In a circular dated 6th May 2024, the Central Bank of Nigeria (CBN) released implementation guidance on the collection and remittance of the National Cybersecurity Levy ("the levy"). Subsequently, the government suspended the implementation of the levy via its circular of 17th May, 2024, following widespread concerns expressed by stakeholders.
As businesses continue to expand their reach and significantly increase their use of technology, the risks must be weighed against the benefits of technology usage. Increased exposure to cyberattacks and data breach incidents necessitate improved measures to combat these issues and mitigate the resulting risks from these incidents. The Cybercrimes (Prohibition, Prevention, Etc) Act 2015 ('the Act") was passed in 2015 and part of its intended objectives was to cater to this concern. It also provides a legal and regulatory framework for the prohibition, prevention, detection, and prosecution of cybercrimes in Nigeria. Some of the key provisions of the Act include the protection of critical national information infrastructure, and the establishment of a Cybercrime Advisory Council. Section 44 of the Act, specifically provides for the establishment of a National Cybersecurity Fund (NCF) and Section 44(2a) had stipulated a levy of 0.005 on electronic transactions as one of the sources of funding to the NCF. The accounts and records of the NCF are to be overseen by the Office of the National Security Adviser. In February 2024, the Act was amended by an Amendment Act . The Amendment provided clarifications to some provisions of the Act and made inclusions to address omissions noted in the Act. One of the key clarifications was a proper definition of the cybersecurity levy to be 0.5% (0.005) on all electronic transactions value by applicable businesses. This article considers the evolution of the Act, issues around legality and its implementation and subsequent suspension.
Implementation of the Cybersecurity Levy
Despite the Act having been in existence since 2015, its provisions had not been implemented, due to ambiguities noted in the provisions of the Act. Following the 2024 amendment which addressed the gaps noted in the Act, the amendment and subsequent implementation guidance were aimed at addressing these gaps and allowing the government kickstart implementation. The CBN thus issued a circular in May 2024 to provide implementation guidance to banks and other financial institutions. Specifically, the circular cites the amendment of Section 44(2) (a) as follows "there shall be paid and credited into the Fund established under subsection (1) of this section and domiciled in the Central Bank of Nigeria: A levy of 0.5% (0.005) equivalent to a half percent of all electronic transactions value by the businesses specified in the second schedule to this Act". The applicable businesses are:
- GSM Service providers and all telecommunication companies;
- Internet Service Providers;
- Banks and other Financial Institutions;
- Insurance Companies;
- Nigerian Stock Exchange.
Via the circular, the CBN required the relevant institutions to commence implementation and ensure compliance.
Legality and Constitutionality of the Administration of the Levy
Amidst the controversy surrounding the implementation of the cybersecurity levy such as the timing, a major question is whether or not the administration of cybersecurity levy is consistent with the Constitution of the Federal Republic of Nigeria, 1999. Section 162 of the Constitution provides that "The Federation shall maintain a special account to be called "the Federation Account" into which shall be paid all revenues collected by the Government of the Federation, except the proceeds from the personal income tax of the personnel of the armed forces of the Federation, the Nigeria Police Force, the Ministry or department of government charged with responsibility for Foreign Affairs and the residents of the Federal Capital Territory, Abuja." The requirement of the levy to be paid to the NCF and administered by the office of the National Security Adviser (NSA) therefore appears to be in conflict with the provisions of the Constitution.
Additionally, Section 2 of the Federal Inland Revenue Service (Establishment) Act (FIRSEA) provides that the "the object of the Service shall be to control and administer the different taxes and laws specified in the First Schedule or other laws made or to be made, from time to time, by the National Assembly or other regulations made thereunder by the Government of the Federation and to account for all taxes collected".
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.