The Cybercrimes Act of 2015 in Nigeria was a significant step towards addressing the growing issue of cyber insecurity in the country. However, with the rapid advancement of technology and the emergence of new forms of cybercrimes, it became essential to review and amend the existing legislation to enhance its effectiveness.
The recent review led to the enactment of the Cybercrime (Prohibition, Prevention, etc) (Amendment) Act, 2024, which introduced several key provisions to strengthen Nigeria’s cybersecurity framework and address gaps in the previous legislation.
One of the most notable changes introduced by the Amendment Act is the revised timeline for reporting cyber threats. Under the new provisions, individuals or institutions facing cyber threats must notify the National Computer Emergency Response Team (CERT) within seventy-two hours of detection. Failure to comply with this requirement will result in penalties, including denying internet access and fines payable to the National Cybersecurity Fund.
Additionally, the Amendment Act widened the applicability of the law to include all individuals employed by public or private organizations, not just those working in financial institutions. This expansion aims to hold a broader range of individuals accountable for cybercrimes and related offenses.
Furthermore, the Amendment Act addressed the manipulation of ATM/POS terminals, ensuring that individuals who engage in such activities are held responsible. This provision seeks to mitigate fraud risks associated with various payment technologies in Nigeria.
Another significant change introduced by the Amendment Act is the requirement for customers engaging in electronic financial transactions to furnish their National Identification Number (NIN) for identity verification. This mandate aims to streamline the identification and tracking of defaulters or perpetrators, enhancing the security of electronic transactions.
Moreover, the Amendment Act emphasized the protection of specific traffic data and subscriber information, aligning with the Nigeria Data Protection Act (NDPA). Service providers are now obligated to retain and protect specified data to ensure the security of digital assets.
The establishment of Sectoral Computer Emergency Response Teams (CERT) and Sectoral Security Operation Centres (SOC) under the Amendment Act is another crucial development. These sectoral teams work in collaboration with the National CERT to respond swiftly to cyber threats and protect the national cyberspace.
Additionally, the Amendment Act clarified the cybersecurity levy imposed under the previous legislation, ensuring transparency in the administration and auditing of the cybersecurity remittances. The Act also introduced severe penalties for non-compliance, including fines based on the annual turnover of the defaulting business and potential closure of operational licenses.
Legal experts and activists have hailed the Amendment Act as a significant stride in Nigeria’s battle against cybercrimes and the protection of its digital domain. The removal of ambiguous and draconian provisions, such as Section 24(1) of the 2015 Act, has been particularly lauded for safeguarding freedom of expression and curbing government abuse of power.
While the Amendment Act represents a positive step towards enhancing cybersecurity and combating cybercrimes in Nigeria, effective collaboration between government agencies, private enterprises, and individual Nigerians remains crucial for successful implementation. By upholding the principles of transparency, accountability, and protection of fundamental rights, Nigeria can further strengthen its digital future and ensure a safe cyber environment for all its citizens.