NIGERIA
Since December 2013, last amended in August 2019
Pillar Content access |
Indicator Licensing schemes for digital services and applications
Guidelines for Nigerian Content Development in Information and Communication Technology (ICT)
Entities seeking to provide communication services or facilities in Nigeria are subject to a licensing requirement. According to Section 10.3 of the Guidelines for Nigerian Content Development in Information and Communication Technology (ICT), Software Multinational Companies and Original Equipment Manufacturers must negotiate Universal License Agreements (ULA) with the National Information Technology Development Agency (NITDA) and offer these licenses and services to the public sector under terms agreed upon with the agency.
Coverage Foreign software companies
NIGERIA
Since March 2018
Since July 2003
Since July 2003
Pillar Content access |
Indicator Licensing schemes for digital services and applications
Value-Added Services and Aggregator Framework (Amended), 2018
Nigerian Communications Act 2003
Nigerian Communications Act 2003
Within Section 2.3 of the Value Added Services and Aggregator Framework of 2018, any company in Nigeria is barred from offering any Value Added Service without an appropriate license by the Nigerian Communications Commission (NCC). In the Framework, the definition of Value Added Service is any network-based service other than voice conversation that is provided in the form of text, video, graphics, picture, multimedia or data for the purpose of conveying information or executable content either downloaded or accessed online and normally at extra cost. The following classes of services are recognised as value-added services:
- Information services/Content: news, updates, data, quizzes, games, ringtones, video streaming, alerts, product information, call centre, database access;
- Interactive services/ applications: charting, contest participation, e-voting, e-government, text-to-win, polls and surveys, coupons, online games, promotions, prepaid calling card service, call directory, location-based services;
- Commerce: e-banking, mobile money, e-health, telemarketing, e-ticketing.
This provision is in line with the Nigerian Communications Act, 2003 (Section 31.1), which mandates that a communications system or facility provider operate under a specific license unless exempted under the Act.
- Information services/Content: news, updates, data, quizzes, games, ringtones, video streaming, alerts, product information, call centre, database access;
- Interactive services/ applications: charting, contest participation, e-voting, e-government, text-to-win, polls and surveys, coupons, online games, promotions, prepaid calling card service, call directory, location-based services;
- Commerce: e-banking, mobile money, e-health, telemarketing, e-ticketing.
This provision is in line with the Nigerian Communications Act, 2003 (Section 31.1), which mandates that a communications system or facility provider operate under a specific license unless exempted under the Act.
Coverage Value-added services
Sources
- https://web.archive.org/web/20221129100723/https://www.ncc.gov.ng/docman-main/licensing-documents/licensing-frameworks/791-value-added-service-aggregator/file
- https://web.archive.org/web/20231213211626/https://www.ncc.gov.ng/docman-main/licensing-documents/licensing-frameworks/194-value-added-services/file
- https://web.archive.org/web/20230224082422/https://ncc.gov.ng/documents/128-nigerian-communications-act-2003/file
- Show more...
NIGERIA
Since January 2019
Since November 2020
Since June 2023
Since November 2020
Since June 2023
Pillar Cross-border data policies |
Indicator Conditional flow regime
Nigeria Data Protection Regulation 2019
Nigeria Data Protection Regulation 2019: Implementation Framework
Nigeria Data Protection Act, 2023
Nigeria Data Protection Regulation 2019: Implementation Framework
Nigeria Data Protection Act, 2023
Sections 41.1 and 43.1 of the Data Protection Act (DPA) provide that a data controller is allowed to transfer personal data from Nigeria to another country as long as there is an adequate level of protection of personal data in such country or the data subject consented to the transfer after being informed of the risk and did not withdraw the consent, the transfer is necessary for the performance of a contract to which the data subject is a party, the transfer is for the data subject's benefit, necessary for a public interest, necessary for legal action, or protect the vital interest of the data subject or third party.
Prior to the DPA, the Nigerian Data Protection Regulation 2019 (NDPR) was the go-to regulation on data protection. Although enforceable, it remains a subsidiary legislation, and there was no specific commission to oversee data protection. According to Section 2.11 of the NDPR, personal data transfers are permitted on condition that the destination country offers an adequate level of data protection. Determining the level of data protection is a prerogative of the National Information Technology Development Agency (NITDA) based on the Honourable Attorney General of the Federation's (HAGF) consideration of the foreign country’s legal system, rule of law, respect for human rights and fundamental freedoms, as well as relevant general and sector-specific legislation in public security, defence, national security, and criminal law. The countries whose levels of personal data protection are considered adequate are provided in the whitelist in Annex C of the Implementation Framework of the Data Protection Regulation and include 42 countries in addition to the EU Member States and all African countries who are signatories to the Malabo Convention 2014.
Where a transfer to a jurisdiction outside the whitelist is being sought, the Data Controller shall ensure there is verifiable documentation to conduct the transfer under one or more of the exceptions stated in Art. 2.12 of the NDPR. These include the consent of the data subject and the necessity for the performance of the contract.
