The Central Bank of Nigeria’s proposal to implement the Cybersecurity levy, as outlined in the Cybercrimes (Prohibition, Prevention, etc) (Amendment) 2024, has sparked a significant debate. This levy is crucial for our national security and economic infrastructure.
This article is to clarify the amendments to the CYBERCRIMES (PROHIBITION, PREVENTION, etc.) ACT, 2015. These amendments resulted from a comprehensive collaboration between the Senate Committee on National Security & Intelligence, the ICT and Cyber Security Committee, and other stakeholders. This collective effort ensures that the issues are presented accurately, avoiding misinterpretation.
The amendments to the CYBERCRIMES (PROHIBITION, PREVENTION, etc.) ACT 2015 were meticulously carried out with the best interests of our country in mind. They were a response to the urgent need to address critical gaps in the Act and empower our nation to implement the National Cybersecurity Programme effectively. The proposed Cybersecurity levy is a crucial part of this strategy.
Equally, the Committee’s action on the amendments is informed by the urgent need to address the poor funding and the disruptive impact of current and emerging existential cyber threats against national security and critical economic infrastructures. This is not a matter to be taken lightly but requires immediate attention and action.
The CYBERCRIMES (PROHIBITION, PREVENTION, etc.) ACT, 2015, which the amendments made are offshoots of, has had adequate provisions for imposing a cyber security levy since its enactment in 2015. This is not a new concept, but one that has been in place for years. The sole issue that stalled its implementation was the vagueness of Section 44 of the Principal Act, which led to different interpretations until these well-intentioned amendments in 2024.
The Principal Cybercrime Act 2015 also provides the legal framework for the coordination, enforcement, and implementation of the national cybersecurity policy and strategy, critical information infrastructure protection, substantive and procedural legal measures on enforcement of directives on cybersecurity breaches, reporting, investigation of cyber-attack and cybercrime incidences and prosecution of offenders for deterrence purposes.
The complexity in interpreting and applying specific provisions of the Cybercrime Act 2015 stifled national cybersecurity efforts in the face of well-organised cyber syndicates and well-funded terror adversaries.
It is on record that the current Cybercrime Act 2024 amends the Cybercrimes (Prohibition, Prevention, etc) Act. No 17, 2015, to correct some consequential words that were inadvertently omitted in the Act, most specifically, Section 44 of the Principal Act as amended where the ambiguity on the said levy was demystified, thereby putting it “a levy of 0.5% (0.005) equivalent to a half per cent of all electronics transactions value by the business specifies in the Second Schedule to the Act.
It is also on record that many undefined clauses, phrases, and words exist, including “0.005, ” which were the initial ambiguities not well defined in the principal Act and are now resolved in the new law. At the risk of sounding like a broken record, these provisions on cybersecurity levy have been in the principal Act since 2015. Still, the nation could not implement them due to vague interpretations and applications.
It is customary that a public hearing is held before every bill is passed, and the amendment of the Cybercrime Act 2024 was no exception, involving the participation of people from all spheres of human endeavour witnessed in the process. To lend credence to the transparency of the process, the Bill was unanimously passed by the two Houses of the National Assembly, as has been the law and tradition.
Let me reiterate that the lack of funds and non-prioritisation of the National Cybersecurity Programme are major impediments to its implementation in the face of growing domestic cybercrime, global cyber-attacks, and other existential terror threats. Implementing a cybersecurity levy should be a national urgency in the same category as the national food security emergency recently declared by His Excellency President Bola Tinubu.
It is urgently imperative to fund the security of Nigeria’s Critical National Information Infrastructure (CNII), counter-terrorism and violent extremism, strengthen National Security and protect digital economic interests, and fully implement the National Cybersecurity Programme through the operationalisation of the National Cybersecurity Fund by all regulators and businesses specified in the Second Schedule of the Act.
I am confident that the judicious use of the cybersecurity levy will enhance the nation’s capability to assess, implement, update, and advance the security of critical national economic infrastructure and protect the nation’s cyberspace across all cybersecurity domains.
The protection, security, and sustainability of Nigeria’s active engagement in cyberspace depends on the readiness to fund and diversify the cybersecurity engagement roadmap envisioned by the current administration and the support of my colleagues at the National Assembly.
Nigeria’s Cyber Threat Profile extends far beyond cybercrime, with other major cyber threats classified under the National Cybersecurity Strategy. To survive as a nation, the current weak approach to enforcing national cybersecurity directives must be re-examined and prioritised, among other considerations.
The country must fund its cybersecurity and counter-terrorism programme independently, not through foreign aid. The country must be committed to its ownership of the national cybersecurity programme, including excluding foreign governments to assert our sovereignty.
Our legislative commitment demands that we work with the other arms of government to achieve institutional accountability and inclusive engagement, which should form the necessary common values for the success of the cybersecurity programme and counter-terrorism measures.
I commend the Office of the National Security Adviser and the Central Bank of Nigeria for initiating the process of operationalising the cybersecurity levy. it is not disputed that news of the proposed implementation of the cyber security levy has generated uproars in some sections of the country; the advantages that come with it far outweigh the disadvantages.
It is instructive to note that despite having directed the commercial Banks to implement the provisions of the Cybercrime (Amendment) Act 2024 so that the law has human face as intended, the actors in the chains of implementation introduced several exemptions which have not ib initio been contemplated by the law as follows: Salary and Pension payments; loan disbursements and repayments; Government Social Welfare Programme transactions; and educational institution transactions, including tuition payments and other transactions involving schools, universities, and other institutions.
Other exceptions are Letters of Credits, Cheque clearing and settlements, Interbank placements and Inter-branch transfers; bank transfers to CBN and vice versa; intra-bank transfers between customers of the same bank; and intra-account transfers within the same bank or between different banks for the same customer.
The exceptions include Banks’ recapitalisation-related funding – only bulk funds movement from collection accounts; Savings and deposits, including transactions involving long-term investments such as Treasury Bills, Bonds, and Commercial Papers and Other Financial Institutions instructions to their correspondent banks.
Non-profit and charitable transactions, including donations to registered non-profit organisations or charities; Transactions involving the bank’s internal accounts such as suspense accounts, clearing accounts, profit and loss accounts, inter-branch accounts, reserve accounts, nostro and vostro accounts, and escrow accounts. To this end, therefore, our committee’s mandate is to make laws and those that align with Nigerians’ yearnings and aspirations.
On behalf of the Senate Committee on National Security and Intelligence, I humbly wish to seek the support of all Nigerians on the policy as it has been made for the maximum benefit of the citizenry, which will crystallize in the shortest possible time.
On behalf of the Senate and Distinguished Colleagues, I express my deep appreciation to the leaders and representatives of MDAs at the federal and state levels, as well as all stakeholders who contributed to the success of this effort.
Senator Shehu Buba Umar is Chairman, Senate Committee on National Security and Intelligence