Updates On The Recent Activities And Other Developments At The National Information Technology Development Agency (NITDA)

• NITDA has warned organisations and individuals about a new AI-powered malware, “Deep Load,” currently targeting entities across Nigeria. The agency noted that the malware is designed to steal sensitive information, evade traditional antivirus systems, and maintain persistent access to infected devices. The advisory underscores the need for stronger cybersecurity compliance measures, including staff awareness, multi-factor authentication, secure password practices, monitoring of suspicious activities, and prompt incident response procedures. NITDA’s warning highlights the growing importance of proactive cybersecurity governance and continuous vigilance in protecting sensitive systems and data from evolving cyber threats. See the link to the update here: (https://punchng.com/nitda-warns-of-ai-malware-targeting-nigerian-institutions)/
• NITDA has urged organisations to stop concealing cyberattacks, warning that failure to share threat intelligence increases risks within Nigeria’s interconnected digital ecosystem. The agency stressed that cyber incidents affecting one organisation can expose others to significant vulnerabilities, particularly within the financial and digital services sectors. The development follows an ongoing investigation by the NDPC into an alleged data breach involving sensitive customer information at Sterling Bank. According to the Commission, organisations operating digital platforms without adequate technical and organisational safeguards may face increased regulatory scrutiny. The incident underscores the growing importance of cybersecurity compliance, timely incident response, and effective data protection measures. Organisations are therefore encouraged to strengthen internal security frameworks, improve breach response procedures, and promote responsible information sharing to mitigate evolving cyber risks. See the link to the update here: (https://punchng.com/nitda-urges-firms-to-disclose-cyberattacks-promptly/)
• NITDA and the CAC have intensified efforts to strengthen cybersecurity across government digital infrastructure following recent concerns involving public and private sector systems. In line with the National Cybersecurity Policy and Strategy (NCPS) 2021, NITDA directed all Ministries, Departments, and Agencies (MDAs) to review and reinforce their cybersecurity frameworks, conduct security assessments, address identified vulnerabilities, strengthen access controls, and improve incident response mechanisms. The directive further highlights the growing regulatory emphasis on proactive cybersecurity compliance, data protection, and resilience within public sector institutions. Organisations are also expected to maintain effective monitoring, backup, and disaster recovery systems, while ensuring prompt reporting of cybersecurity incidents for coordinated response efforts. See the link to the update at: (https://www.premiumtimesng.com/business/business-news/872747-nitda-cac-activate-)
• National Information Technology Development Agency guidelines on government website standards appear to have been breached by the Kogi State Ministry of Information and Communications after an incomplete phone number was published on the ministry’s official website. An investigation by the Foundation for Investigative Journalism revealed that the ministry listed only the prefix “080” as its contact number, making it impossible for members of the public to reach the agency. Under the NITDA Standards and Guidelines for Government Websites issued pursuant to the NITDA Act 2007, government institutions are required to provide a functional phone number and a monitored email address on their websites for public engagement. The incomplete contact information was found on the ministry’s contact page at the State Secretariat in Lokoja, raising concerns about compliance with digital governance standards and accessibility. Ironically, the ministry responsible for managing government communication and online presence in Kogi State has itself failed to meet a key transparency and communication requirement. See the link to the update at: (https://fij.ng/article/kogi-violates-nitda-guidelines-by-listing-unusable-phone-no-on-official-website/)
• Adamawa State Government has come under scrutiny for publishing incomplete and non-functional phone numbers on its official website, a development that appears to contravene National Information Technology Development Agency guidelines for government websites. A check by the Foundation for Investigative Journalism found that the website, adamawastate.gov.ng, displays incomplete contact numbers such as “+234 809” and “(+234) 8099”, both of which fall short of the standard Nigerian mobile number format and could not be reached when dialed. The defective contact details appear prominently across the website, including in the header, footer and dedicated contact page, limiting citizens’ ability to communicate with the state government. Under NITDA’s Standards and Guidelines for Government Websites, public institutions are required to provide functional contact information to promote accessibility, transparency and effective public engagement. See the link update at: (https://fij.ng/article/adamawa-violates-nitda-guidelines-lists-incomplete-phone-numbers-on-official-website/)
• Plateau State Government has been accused of breaching Nigeria’s data protection and digital governance regulations by collecting citizens’ personal information on its official website without providing an accessible privacy policy. Checks conducted on the state government’s website revealed that the “Privacy Policy” link on the platform is non-functional, preventing users from accessing information on how their personal data is collected, stored or shared. This appears to violate the Nigeria Data Protection Commission framework under the Nigeria Data Protection Act (NDPA) 2023, which requires every data controller or processor to publish a clear and accessible privacy policy before collecting personal data. The law mandates that such notices explain the purpose of data collection, retention periods and the rights of data subjects. The issue also raises concerns under the National Information Technology Development Agency Website Management Guidelines 2019, which require government websites to display visible privacy notices detailing how user information will be managed and disclosed. Despite these obligations, the Plateau State Government website continues to collect user data without a functional privacy policy page. See the link to the update at: (https://fij.ng/article/plateau-violates-data-laws-by-collecting-citizens-details-without-)
• The National Information Technology Development Agency has partnered with Galaxy Backbone Limited to launch a subsidised sovereign cloud initiative aimed at helping Nigerian startups reduce infrastructure costs and overcome foreign exchange challenges. Implemented through the Office for Nigerian Digital Innovation, the programme will allow startups on the iHatch platform to access locally hosted cloud services on the Galaxy Cloud Platform (GxCP) with payments made in naira instead of dollars. NITDA Director-General, Kashifu Inuwa Abdullahi, said the initiative is designed to reduce the financial burden of infrastructure on startups, while improving data security and compliance through local hosting. The programme also adopts a milestone-based model to ensure efficient use of cloud resources as startups grow. See the link to the update at: (https://www.vanguardngr.com/2026/05/nitda-galaxy-backbone-move-to-fix-startup-)

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.