Prior to the DPA, the Nigerian Data Protection Regulation 2019 (NDPR) was the go-to regulation on data protection. Although enforceable, it remains a subsidiary legislation, and there was no specific commission to oversee data protection. According to Section 2.11 of the NDPR, personal data transfers are permitted on condition that the destination country offers an adequate level of data protection. Determining the level of data protection is a prerogative of the National Information Technology Development Agency (NITDA) based on the Honourable Attorney General of the Federation's (HAGF) consideration of the foreign country’s legal system, rule of law, respect for human rights and fundamental freedoms, as well as relevant general and sector-specific legislation in public security, defence, national security, and criminal law. The countries whose levels of personal data protection are considered adequate are provided in the whitelist in Annex C of the Implementation Framework of the Data Protection Regulation and include 42 countries in addition to the EU Member States and all African countries who are signatories to the Malabo Convention 2014.
Where a transfer to a jurisdiction outside the whitelist is being sought, the Data Controller shall ensure there is verifiable documentation to conduct the transfer under one or more of the exceptions stated in Art. 2.12 of the NDPR. These include the consent of the data subject and the necessity for the performance of the contract.
Coverage Horizontal
Sources
- https://web.archive.org/web/20221210031316/https://www.dataguidance.com/legal-research/nigeria-data-protection-regulation-2019
- https://web.archive.org/web/20240626132806/https://www.dataguidance.com/sites/default/files/ndpr_implementation_framework_november_2020.pdf
- https://web.archive.org/web/20231202053131/https://ndpc.gov.ng/Files/Nigeria_Data_Protection_Act_2023.pdf
- https://web.archive.org/web/20230926050057/https://www.dataguidance.com/notes/nigeria-data-protection-overview
- Show more...
NIGERIA
Since January 2018
Pillar Intellectual Property Rights (IPRs) |
Indicator Adoption of the WIPO Copyright Treaty
WIPO Copyright Treaty
Nigeria has ratified the World Intellectual Property Organization (WIPO) Copyright Treaty.
Coverage Horizontal
NIGERIA
N/A
Pillar Cross-border data policies |
Indicator Participation in trade agreements committing to open cross-border data flows
Lack of participation in agreements with binding commitments on data flows
Nigeria has not joined any free trade agreement committing to open transfers of cross-border data flows.
Coverage Horizontal
NIGERIA
Since January 2018
Pillar Intellectual Property Rights (IPRs) |
Indicator Adoption of the WIPO Performances and Phonograms Treaty
WIPO Performances and Phonograms Treaty
Nigeria has ratified the World Intellectual Property Organization (WIPO) Performances and Phonograms Treaty.
Coverage Horizontal
NIGERIA
Since June 2023
Since January 2019
Since January 2019
Pillar Domestic data policies |
Indicator Framework for data protection
Nigerian Data Protection Act, 2023
Nigeria Data Protection Regulation 2019
Nigeria Data Protection Regulation 2019
The Data Protection Act establishes a comprehensive regime for data protection in Nigeria, providing a legal framework for safeguarding personal information and creating the Nigeria Data Protection Commission (NDPC). Aligning with international standards, the Act sets forth principles for the processing of personal data, specifying requirements for handling sensitive information and children's data. Additionally, it mandates data controllers to conduct Data Protection Impact Assessments, appoint data protection officers, notify breaches, and adhere to data security protocols. The Act also imposes restrictions on cross-border data transfers, adopting the concept of adequate protection. Furthermore, it grants data subjects rights such as the right to object, withdraw consent, data portability, and protection from decisions based solely on the automated processing of personal data.
Before the enactment of the Data Protection Act, the Nigerian Data Protection Regulation served as the primary regulation for data protection. Although enforceable, it remains a subsidiary legislation.
Before the enactment of the Data Protection Act, the Nigerian Data Protection Regulation served as the primary regulation for data protection. Although enforceable, it remains a subsidiary legislation.
Coverage Horizontal
Sources
- https://web.archive.org/web/20240207062905/https://ndpc.gov.ng/Files/Nigeria_Data_Protection_Act_2023.pdf
- https://web.archive.org/web/20230128054440/https://www.dataguidance.com/jurisdiction/nigeria
- https://unctad.org/page/cyberlaw-tracker-country-detail?country=ng
- https://web.archive.org/web/20240920052245/https://www.dataguidance.com/sites/default/files/nigeriadataprotectionregulation11.pdf
- Show more...
NIGERIA
Since December 2013, last amended in August 2019
Pillar Intellectual Property Rights (IPRs) |
Indicator Mandatory disclosure of business trade secrets such as algorithms or source code
Guidelines for Nigerian Content Development in Information and Communication Technology (ICT)
In 2013, the National Information Technology Development Agency (NITDA) promulgated guidelines on Nigerian content in information and communications technology, with subsequent amendments in 2019. These guidelines apply to both state entities and private enterprises. The guidelines mandate that multinational companies provide verifiable information and sign affidavits regarding the origin, safety, source, and functioning of software sold and deployed within Nigeria to "ascertain the full security of the product and protect national security." This requirement also aims to ensure the security of source code, though it remains unclear whether this could potentially result in the disclosure of the source code.
