The Legislative Framework for Cybercrime in Nigeria: Current Status, Issues and Recommendations

For many years, cybercrime has been on the Nigerian policy plans. The Economic and Financial Crimes Commission (EFCC), the Independent Corrupt Practices and Other Related Offenses Commission (ICPC), the State Security Services (SSS), and the Nigerian Police all play important roles in combating the growing trend of cybercrimes in Nigeria. The Economic and Financial Crimes Commission (EFCC), in particular, has conducted investigations into fraud-related cybercrime.  Despite the fact that the Evidence Act was revised in 2011 to allow for the admission of electronic evidence, until 2015, effective criminal justice procedures were impeded by the lack of a legal framework for cybercrime.


The Nigeria Government in February 2015 endorsed the National Cybersecurity Policy and Strategy produced by the Inter-Ministerial Committee and managed by the Office of the National Security Adviser. It is based on the notion that threats to information and communication technology are a danger to Nigeria’s national security, affecting the country’s “economic, political, and social fabric.” Cybercrime, cyber-espionage, cyber conflict, cyber-terrorism, and child internet abuse and exploitation were listed as the most serious concerns. Its goal is to handle cyber security risks in accordance with the overarching national security goal. So far, the policy has been very beneficial in increasing Nigeria’s cyber resilience.


The Cybercrimes (Prohibition, Prevention, and Punishment) Act of 2015 was passed and went into effect on May 15, 2015.  According to authorities, the Act establishes a uniform and comprehensive legal, regulatory, and institutional framework in Nigeria for the prohibition, detection, prosecution, and punishment of cybercrime. The legislation also protects essential national information infrastructure, promotes cyber security, and protects computer systems and networks, electronic communications, data and computer programs, intellectual property, and privacy rights.


The Nigerian Cybercrime Act 2015 also promotes cybersecurity and cybercrime prevention by requiring the private sector – including ISPs, telecommunication operators, and financial institutions – to report and cooperate with law enforcement agencies and the Nigerian Computer Emergency Response Team (ng-CERT). It establishes a Cybercrime Advisory Council to facilitate effective implementation, capacity-building, multi-stakeholder engagement, and inter-agency/international cooperation, with the National Security Adviser coordinating LEAs and the Attorney General overseeing and strengthening the legal and institutional framework. According to officials, the National Security Adviser is in charge of overall national cyber security measures. Other key players include government agencies and private-sector businesses. In terms of overall cyber security strategy, the Nigerian government offers strategic guidance.


The Nigerian Computer Emergency Response Team (ngCERT) was founded under the National Security Adviser’s Office. The ngCERT’s major objective is to manage the risks of cyber threats in Nigeria’s cyberspace and efficiently coordinate incident response and mitigation plans to proactively prevent cyber-attacks against Nigeria. It is situated under the Office of the National Security Adviser.


ngCERT’s primary functions are as follows:

  • to develop a common Situation Awareness platform – to coordinate information sharing on a national scale
  • to properly handle and coordinate the management of a national-interest incident
  • to aid in the implementation of the National Cybersecurity Policy
  • to give technical assistance and knowledge to sectorial CSIRTs as needed
  • to function as the worldwide point of contact for all Internet security incidents in Nigeria


The Cybercrime Advisory Council was created in March 2016 in accordance with Articles 42 and 43 of the Cybercrimes Act, with members from a broad variety of ministries and agencies working under the overall direction of the National Security Adviser. 


Among the functions are:

  • Creating a conducive atmosphere for the exchange of knowledge and experience
  • Developing policy recommendations for the execution of sections of the Cybercrime Act of 2015.
  • Advice on cybercrime and cybersecurity prevention and other measures
  • Promotion of training and education, including research and internships


The Data Protection Bill was approved by the National Assembly in 2019. However, it was not signed by the President. Following the presidential elections, the bill was resubmitted to Parliament for approval, and it is presently being resumed in order to resume the legislative process.


Issues and Recommendable Approach towards Cybercrime Legislation in Nigeria

Cybercrime is an attack not just on the privacy, validity, and accessibility of computer data and systems, but also on the underlying values and long – term prospects of societies that are increasingly reliant on information technology. Therefore, governments cannot afford to be inert; they must defend society and people against crime.


While countless cyberattacks on computers and data are logged every day throughout the globe, only a tiny percentage of cyber crime — that is, offenses against and via computers – is prosecuted and judged. Besides that, evidence in connection with any crime is increasingly accessible in electronic form on computer systems or storage devices and such evidence must be protected for criminal proceedings.


