Hamu Legal - LogoHamu Legal - LogoHamu Legal - LogoHamu Legal - Logo
  • Home
  • Who We Are
    • Our Difference
    • Our Culture
    • 5th Anniversary
  • Our Services
    • Industries
    • Practice Areas
  • Insights
    • Insights
    • Events
  • Careers
  • Contact Us
    • Send Feedback
✕

Highlights of Cybercrimes (Prohibition, Prevention, etc.) (Amendment) Act, 2024

Published by Hamu Legal

The Cybercrime Bill No SB 188 was signed into law on  February 28, 2024, which amended the Cybercrimes (Prohibition, Prevention, etc.) (Amendment) Act ( the “Act”).

The amendment which has already taken effect imposes new obligations on certain types of online services providers and technology companies. It also further defined the role of the  Office of the National  Security Adviser in protecting the National cyberspace through the Computer Emergency Response Team (“CERT”) and Security Operation Centers (SOCs).

We have included below the amendments and regulatory compliance steps needed.

Reporting cyber threats within 72 Hours to Sectoral CERTs

The Act places an obligation on any person who notices any attack, intrusion, or disruption in the functioning of a computer system or network to report such an incident to the National CERT within 72 hours of its occurrence through its sectoral  CERTS or Security Operation Centres.

The Act has mandated for sectoral CERTS and Security Operation Centers (SOC’s) to be created which all organisations across the various sectors are required to report cyber threat incidents to within 72 hours. The introduction of sectoral CERTS  has decentralised the reporting process for cyber threats, and each sector may consequently issue an implementation guideline for compliance. Failure to report an incident to the sectoral CERT or SOC within 72 hours will make a person liable to a mandatory fine of ₦2,000,000, which shall be paid into the National Cyber Security Fund.

Liability for Identity Theft  Impersonation and Conspiracy to Commit to Fraud

The previous Act limited the scope of liability for identity theft to only employees in financial institutions. The amended Sections 22 and 27 now indicate that identity theft and conspiracy to commit fraud using computers cover workers in all sectors beyond just financial service institutions.

Therefore, any employee, regardless of the industry, leveraging their specialised knowledge, who engages in identity theft, which involves fraudulent use of electronic signature, impersonating an entity or person, and obtaining a property with false pretence will be guilty of identity theft. Upon conviction, an offender may be liable to imprisonment or a fine for a term of not more than five years, or a fine of not more than N7,000,000.00 respectively.

Clear Scope for Cyberstalking

The Amendment clearly includes the sharing of pornography and false information with the intent to bully, cause annoyance or breakdown of law and order as cyberstalking.  This reflects the evolving landscape of digital communication and its potential consequences. Whereas the previous Act gave a broad categorization for cyberstalking to – “grossly offensive, indecent or of an obscene and menacing character”. Any person guilty of cyberstalking will be liable on conviction to a fine of not more than ₦7,000,000.00 or imprisonment for a term of not more than 3 years or to both such fine and imprisonment.

Mandatory Presentation of National Identification Number (NIN) for KYC

Every financial institution is required to verify the identity of its customers carrying out transactions by requesting customers to present their National Identification Number (NIN) before executing any customer’s instructions. Any financial institution that fails to comply with this requirement to obtain NIN shall be liable to prosecution and a fine of N5,000,000.

In compliance with this section, the sectoral regulator for financial institutions, the Central Bank of Nigeria, has also issued further guidelines for compliance, mandating financial institutions and account holders to use the Bank Verification Number (BVN) and NIN for account openings and verification. In particular, all Tier 1 account holders must now have BVN and/or NIN before opening accounts with any bank or financial institution. The deadline for compliance by all current account holders was slated for March 1, 2024, subsequent upon which all non-compliant accounts will be placed on “Post no debit or credit” and no further transactions permitted.

Electronic Transaction Levy for the National Cyber Security Fund

The Act clarifies the electronic transaction levy which previously reflected as 0.005% with additional consequences for non-compliance and administration of the fund.

All GSM Service Providers, telecommunication companies, Internet Service Providers, Banks and other Financial Institutions, Insurance Companies and the Nigerian Stock Exchange are required to remit 0.5% of all electronic transactions within 30 day(s) to the National Cyber Security Fund to be domiciled in the Central Bank of Nigeria. Any business that fails to remit the levy shall be liable upon conviction to a fine not less than 2% of its annual turnover,  closure of the business or the withdrawal of its operating licence.

As of this date, only the Central Bank of Nigeria has issued guidance notice on the implementation of the levy and we expect further guidance from the Nigeria Communications Commission, the Securities and Exchange Commission and the National Insurance Commission.

The amendment also authorises the Office of the National Security Adviser to not only keep a record of the funds but shall also be responsible for its administration.

Removal of Asset Forfeiture and Passport Cancellation Provisions

The Amendment removes the provision of Section 48(4) of the Principal Act. The deleted section provided that convicted individuals under the Act will have their international passports cancelled. The section also provided that foreigners convicted under the Act will have their passports withheld and only returned to them after the completion of their sentence or payment of the fines imposed on them for the offence.

The removal of this provision signals a more justiciable stance, towards combating cybercrime and preservation of the fundamental human rights of both citizens and foreigners.

Data Protection and Routing Obligations to Sectoral CERTs for Service Providers and Organisations respectively

The Act places an obligation on service providers to comply with the provisions of the Nigeria Data Protection Act and other regulations that govern communication services in Nigeria to keep and safeguard traffic data. It also provides that service providers shall keep all traffic data and subscriber information for two years.

Another fascinating innovation of the Act is that it mandates all organisations across every sector to direct their internet data and traffic to sector-specific SOCs as a strategy for protecting national cyberspace.

Conclusion

The Cyber Crimes Amendment Act of 2024 introduces significant changes aimed at modernising and strengthening the Nigerian legal framework for addressing cybercrimes. These changes are crucial as they address emerging trends in cybercrimes, reflecting the evolving landscape of digital communication and cybersecurity threats. From broadening the scope of liability for identity theft to imposing stricter measures for electronic transaction levies, these amendments are a necessary response to the ever-changing nature of cybercrimes.

Overall, the Act represents a step forward in addressing the challenges posed by cybercrimes while highlighting the need for continued vigilance and compliance with the new regulatory requirements by companies and citizens.

For any questions or clarification, please reach out to me at awuese@hamulegal.com or cosec@hamulegal.com

Share
Hamu Legal
Hamu Legal

Newsletter

Gain access to regular legal insights

Useful Links

  • Privacy Policy
  • About Us
  • Our Services
  • Our People
  • Insights
  • Join Our Team

Stay Connected

Follow us on our various social media platforms to remain up-to-date on recent firm developments, industry trends and legal news from across Africa.

Hamul Legal - facebook Hamul Legal - twitter Hamul Legal - linkedin Hamul Legal - Instagram Hamul Legal - medium

© 2024 Hamu Legal. All Rights Reserved. | Branded by Yox Novero