Nigeria Amends its Cybercrime Act 2015

The Cybercrime (Prohibition, Prevention.)Amendments Act 2024 was signed by President Bola Tinubu in February 2024 to address emerging cyber threats in the country.^[1] The objectives of the Cybercrimes (Prohibition, Prevention) (Amendment) Act 2024 include: increased government capacity to deal with terrorism, and money laundering and improved mechanisms for international cooperation in the investigation and prosecution of cybercriminals. Aside from the unusual speed with which the amendment was passed and the absence of public participation, the amendment immediately garnered public outcry and a series of controversies, especially regarding some of its financial implications.

In May 2024, months after the amendment, the Office of the National Security Adviser (NSA) called for the full implementation of the Cybercrimes Amendment Act 2024, particularly the operationalization of the National Cybersecurity Fund. This led the Central Bank of Nigeria (CBN) to issue a circular directing banks and other financial institutions to collect the ‘cybercrimes levy’ and thereby raised some questions and controversies. In an attempt to quench the outcry.

The House of Representatives has called for a halt to the implementation of the cybercrimes levy provision. The Chairman of the Senate Committee on National Security and Intelligence, Senator Shehu Buba, who sponsored the bill also clarified that the levy is not targeted at individuals but at the businesses specified in the Act, a clarification which remains unclear.

Some other notable amendments made by the act include

• It narrows down the definition of the offense of cyberstalking to include only messages sent using computers that are: Pornographic or Likely to cause the breakdown of law and pose a threat to life.^[2] This is as opposed to the wide and all-inclusive definition under the previous act.
• One of the most debated aspects of the Cybercrime Act amendment is the introduction of a cybersecurity levy that requires banks to deduct 0.5% from all electronic transactions to fund the national cybersecurity fund.^[3] This move provoked widespread protests and a lawsuit against the CBN by advocacy group, SERAP. Facing growing backlash, President Tinubu stepped in and suspended the levy to ease the financial burden on citizens.
• The act empowers the Office of the National Security Adviser (NSA) to administer, keep proper records of accounts, and ensure compliance monitoring mechanisms for the National Cybersecurity Fund. The (0.005) 0.5% levy on all electronic transactions by specified businesses is specified as one of several sources of revenue for the Fund. This particular amendment has raised questions about the status of the Office of the NSA being neither a constitutional nor statutory body and whether it can assume the powers to administer levies collected under the Act. Normally, revenue collected at the Federal level should be paid into the Consolidated Revenue Fund of the Federation and to be spent only after the National Assembly has approved the budget.
• Criminalization of failure to remit the cybersecurity levy
• The scope of persons who may be liable for the offense of perpetrating fraud using computer systems or networks has been expanded from an employee of a financial institution to an employee of ‘any private or public organization’.
• Requirement that all financial institutions verify the identity of their customers before issuing them ATM cards, credit/debit cards, and other related electronic devices. This should be done by asking them to present a National Identification Number issued by the National Identity Management Commission and other valid documents bearing their personal details.^[4]
• The responsibilities of the office of the NSA under the act are amended to include two additional responsibilities i.e  To ensure the establishment of sectoral Computer Emergency Response Teams (CERT) and sectoral Security Operation Centres (SOC) that shall feed into the national CERT and to ensure that all public and private organizations integrate and route their internet and data traffic to the sectoral SOCs thereby protecting the national cyberspace
• Expansion of the offense of manipulation of ATM/POS Terminals to include other payment technology

^[1] Chimee Chukwudelebu,  Emmanuel Agherario and Beverley Agbakoba-Onyejianya,  “Navigating Innovation, Growth And Transformation In The Tech Industry (January – August 2024)”  Olisa Agbakoba Legal (OAL),  Mondaq.  <https://www.mondaq.com/nigeria/new-technology/1536592/navigating-innovation-growth-and-transformation-in-the-tech-industry-january-august-2024>

^[2] Section 24{1}a and b

^[3] Section 44 (2)(a) Cybercrime (Prohibition, Prevention.)Amendments Act 2024 https://placng.org/i/documents/cybercrimes-prohibition-prevention-etc-amendment-act-2024/

^[4] section 37(1) (a)