Back Nigeria


    Status regarding Budapest Convention

Status regarding Budapest Convention

Status : Party See legal profile

Cybercrime policies/strategies

Cybercrime has been on the agenda of the Nigerian Government for many years. Investigations – in particular of fraud-related cybercrime – have been carried out in particular by the Economic and Financial Crime Commission (EFCC).

Though the Evidence Act was amended in 2011 to cater for the admissibility of electronic evidence, the absence of a legal framework on cybercrime hampered effective criminal justice measures until 2015.

In February 2015, the Government adopted the National Cybersecurity Policy and Strategy prepared by the Inter-Ministerial Committee coordinated by the Office of the National Security Adviser. It is based on the understanding that threats to information and communication technology are threats to Nigeria national security touching the “economic, political and social fabric of Nigeria.” The most significant threats identified are cybercrime, cyber-espionage, cyber conflict, cyber-terrorism and child online abuse & exploitation.

The Cybercrimes (Prohibition, Prevention, Etc) Act, 2015 was enacted and entered into force on 15th May 2015. The purpose of the Act is also to promote cybersecurity and cybercrime prevention, and it provides for obligations to the private sector – including ISPs, telecommunication operators and financial institutions – to report and cooperate with law enforcement authorities and the Nigerian Computer Emergency Response Team (ng-CERT). It provides for the National Security Adviser to coordinate LEAs and the Attorney General to oversee and strengthen the legal and institutional framework whilst establishing a Cybercrime Advisory Council to facilitate effective implementation, capacity-building, multi-stakeholder engagement and inter-agency/international cooperation.

The Nigerian Computer Emergency Response Team was established in the Office of the National Security Adviser. Its mission is “To manage the risks of cyber threats in the Nigeria’s cyberspace and effectively coordinate incident response and mitigation strategies to proactively prevent cyber-attacks against Nigeria”. The core function of ngCERT are:

  • to establish a shared Situation Awareness platform - Coordinate information sharing at the National Level
  • to efficiently manage and coordinate management of incident of national interest
  • to support the National Cybersecurity Policy
  • to provide technical support and expertise to sectorial CSIRT’s as and when required
  • to serve as international Point of contact for all Internet Security Incident in Nigeria.

In March 2016 – in line with Articles 42 and 43 Cybercrimes Act – the Cybercrime Advisory Council is to be established, comprising representatives of a wide range of ministries and agencies under the overall coordination of the National Security Adviser. Functions include: 

  • Creating an enabling environment for sharing of information and experience
  • Formulating policy guidelines regarding implementation of provisions of the Cybercrimes Act 2015
  • Advice on preventive and other measures regarding cybercrime and cybersecurity
  • Promoting training and education, including research and traineeships.

 In 2019 the Data Protection Bill passed the approval of the National Assembly, but it wasn’t signed by the President. Following the presidential elections though, the proposal had to go back to the approval of the Parliament and it is currently being revisited to restart the legislative process.

Specialised institutions

In the Attorney General’s office, the Cybercrime Prosecution Unit provides the overall policy, legislation and prosecution thrust.

There is a Specialised Police Cybercrime Unit within the FCIID in the Nigeria Police Force.

The Cybercrime Advisory Council is statutory body charged with coordinating implementation and capacity-building.

The Nigerian Computer Emergency Response Team (ng-CERT and the sectoral CERT)

The National Forensics Laboratory is in an embryonic state.

The Nigeria Electronic Fraud Forum ( NeFF)

Economic and Financial Crime Commission (EFCC)

Nigerian Financial Intelligence Unit (NFIU)

Jurisprudence/case law

The decision of the Supreme Court in Kubor V. Dickson (2013)4 NWLR(Pt.1345)534.

In Kubor v Dickson the Supreme Court examined the provisions of Sections 84, 34(1)(b) and 258 of the Evidence Act 2011 regarding the concept of a 'document' and the admissibility of electronic evidence.

See also: http://nji.gov.ng/images/Workshop_Papers/2016/Refresher_Magistrates/s09.pdf

Sources and links

Nigerian Constitution

Cybercrimes (Prohibition, Prevention, Etc) Act, 2015

A Summary Of The Legislation On Cybercrime in Nigeria, Legislative & Government Relations Unit, Public Affairs Department in The Communicator, in-house magazine of the Nigerian Communications Commission (NCC), Issue #14 - Quarter 3, 2015

The Central Bank of Nigeria - About the Nigerian financial sector