Coverage Software
Sources
- https://web.archive.org/web/20220706015400/https://nitda.gov.ng/wp-content/uploads/2020/11/GNCFinale2211.pdf
- https://web.archive.org/web/20211204053055/https://iclg.com/practice-areas/digital-business-laws-and-regulations/nigeria
- https://web.archive.org/web/20201127142159/https://www.dlapiperintelligence.com/goingglobal/intellectual-property/index.html?t=trade-secrets
- Show more...
NIGERIA
Since 2015
Pillar Domestic data policies |
Indicator Minimum period for data retention
CyberCrime Act, 2015
Section 38 of the CyberCrime Act requires communication service providers to keep traffic data and subscriber information for two years.
Coverage Communication Service providers
NIGERIA
Since January 2019
Pillar Intellectual Property Rights (IPRs) |
Indicator Mandatory disclosure of business trade secrets such as algorithms or source code
Lawful Interception of Communications Regulations, 2019
Rule 11.1 of the Lawful Interception of Communications Regulations, 2019 prohibits licensees from providing any communications services that cannot be monitored and intercepted. Further, Rule 9.1 of the same regulations states that where communication intercepted is encrypted, the communications service provider is required by the regulator to provide the key, code or access to the encrypted communication.
Coverage Telecommunications sector
NIGERIA
N/A
Pillar Intellectual Property Rights (IPRs) |
Indicator Effective protection covering trade secrets
Lack of regulatory framework covering trade secrets
Nigeria has no rules applicable to the protection of trade secrets.
Coverage Horizontal
NIGERIA
N/A
Pillar Telecom infrastructure & competition |
Indicator Passive infrastructure sharing obligation
Lack of obligation to share passive infrastructure
It is reported that there is no obligation for passive infrastructure sharing in Nigeria to deliver telecom services to end users. However, it is practised in both the mobile and fixed sectors based on commercial agreements.
Coverage Telecommunications sector
NIGERIA
Reported in 2021
Pillar Telecom infrastructure & competition |
Indicator Presence of shares owned by the government in telecom companies
Presence of shares owned by the government in the telecom sector
In December 2014, Nigeria's National Council on Privatisation (NCP) approved the sale of Nigerian Telecommunications (NITEL) and its mobile arm (M-Tel) to NATCOM Consortium. The government still owns 25% of the NITEL (the incumbent). The government announced it plans to return to the market to sell the remaining 25% to Nigerians through Initial Public Offering (IPO).
Coverage Telecommunications sector
Sources
- https://web.archive.org/web/20230424072246/https://www.lexology.com/library/detail.aspx?g=38c795ed-1569-48a7-be94-d73f5c047d1c
- https://web.archive.org/web/20221019202458/https://www.ncc.gov.ng/docman-main/legal-regulatory/regulations/101-regulations-for-competition-practices/file
- https://web.archive.org/web/20221019202448/https://www.ncc.gov.ng/docman-main/legal-regulatory/regulations/329-regulations-for-telecommunications-networks-interconnection-2/file
- Show more...
NIGERIA
N/A
Pillar Telecom infrastructure & competition |
Indicator Functional/accounting separation for operators with significant market power
Requirement of accounting and functional separation for dominant network operators
It is reported that Nigeria mandates functional and accounting separation for operators with significant market power (SMP) in the telecom market.
Coverage Telecommunications sector
NIGERIA
Since July 2003
Since January 1995
Since January 1995
Pillar Telecom infrastructure & competition |
Indicator Licensing restrictions to operate in the telecom market
Nigerian Communications Act 2003
Nigerian Investment Promotion Commission Act, 1995
Nigerian Investment Promotion Commission Act, 1995
According to Art. 31 of the Nigerian Communications Act, no person is allowed to operate a communication system or facility nor provide communication service in Nigeria, unless authorised to do so. Internet Service Provision and Internet Exchange licences authorise the provision of data services. On the other hand, the provision of voice-over Internet Protocol (VoIP) does not require a license.
However, in order to operate in the Nigerian telecom market, promoters or investors have to register a company in Nigeria whose entity is separate and distinct from its parent company. The locally incorporated branch or subsidiary, in accordance with the provisions of Section 20 of the Nigerian Investment Promotion Commission Act, must apply to the Nigerian Investment Promotion Commission ("NIPC") for company registration and other necessary authorisations and licenses to allow foreign participation.
However, in order to operate in the Nigerian telecom market, promoters or investors have to register a company in Nigeria whose entity is separate and distinct from its parent company. The locally incorporated branch or subsidiary, in accordance with the provisions of Section 20 of the Nigerian Investment Promotion Commission Act, must apply to the Nigerian Investment Promotion Commission ("NIPC") for company registration and other necessary authorisations and licenses to allow foreign participation.
Coverage Telecommunications sector
Sources
- https://web.archive.org/web/20230424072338/https://ncc.gov.ng/accessible/documents/128-nigerian-communications-act-2003/file
- https://web.archive.org/web/20220315171044/https://www.nipc.gov.ng/wp-content/uploads/2021/10/NIPC-ACT.pdf
- https://web.archive.org/web/20231002053941/https://tonbofa.com/investing-in-telecommunications-in-nigeria/
- Show more...
