A repository for tracking all cybersecurity-related documents and frameworks guiding the operational, regulatory and strategic direction of everything Cyber in Nigeria.
| Document | Author | Description | Resource URL |
|---|---|---|---|
| Nigeria Cybersecurity Policy and Strategy 2014 | Office of the National Security Adviser (ONSA) | The Nigeria Cybersecurity Policy and Strategy 2014 is a document that was developed by the Office of the National Security Adviser (ONSA) to provide a comprehensive framework for enhancing the security and resilience of Nigeria’s cyberspace. It outlines the vision, mission, objectives, principles, roles and responsibilities of various stakeholders in the cybersecurity ecosystem. It also defines the strategic goals and action plans for achieving a secure and prosperous digital Nigeria. | cert.gov.ng |
| CyberCrime Prohibition Prevention etc. Act 2015 | National Assembly | The Nigeria Cybercrime Act is a law that was enacted in 2015 to provide a legal framework for the prohibition, prevention, detection, prosecution and punishment of cybercrimes in Nigeria. It also aims to protect critical national information infrastructure and promote cybersecurity and privacy rights | cert.gov.ng |
| Risk-Based Cybersecurity Framework and Guidelines for Deposit Money Banks (DMBs) and Payment Service Provider, 2018 | CBN | The Risk-Based Cybersecurity Framework and Guidelines for Deposit Money Banks (DMBs) and Payment Service Provider is a set of guidelines developed by the Central Bank of Nigeria (CBN) to ensure that DMBs and Payment Service Providers (PSPs) have adequate cybersecurity measures in place to protect their systems and customers from cyber threats. | cbn.gov.ng |
| The Nigeria Data Protection Regulation 2019 (NDPR) | NITDA | The Nigeria Data Protection Regulation 2019 (NDPR) is a regulation issued by the National Information Technology Development Agency (NITDA) to provide a legal framework for the protection of personal data in Nigeria. It applies to all public and private organizations that collect, process, store, or transfer personal data of natural persons in Nigeria or abroad | nitda.gov.ng |
| Nigeria Cybersecurity Policy and Strategy 2021 | Office of the National Security Adviser (ONSA) | Nigeria Cybersecurity Policy and Strategy 2021 is a document that provides the strategic direction for Nigeria’s cybersecurity efforts and outlines the key principles, objectives, and priorities for enhancing the security and resilience of the nation’s cyberspace. | ctc.gov.ng |
| Nigeria Data Protection Act 2023 | National Assesmbly | Nigeria Data Protection Act 2023 is a new law that provides a legal framework for protecting and regulating personal data in Nigeria. The law was signed on June 14, 2023. The law establishes the Nigeria Data Protection Commission and addresses issues such as data security, consent, individual rights, and cross-border data transfer. | assets.kpmg.com |
| Risk-based Cybersecurity Framework and Guidelines for Other Financial Institutions (OFIs) 2022 | Central Bank of Nigeria | The Risk-based Cybersecurity Framework and Guidelines for Other Financial Institutions (OFIs) is a document issued by the Central Bank of Nigeria (CBN) in June 2022. It provides a set of minimum standards and best practices for OFIs to enhance their cybersecurity posture and resilience against cyber threats | cbn.gov.ng |
| Convention | Description | Status | Source |
|---|---|---|---|
| Budapest Convention | The Budapest Convention on Cybercrime is an international treaty that aims to harmonize national laws and improve cooperation among countries in the investigation and prosecution of cybercrime. Nigeria signed the convention in 2022 and has since made efforts to align its domestic laws with the convention's provisions. | Signed & Ratified | Council of Europe |
| Malabo Convention | Nigeria has neither signed nor ratified the African Union (UN) Convention on Cybersecurity and Personal Data Protection. The Malabo Convention is a framework convention which is meant to provide general rules and principles on three broad themes: Personal data protection; electronic commerce; and cybersecurity and cybercrimes in the continent | Not Signed nor Ratified | AU.INT |