to digital assets has evolved significantly. After several years of restrictions, the Central Bank of Nigeria (CBN) lifted its prohibition on banks facilitating cryptocurrency transactions in December 2023 and issued new guidelines for Virtual Assets Service Providers (VASPs). The Securities and Exchange Commission (SEC) has also issued comprehensive rules for digital assets…
A data breach can happen to any organisation, regardless of size or sector. The Nigeria Data Protection Act 2023 (NDPA) sets out specific notification obligations that organisations must meet when a breach occurs. This article explains what those obligations are and how to prepare for them. What Is a Personal Data Breach? Under the NDPA,…
Software is licensed, not sold. This distinction is foundational to understanding software transactions and has significant implications for both software vendors and their customers. In Nigeria, software licensing agreements are governed primarily by contract law and the Copyright Act 2022. This article explains the key elements of a software licence and the common pitfalls to…
The Central Bank of Nigeria released its Regulatory Framework for Open Banking in Nigeria in 2021. Open banking enables customers to authorise the sharing of their financial data with third-party providers (TPPs), facilitating the development of new financial products and services built on top of bank data. What Is Open Banking? Open banking is the…
E-commerce has grown rapidly in Nigeria, with platforms facilitating billions of naira in transactions annually. Yet many Nigerian e-commerce businesses operate with poorly drafted terms, unclear refund policies, and inadequate consumer protection mechanisms. Legal Framework E-commerce in Nigeria is governed by the Consumer Protection Act 2019, the FCCPA 2018, the Cybercrimes Act 2015, and the…
Artificial intelligence systems are increasingly used in Nigerian businesses, from customer service chatbots and credit scoring models to automated hiring tools and content moderation systems. Nigeria does not yet have dedicated AI legislation, but the existing legal framework already has implications for AI deployment. What Existing Law Says The NDPA 2023 Automated decision-making that has…
The Cybercrimes (Prohibition, Prevention, etc.) Act 2015 is Nigeria’s primary legislation dealing with cybercrime. It criminalises a wide range of digital offences and imposes specific obligations on businesses operating in the digital space. Understanding the Act is essential for any company that relies on digital infrastructure. Overview of the Cybercrimes Act 2015 The Act provides…
The Nigeria Data Protection Act 2023 (NDPA) marks a significant shift in how personal data is regulated in Nigeria. Unlike its predecessor, the Nigeria Data Protection Regulation 2019 (NDPR), the NDPA is a full Act of the National Assembly with binding force, a dedicated regulatory body, and a clearer enforcement framework. Every business that processes…
The Central Bank of Nigeria (CBN) has issued a series of regulatory frameworks that collectively define the compliance obligations of fintech companies operating in Nigeria. Whether you are running a payment service bank, a mobile money operator, a lending platform, or a cryptocurrency exchange, understanding the applicable CBN frameworks is essential to lawful operation. The…
The Investments and Securities Act 2025 (the Act) resolves, at the level of primary legislation, a question that has occupied regulators across multiple jurisdictions: the legal status of digital assets. Under Nigerian law, virtual and digital assets are now brought within the statutory definition of securities.