NIGERIA'S CYBERCRIME (AMENDMENT) ACT 2024

The Act, its full name being the Cybercrimes (Prohibition, Prevention, Etc) (Amendment) Act, 2024 amends the Cybercrimes (Prohibition, Prevention, etc.) Act 2015 by inserting some consequential words that were inadvertently omitted in the Act; and for related matters.

Therefore, it amended sections 17, 21, 22, 24, 27, 30, 37, 38, 41, 44, 48.

Background

The Cybercrime Act, originally enacted in 2015, provides an effective, unified, and comprehensive legal, regulatory, and institutional framework for the prohibition, prevention, detection, prosecution, and punishment of cybercrimes in Nigeria. It also protects critical national information infrastructure, computer systems and networks, electronic communications, data and computer programs, intellectual property, and privacy rights, and promotes cybersecurity.

This 2024 Amendment upholds the same objectives regardless of adding "consequential words that were omitted".

Amendments

True to its objectives, words were replaced or added. For instance;

• In Section 17(1)(b), the word "genius" was replaced by "genuineness".
• Section 21(1) now reads, “Any person or institution, who operates a computer system or a network, whether public or private, must immediately inform the National Computer Emergency Response Team (CERT) Coordination Center through their respective sectoral CERTS or sectoral Security Operations Center (SOCs) of any attacks, intrusions and other disruptions liable to hinder the functioning of another computer system or network, so that the National CERT can take the necessary measures to tackle the issues”.

AND such other minor adjustments to sections 22, 24, 27, 30, 37, 38, 41, 44, 48. The most interesting is Section 44.

Section 44 of the Cybercrime Act

In the 2015 Act, the National Cybersecurity Fund, a levy of 0.005 of all electronic transactions by specified businesses, was established. All other monies deposited into this fund are meant to be voluntary, income tax-free, and deposited directly to CBN by the specified businesses within 30 days. The fund, administered by the National Security Advisor, would undergo regular audits.

The 2024 Cybercrime Amendment Act changed subsections (1) and (6) of section 44. The change reads;

• "(1) a levy of 0.5% (0.005) equivalent to a half percent of all electronic transactions value by the business specified in the Second Schedule to this Act"
• “(6) The Office of the National Security Adviser shall administer, keep proper records of the accounts, and shall ensure compliance monitoring mechanism.”
• “(7) The account of the Fund shall be audited per guidelines provided by the Auditor General for the Federation”
• “(8) A business specified in the Second Schedule to this Act that fails to remit the levy under section 44(2)(a) of this Act commits an offense and is liable on conviction to a fine of not less than 2% of the annual turnover of the defaulting business and failure to comply shall lead to closure or withdrawal of the business operational license.”

The 2015 Act in its Second Schedule specifies the businesses referred to by section 44 (2)(a). They are;

• GSM Service providers and all telecommunication companies
• Internet Service Providers
• Banks and other Financial Institutions
• Insurance Companies
• Nigerian Stock Exchange.

Here’s the problem, and why you should care

The 2015 and 2024 Acts agree that;

• Only the companies listed above are to pay the 0.5% Cybersecurity Levy.
• The National Security Adviser administers the Fund
• CBN’s only responsibility is as the Fund account holder.
• The Levy is 0.5% of ALL transactions and is paid within 30 days.

The Central Bank of Nigeria, on 6 May 2024, issued a circular that went beyond its powers (ultra vires) as granted by both Acts. Here’s how;

According to CBN, sixteen transaction types are exempt from paying the Cybersecurity levy, and a deduction of the levy will be applied at the point of electronic transfer origination and then remitted by the financial institution. By this alone, CBN, by omission, implies that;

• Everyone who initiates a funds transfer will pay the 0.5% levy, instead of the few listed companies
• The levy will be deducted upon every transaction, rather than being 0.5% of ALL transactions within 30 days, as the Acts say
• All transactions by everyone, except the sixteen categories CBN outlined, are subject to the levy deduction.

The sixteen transactions exempt from the 0.5% cybersecurity levy according to CBN are;

• Loan disbursements and repayments
• Salary payments
• Intra-account transfers within the same bank or between different banks for the same customer
• Intra-bank transfers between customers of the same bank
• Other Financial Institutions instructions to their correspondent banks
• Interbank placements
• Banks’ transfers to CBN and vice-versa
• Inter-branch transfers within a bank
• Cheque clearing and settlements
• Letters of credits
• Banks’ recapitalisation-related funding – only bulk funds movement from collection accounts
• Savings and deposits, including transactions involving long-term investments such as treasury bills, bonds, and commercial papers
• Government social welfare programmes transactions e.g. pension payments
• Non-profit and charitable transactions, including donations to registered non-profit organizations or charities
• Educational institutions’ transactions, including tuition payments and other transactions involving schools, universities, or other educational institutions
• Transactions involving the bank’s internal accounts such as suspense accounts, clearing accounts, profit and loss accounts, inter-branch accounts, reserve accounts, nostro and vostro accounts, and escrow accounts.

I think this circular did not convey the literal intent of the Acts and can be deemed misleading. The economic turmoil in Nigeria will only be heightened by its verbatim implementation, but, “who will tell CBN that her circular is ridiculous?”

What do you think of the Cybercrime Act 2015, its 2024 Amendment, the Cybersecurity Levy, and the CBN Circular?

About Legal Bytes

We are Adune Legal’s weekly Newsletter, which simplifies the Law for Busy Executives, Entrepreneurs, and Tech Enthusiasts interested in the legal aspects of Business, Technology, and Intellectual Property.

Stay ahead in the evolving legal landscape with expert analysis and updates.

Subscribed

We love emails from our readers— reply to this email and let us know your thoughts and suggestions.

WAIT!!!

Become a paid subscriber and access;

• Live Q&A sessions on Substack
• Detailed Legal Templates and examples to save you time and legal fees
• Expert Interviews and Case Studies

We're excited to announce that subscribers can access Live Q&A sessions every Wednesday. It’s an excellent opportunity for our community to interact and get answers to their legal questions. Don't miss out on this perk - subscribe today and start enjoying it!

Thanks for reading Legal Bytes

Adune Legal’s Team

P.S. Like Legal Bytes? Please forward us to a friend.

P.P.S. Was this publication forwarded to you? Sign up here & see previous publications.