Breaking Down Nigeria’s Cybercrimes Act 2024: Who Pays the 0.5% Cybersecurity Levy?

Share with others

Breaking Down Nigeria's Cybercrimes Act 2024 Who Pays the 0.5% Cybersecurity Levy

In today’s interconnected world, cybersecurity is no longer just a concern for governments and businesses—it’s a responsibility shared by individuals, corporations, and governments alike. This underscores the necessity of the Cybercrime (Prohibition, Prevention, etc.) (Amendment) Act 2024. From safeguarding personal information to protecting critical infrastructure, cybersecurity plays a crucial role in ensuring the stability and security of our digital environment. Much like a chain link, every individual and entity is a vital component in the defense against cyber threats.

Individuals must be cyber-aware to protect themselves from various online risks, such as identity theft, phishing scams, and malware attacks. By practicing good cybersecurity habits, such as using strong passwords, keeping software updated, and being cautious of suspicious emails and websites, individuals can mitigate the likelihood of falling victim to cybercrimes.

Businesses, on the other hand, have a responsibility to protect not only their infrastructure but also their customers’ sensitive data. A breach in security can result in significant financial losses, damage to reputation, and legal repercussions. Implementing robust cybersecurity measures, conducting regular security assessments, and investing in employee training are essential steps businesses can take to safeguard against cyber threats.

Moreover, governments play a crucial role in protecting critical national information infrastructure from cyberattacks. This includes infrastructure vital to national security, the economy, public health, and safety. Government involvement in cybersecurity is essential for coordinating national cybersecurity strategies, facilitating information sharing between public and private sectors, and enforcing cybersecurity regulations to ensure compliance.

The Cybercrimes (Amendment) Act 2024

The Cybercrimes (Amendment) Act 2024 is a significant step forward in Nigeria’s fight against cybercrimes. The Act provides an effective, unified, and comprehensive legal, regulatory, and institutional framework for the prohibition, prevention, detection, prosecution, and punishment of cybercrimes. It also ensures the protection of critical national information infrastructure and promotes cybersecurity and the protection of computer systems and networks, electronic communications, data, and computer programs, intellectual property, and privacy rights.

Section 44 of the Cybercrime Act

Section 44 of the Cybercrime Act establishes the National Cyber Security Fund, which is financed through a levy of 0.5% (equivalent to half a percent) of all electronic transactions value by businesses specified in the Second Schedule to the Act. The Fund is administered by the Office of the National Security Adviser, which ensures compliance monitoring and keeps proper records of the accounts. Up to 40 percent of the Fund may be allocated for programs to counter violent extremism. The account of the Fund shall be audited according to the guidelines provided by the Auditor General for the Federation. 

In addition to the 0.5% levy, the National Cybersecurity Fund is augmented by various sources, including grants-in-aid and assistance from donor, bilateral, and multilateral agencies. It also receives contributions from gifts, endowments, bequests, or other voluntary donations by individuals and organizations, with the condition that such contributions do not compromise the functions of the Agency. Furthermore, the Fund may receive appropriations from the National Assembly to bolster its resources.

There is also a penalty for businesses listed in the Second Schedule of the Act that neglects to pay the levy, as outlined in section 44(2)(a), will be deemed to have committed an offense. Upon conviction, the defaulting business is subject to a fine amounting to no less than 2% of its annual turnover. Furthermore, failure to comply may result in the closure or withdrawal of the business’s operational license.

The rationale behind imposing the cybersecurity levy is to generate funds dedicated to bolstering Nigeria’s cybersecurity capabilities. These funds will be allocated to various initiatives, including the establishment of sectoral Computer Emergency Response Teams (CERT) and sectoral Security Operation Centers (SOC). These entities will collaborate to bolster the national CERT, ensuring seamless integration and routing of internet and data traffic from all public and private organizations to the sectoral SOCs, thereby safeguarding the national cyberspace.

Additionally, the funds will be utilized to establish and maintain a National Computer Forensic Laboratory, facilitating coordination among law enforcement, security, and intelligence agencies in utilizing the facility. Moreover, the funds will be directed towards capacity building to effectively execute the functions of relevant security, intelligence, law enforcement, and military services as outlined in the Act or any other cybercrime legislation in Nigeria.

Furthermore, the funds will enable the establishment of appropriate platforms for public-private partnerships (PPP) and facilitate coordination efforts for international cybersecurity cooperation.

Who Pays the 0.5% Cybersecurity Levy?

The Central Bank of Nigeria (CBN) ordered banks operating in the country to start charging a cybersecurity levy on transactions, following the enactment of the Cybercrime (Prohibition, Prevention, etc) (amendment) Act 2024 and under the provision of Section 44 (2)(a) of the Act which explicitly stated that “a levy of 0.5% (0.005) equivalent to a half percent of all electronic transactions value by the business specified in the Second Schedule to this Act”.

The intriguing query arises: which businesses fall under the classification specified in the second schedule of the Act? The law delineates five categories:

  • GSM Service providers and all telecommunication companies;
  • Internet Service Providers;
  • Banks and other Financial Institutions;
  • Insurance Companies;
  • Nigerian Stock Exchange.

The questions that require attention from the CBN, the NSA, and the government are as follows:

  1. Why are individuals (Nigerians) who own and operate personal accounts in banks and other financial institutions targeted instead of “the business” as stipulated in the law?
  2. Why are other businesses excluded from the implementation of the 0.5% Cybersecurity Levy?
  3. Will Nigerians who own mobile phones and access the internet soon face additional charges if the law intends that customers are charged instead of the stated businesses?

Addressing these concerns falls within the purview of relevant government agencies to prevent Nigerians from being unfairly charged or losing their money under the guise of a law meant to protect them from cybercrimes. In summary, Nigeria’s Cybercrimes Act 2024 and the accompanying cybersecurity levy emphasize the necessity of collective action in tackling cyber threats and securing the nation’s digital future. Effective law implementation is essential to ensure the Act does not commit a crime against itself.

You can access the Cybercrimes Act 2024 by downloading it here

About the Author

Jeremiah Osigbemhe Peter

 

 

 

Jeremiah Osigbemhe Peter

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top