Nigeria’s Cybercrime Reform

The Nigeria Cybercrimes (Prohibition, Prevention, etc.) (Amendment) Act 2024, signed into law on February 28, 2024, aims to strengthen the legal framework for combating cybercrimes in the country, particularly in response to evolving threats. The amendment addresses gaps in the original 2015 act, broadens the scope of offenses, and enhances the nation’s capacity to address cybercrime.

The amendment bill was sponsored by Sen. Shehu Buba (APC, Bauchi South), and specifically seeks to amend section 44 of the Cybercrime Act and to review the legislation of the Act to stop Internet related crimes.

Key Changes in the Amended Cybercrime Act

1. Expanded Surveillance Powers
   • Security agencies can now intercept communications without a court order in “urgent” cases.
   • Telecom companies must retain user data for longer periods, raising concerns about mass surveillance.
2. Stricter Online Speech Controls
   • The law now criminalizes “false” or “misleading” posts—critics say this could be used to silence journalists and activists.
   • Social media companies could be fined or blocked if they fail to take down “offensive” content quickly.
3. Heavier Penalties for Cybercrimes
   • Hacking, identity theft, and online fraud now carry longer jail terms (up to 10 years).
   • Unauthorized crypto transactions face stricter punishments, affecting fintech startups.
4. New Rules for Banks & Tech Firms
   • Financial institutions must report suspicious transactions within 24 hours.
   • Tech companies may be forced to hand over user data without transparency safeguards.
5. Unconsented Phone Recording: A cybercrime under section24 of the cybercrime act 2015 recently amended
   • This section makes it an offense to wilfully intercept or access electronic communication without authorization. This could include recording a conversation without the consent of all parties involved
   • Violations of Section 24 can lead to fines (up to N7 million) and imprisonment (up to 3 years). 
   • The Cybercrime Act also addresses unauthorized access and modification of computer data, which could apply in situations where recorded conversations are illegally shared or altered. 

The Nigeria Cybercrimes (Prohibition, Prevention, etc.) (Amendment) Act 2024 marks a significant advancement in the country’s efforts to combat cybercrime and enhance cybersecurity. By addressing gaps in the original 2015 legislation, this amendment broadens the scope of offenses, imposes stricter penalties, and strengthens oversight mechanisms to ensure that financial institutions, tech companies, and individuals adhere to cyber regulations.

A particularly notable aspect of the amendment is its expanded surveillance powers, which grant security agencies the authority to intercept communications in urgent situations without a court order. While this provision may enhance law enforcement capabilities in addressing cyber threats, it raises concerns about privacy rights and the potential for misuse. Similarly, the requirement for telecom companies to retain user data for extended periods fuels debates over mass surveillance and individual freedoms.

The Act also introduces more stringent controls over online speech by criminalizing false or misleading posts. While this measure aims to curb misinformation and digital fraud, critics argue that it could be leveraged to suppress journalistic integrity and free expression. Additionally, social media platforms face increased liability, as failure to promptly remove offensive content may result in fines or restrictions.

Financial crimes and unauthorized digital transactions now carry heavier penalties, reinforcing efforts to deter cyber fraud and other illicit activities. Offenses such as hacking, identity theft, and online fraud could result in longer prison sentences, while unauthorized cryptocurrency transactions are subject to stricter regulations, potentially impacting fintech innovations and businesses operating in Nigeria’s digital economy.

Moreover, the amendment places greater responsibilities on banks and tech firms, requiring financial institutions to report suspicious transactions within a short timeframe and compelling technology companies to provide user data without sufficient transparency safeguards. These provisions aim to improve cyber accountability but simultaneously pose risks related to data security and user privacy.

Section 24 of the Act specifically addresses unauthorized phone recordings, making it a cybercrime to intercept or access electronic communications without authorization. The penalties for violations—fines up to N7 million and imprisonment of up to three years—underscore the government’s commitment to protecting digital interactions from unlawful interference.

Overall, the Cybercrimes Amendment Act 2024 reflects Nigeria’s resolve to strengthen its legal framework and adapt to the evolving cyber threat landscape. However, its implementation must strike a delicate balance between security enforcement and individual rights. As cybersecurity remains a growing concern in the digital age, continuous legislative reviews and stakeholder engagement will be essential to ensuring that the law effectively safeguards Nigeria’s cyberspace while upholding democratic principles and technological innovation.With the Cybercrimes (Amendment) Act, Nigeria’s legal reach against cybercrime has expanded considerably. This vital update ensures that no entity, public or private, can leverage deficiencies in the original law to endanger the nations cyber landscape. As cyber treats continue to evolve, this amendment is poised to protect Nigeria from digital dangers and propel the country towards a more secure online future.