(a) Internet (e-commerce) and (b) Mobile (m-commerce)
The following regulations apply to te-commerce and mobile commerce:
- The Mobile Money Guidelines 2015 apply to companies that provide mobile payment services.
- The Guidelines on the Operation of Electronic Payments 2016 regulate payments made from automated teller machines, point of sale machines and mobile point of sale devices, as well as those made via the Internet.
- The Guidelines on International Money Transfers 2014 prohibit persons and institutions from providing international money transfer services without a licence from the Central Bank of Nigeria (CBN), upon application to the director of the Trade and Exchange Department. It also sets out requirements for overseas partnerships. Fintech companies operating in the e-commerce and m-commerce sectors must be licensed by the CBN under the terms and conditions set out in the guidelines before they can operate. Some fintechs have therefore partnered with licenced organisations and use their platforms to carry out their transactions.
(c) Big data (mining)
Big data is largely regulated by the Data Protection Regulation 2019, which seeks to protect the personal data of all Nigerians and non-Nigerian residents in Nigeria. The scope of the regulation includes all transactions intended for the processing of personal data of natural persons in Nigeria; it also applies to natural persons residing in Nigeria and those of Nigerian descent residing outside Nigeria.
One legal issue regarding big data and the Data Protection Regulation is speculation on the applicability of the regulation, as the regulation is regarded as subsidiary legislation.
(d) Cloud computing
The provision of cloud services is not currently regulated in Nigeria. While data centres are primarily considered IT infrastructure, the connectivity to the data centre falls within the purview of the Nigerian Communications Act 2003 and the regulatory authority of the Nigerian Communications Commission (NCC).
While there is currently no licence requirement for the provision of cloud services, the NCC is developing a ‘managed services’ licensing framework.
However, the following laws and regulations can be said to apply to the provision of cloud services:
- the Nigerian Communications Act 2003;
- the Data Protection Regulation 2019; and
- the CyberCrimes Prohibition, Prevention etc Act 2015.
That said, given that cloud services are not regulated at present, foreign companies would have no obligations under these laws from a regulatory compliance perspective.
(e) Artificial intelligence
Artificial Intelligence (AI) is not regulated in Nigeria. Nonetheless, start-ups and established banks in Nigeria are making significant progress in AI-fintech development. For example, most banks in Nigeria now use AI-powered bots to assist customers with opening accounts, transferring funds and lodging complaints.
(f) Distributed ledger technology (Blockchain, cryptocurrencies)
Nigeria is yet to introduce a legal framework for cryptocurrencies or blockchain platforms. In January 2018 the CBN issued a statement warning the public against trading in digital assets and described such activities as a “gamble”. In 2018 the Securities and Exchange Commission (SEC) also issued a statement warning crypto traders to exercise caution when engaging in crypto activities, as cryptocurrencies are not a regulated currency.