E-COMMERCE, CYBERCRIME, CYBERSECURITY AND CYBERSECURITY LEVY – NIGERIA PERSPECTIVE (PART 2)
In Part 1 of this write-up, we focused on the emergence of e-commerce as well as the relationship of e-commerce to cybercrimes. In Part 2 of our series E-COMMERCE, CYBERCRIME, CYBERSECURITY AND CYBERSECURITY LEVY – NIGERIA PERSPECTIVE, we shall focus on Nigeria’s legal framework for cybersecurity as well as the cybersecurity levy which will soon become a feature of Nigeria’s tax system.
4 Cybersecurity levy – Nigeria’s legal framework on cybersecurity
Although advanced countries have formal cybercrime laws for several decades, Nigeria had none until May 15, 2015 when the Nigeria’s Cybercrimes (Prohibitions, Prevention, etc.) Act was signed into Law by President Goodluck Ebele Jonathan. This Act was amended in 2024 with the Cybercrimes (Prohibition, Prevention, etc) (Amendment) Act 2024 signed by President Bola Ahmed Tinubu on March 28, 2024. The objectives of the Nigeria’s Cybercrimes Act (as amended to date) are to: • Provide an effective and unified legal, regulatory, and institutional framework for the prohibition, prevention, detection, prosecution, and punishment of cybercrimes in Nigeria. • Ensure the protection of critical National infrastructure, and • Promote cybersecurity and the protection of computer systems and networks, electronic communications data and computer programs, intellectual property, and privacy rights.
To generate funds that will assist Nigeria to create and sustain robust national Cybersecurity policies and infrastructures, Section 44 (1) established a Fund known as the National Cybersecurity Fund (“The Fund”). Section 44 (2) of the Act 2015 provides “There shall be paid and credited into the Fund established under section (1) of this section and domiciled in the Central Bank of Nigeria: (a) A levy of 0.005 of all electronic transactions by the businesses specified in the second schedule to this Act. (b) grants-in-aid and assistance from donor, bilateral and multilateral agencies; (c) all other sums accruing to the Fund by way of gifts, endowments, bequest or other voluntary contributions by persons and organizations: Provided that the terms and conditions attached to such gifts, endowments, bequest or contributions will not jeopardize the functions of the Agency; (d) such monies as may be appropriated for the Fund by the National Assembly; and (e) all other monies or assets that may, from time to time accrue to the Fund.
The Second schedule of the 2015 Act listed the following as businesses which section 44 (2)(a) refers to: (a) GSM Service providers and all telecommunication companies. (b) Internet service providers. (c) Banks and other Financial Institutions. (d) Insurance companies.
(e) Nigerian Stock Exchange. The Cybercrimes (Prohibition, Prevention, etc) (Amendment) Act 2024 amended Section 44 of the 2015 Act by substituting a new paragraph “(a)” as follows: “(a)” a levy of 0.5% (0.005) equivalent to a half percent of all electronic transactions value by the business specified in the Second Schedule to this Act”.
OR&C Consultants Thoughts
The Cybercrimes (Prohibitions, Prevention, etc) Act (as amended to date) provides that the 0.5% levy is to be paid by “businesses listed in Schedule A of the Principal Act”. There was no mention of individuals or companies outside those listed in Schedule 2. It is understandable why some individuals and organizations are asking the Central Bank of Nigeria (CBN) to provide the legal authority that made them issue the circular PSM/DIR/PUB/017/004 dated May 6, 2024 directing all commercial, merchant, non-interest and payment service banks, other financial institutions, mobile money operators and payment service providers to deduct from all electronic transactions a levy of 0.5% (0.005) equivalent to a half percent of the amount of the electronic transaction and to remit same to the National Cybersecurity Fund (NCF) which shall be administered by the Office of the National Security Adviser (ONSA).
There is need for the National Assembly and the Nigerian Courts to issue rulings as to whether the cybersecurity levy extends to individuals and businesses not mentioned in Schedule 2 of the Act. The Central Bank of Nigeria (CBN) will do well to seek such clarifications. In the alternative, individuals, businesses, and civil society organizations may approach the courts for proper interpretation.
On Thursday May 9, 2024 members of the House of Representatives asked the Central Bank of Nigeria to withdraw the circular directing financial institutions to commence implementation of the 0.5 per cent cybersecurity levy, describing it as “ambiguous”. The development was in response to a motion on the urgent need to halt and modify the implementation of the cybersecurity levy, moved by a member of the House. According to the House, the CBN is to withdraw the initial circular, and “issue a more understandable one”. The House then expressed worry, that the Act would be implemented in error if immediate steps were not taken, to address the concerns around the interpretation of the CBN directive and the Cybersecurity Act.
During the week beginning May 13, 2024, it was reported that the Nigerian Presidency has directed the National Security Adviser (NSA) to suspend the implementation of the cybersecurity levy. While this may provide relief to individuals and businesses who may be affected by the implementation of the CBN directive, that does not solve the problem. The Cybercrimes Act is a good legislation. The push to establish and generate funds to support cybersecurity efforts is laudable. The Act is clear on who should contribute to the Fund. The CBN directives seems to extend beyond the provisions of the Act. We recommend a harmonization of policies so that this laudable piece of legislation is not rendered useless.