The primary issues that the Nigerian government is confronting are a broad lack of understanding about cyber security measures and the consequences connected with cybercrime. Nigeria does not at present have a national cyber security awareness program, but is developing one. While Nigeria has yet to collaborate with civil societies/NGOs to educate and create awareness about cyber threats, authorities have said that they do have a plan in place to strengthen public-private collaborations. 


Although few Nigerian colleges provide cyber security degree programs, no national cyber security training facilities have been developed. Last year, public awareness has been one of the most significant hurdles to cyber security advances. A significant advancement would be for institutional players to actively participate in upgrading Nigeria’s national cyber security posture.


Because the private sector drives the Nigerian economy, the government collaborates with the corporate sector on cyber security challenges. Nigeria maintains fruitful relationships with international communities when it comes to managing and responding to cyber threats, and it promotes confidence-building measures (CBM) and international cooperation in cyberspace by exchanging information on cyber incidents and best practices for cyber security. Multi-stakeholder involvement is underway in Nigeria and is seen as a critical component to the effective implementation of a national cyber security plan.


A strong criminal justice response is therefore required. This includes investigating, prosecuting, and adjudicating offenses committed against and via computer systems and data, as well as safeguarding electronic evidence in connection to any crime. Given the global nature of cybercrime and, in particular, vulnerable electronic evidence, protecting against it also necessitates effective international collaboration.


Governments must not only adopt effective steps to prevent and regulate cybercrime and other offenses utilizing electronic evidence, but they must also do so while respecting human rights and the rule of law. Criminal law is one tool for doing this.


The cornerstone of a criminal justice response is comprehensive legislation that covers both substantive law (behavior to be designated as a criminal offence) and procedural law (investigative capabilities for law enforcement).


A number of conditions must be met by cybercrime and electronic evidence legislation:

  • It must be sufficiently (technology) neutral to accommodate the continual growth of technology and crime, or it risks becoming outdated before it gets into effect.
  • It must be sufficiently harmonised or at least consistent with the laws of other nations to allow international collaboration, for example, to fulfill the dual criminality criteria.


Nigeria regulators drafting cybercrime law may seek assistance from a variety of texts. Among them is the African Union Convention on Cyber Security and Personal Data Protection which was approved in Malabo in June 2014.


This treaty shows the African Union’s Member States’ strong commitment to establishing a safe and reliable basis for the information society. It encompasses a wide variety of measures, from electronic transactions to personal data protection, cyber security, and cybercrime.


Given that this treaty is relatively new and has yet to be proven in reality, as well as its extensive reach, the current report refers to the Budapest Convention on Cyber Crime (5). This Convention, which is increasingly being utilized throughout Africa, focuses on cybercrime and electronic evidence, as well as international collaboration.


In 2001, the Convention against Cybercrime was opened for signing in Budapest, Hungary. The Council of Europe developed it with the involvement of Canada, Japan, South Africa, and the United States, and it is available for admission by any State willing to implement it and participate in international collaboration. By 10th July 2017, it had 55 Parties and a further 14 States that had been asked to accede or sign it including Nigeria.


The Budapest Convention is supported by the CyberCrime Convention Committee, which represents the treaty’s Parties, as well as capacity-building programs. Adopting the Budapest Convention as a suitable roadmap for Nigeria may assist enhance the legal framework in the country’s fight against cybercrime.


The Nigerian government intends to establish personal data protection legislation in the future, however for the time being, cybercrime laws have been passed. Nigeria’s National Policy Framework seeks a unified security policy that would adapt to the changing nature of the national security threat environment.  Thus, the African Union Convention on Cyber Security and Personal Data Protection, as well as the Budapest Convention on Cybercrime, seem to be complimentary in supporting the Nigeria Cybercrime Act 2015 and the effectiveness of Nigeria’s cybercrime legislative efforts.


At Olisa Agbakoba Legal (OAL), we have skilled and experienced cyber lawyers that can support and provide legal and advisory services. Our Cyber lawyers deal with issues of cybercrimes against individuals, companies or the government, and handle cases related to e-commerce, e-contracts and digital signatures, intellectual property rights, cybersecurity, etc.

Feel free to Contact OAL’s Cyber Lawyers to discuss issues relating to internet technologies and cybercrime in Nigeria.




Written By:

Josephine Uba

Lead Digital Strategist, OAL.