Nigeria’s Contested Cybersecurity Levy

On May 6, 2024, the Central Bank of Nigeria (CBN) sent ripples through the nation’s financial sector, imposing a 0.5 per cent cybersecurity levy on all electronic transactions. This decision came days after the National Security Adviser, Nuhu Ribadu, called for the full implementation of Cybercrime (Prohibition, Prevention, etc.) Act 2024, amended. This move, intending to bolster the country’s cyber defences, has sparked a heated debate, pitting the government’s security concerns against public anxieties over rising costs and potential economic drawbacks. The 2024 amendment to the Cybercrimes Act, as detailed in Section 44 (2)(a), introduces a charge of 0.5 per cent, or one-half of one per cent, on the total value of electronic transactions conducted by the companies listed in the Act’s second schedule. This group encompasses a range of enterprises, including telecommunications firms, mobile network operators, internet service providers, financial institutions like banks, insurance providers, and the Nigerian Stock Exchange. Subsequently, the levy will be remitted to the National Cybersecurity Fund (NCF), administered by the Office of the National Security Adviser (ONSA).

Proponents of the levy highlight Nigeria’s vulnerability in the digital age. Cybercrime is a growing threat, with phishing scams, malware attacks, and financial fraud plaguing individuals and businesses alike. The CBN argues that the levy will create a dedicated fund to invest in robust cybersecurity infrastructure, enhance cybercrime investigation capabilities, and promote public awareness campaigns. They also contend that this will create a safer digital ecosystem for all Nigerians. However, critics of the levy are numerous and vocal. The most immediate concern is the effect on the electronic transactions. A drop in electronic transactions will mean increased cash transactions, potentially stifling Nigeria’s growth in the digital age. An unnamed CEO from a Fintech firm asserted in an interview, “This is exhausting and annoying. We’re going to wait for more details from the relevant regulators. To be honest, if this policy is enforced, it could have significant consequences for the economy.” Businesses also express apprehension, fearing the levy could stifle electronic transactions, a vital driver of the modern economy.

Transparency and accountability regarding the levy’s usage are further points of contention. Sceptics question whether the collected funds will be efficiently channelled towards actual cybersecurity improvements. The lack of clear communication from the CBN regarding the allocation and oversight of the levy fuels public distrust. Legal challenges are also brewing. Some critics argue that the provision contravenes the overall objectives of the Nigerian Constitution 1999 (as amended), specifically section 14(2)(b), which provides that ‘the security and welfare of the people shall be the primary purpose of government’. Some also argue that the levy contradicts previous government assurances of not introducing new taxes. Others point to Section 44 of the Cybercrime Act 2024, which empowers the president to impose a levy for cybersecurity purposes, but the legality of the CBN’s unilateral action is being debated.

While cybersecurity is a global concern, the chosen approach and its potential economic impact raise questions. The Central Bank of Nigeria (CBN) appears firm in its stance, showing no indication of yielding to public pressure. However, the wave of public disapproval and the looming threat of legal battles could ultimately prompt a reassessment of the levy. One potential outcome is a modification of the existing levy. Given the significant backlash, the CBN may consider reducing the levy or narrowing its application to specific types of transactions. This approach could alleviate the financial burden on ordinary citizens while maintaining the original intent of the levy—to bolster cybersecurity measures. The CBN could defuse some of the mounting public tension by adjusting the scope.

Another strategy to address public concerns involves introducing transparency measures. The CBN could offer a comprehensive plan detailing how the funds from the levy will be allocated and what mechanisms will be in place for oversight and accountability. This transparency might help rebuild public trust and demonstrate that the collected resources are effectively used for cybersecurity improvements. By shedding light on the fund’s management, the CBN could mitigate the scepticism surrounding the levy. Additionally, the possibility of legal challenges could impact the implementation of the cybersecurity levy. Court rulings could play a significant role in shaping the levy’s future. The Socio-Economic Rights and Accountability Project (SERAP) have threatened legal actions against implementing the levy, and any court decisions could either validate or overturn the current policy. If the legal challenges succeed, the CBN might be compelled to change its approach, potentially leading to a complete revocation or a significant alteration of the levy.

In summary, the path forward for the cybersecurity levy is fraught with uncertainty. While the CBN maintains a resolute position, external factors like public outcry and legal scrutiny could drive policy changes. Whether through modification, increased transparency, or court-mandated adjustments, the next steps will be crucial in determining the impact on the economy and public sentiment. The cybersecurity levy saga serves as a reminder of the delicate balancing act governments face in the digital age. While ensuring a secure online environment is crucial, imposing additional burdens on citizens requires careful consideration and a transparent approach. Only time will tell whether Nigeria’s experiment with a cybersecurity levy will ultimately enhance its digital security or become a case study of good intentions gone awry.