Internet & Online Safety · Nigeria
Online safety & content laws in Nigeria (2026)
Nigeria shaded by its internet & online safety status
Nigeria regulates online content and safety through several overlapping instruments rather than one comprehensive online-safety law. The NITDA Code (2022) and the more recent NCC Internet Code of Practice 2026 impose content-moderation, takedown, transparency and child-protection obligations on platforms and internet access providers via a co-regulatory model, while the amended Cybercrimes Act 2024 criminalises categories of online speech. The regime is real and tightening, but is built from subsidiary codes and a cybercrime statute, and several provisions raise free-expression concerns.
Key points
The NCC issued a revised Internet Code of Practice on 13 February 2026 (with accompanying Guidance Notes), governing internet access service providers and online/digital communication platforms. It covers traffic management, security, privacy/data breaches, protection of minors, and content governance.
The NCC Code empowers the Commission to issue takedown notices for 'unlawful content' (content violating Nigerian law) and 'harmful content' (material causing offence, distress or harm), to be complied with within 24 hours of receipt, with a right of appeal for aggrieved parties.
Effective 2022, NITDA's Code requires large platforms (over 100,000 Nigerian users) to incorporate locally, maintain a physical office, appoint liaison/compliance officers, file compliance reports, and remove content within 24 hours of notice from an authorised government agency. NITDA published a 2024 compliance report in 2025.
The 2026 NCC Code mandates that telcos/platforms provide simple-to-enable parental control and content-filtering tools, multilingual safety guidance, and an opt-in default for minors/vulnerable users; it does not impose a UK/EU-style mandatory age-verification regime for general access.
The Cybercrimes (Amendment) Act 2024 (signed 28 Feb 2024) revised Section 24 to target false messages sent 'for the purpose of causing a breakdown of law and order or posing a threat to life'; vague terms like 'annoyance', 'insult' and 'false information' remain, drawing criticism that the law is used against journalists and critics.
Nigeria banned/suspended Twitter for 222 days (4 June 2021 – 13 Jan 2022); the ban was lifted by NITDA after Twitter agreed to incorporate locally, appoint a country representative and comply with tax obligations — conditions later echoed in the NITDA Code.
Timeline - major decisions & events
The Nigerian Communications Commission released a draft Code requiring online platforms and Internet Access Service Providers to adopt NCC-approved community rules, file bi-annual compliance reports, designate a liaison for harmful content, and implement default parental controls for minors. It marks the NCC's formal assertion of jurisdiction over digital platforms beyond traditional telecoms licensing.
NCC ↗NITDA published a White Paper proposing a comprehensive Online Harm Protection (OHP) Bill to address misinformation, algorithmic bias, surveillance capitalism, and child safety risks. The Bill proposes four new institutions: an Online Harm Protection Centre, a Multi-Stakeholder Council, an Independent Oversight Forum, and a Redress Panel for users to contest harmful platform decisions.
NITDA ↗President Tinubu signed amendments to the 2015 Cybercrime Act expanding surveillance powers — allowing security agencies to intercept communications without a court order in 'urgent' cases — extending telecom data-retention obligations, criminalising 'false or misleading' online posts, and imposing a 72-hour cyber-incident reporting duty. Civil-society groups warned the broad speech provisions risk being weaponised against journalists and activists.
ngCERT / Federal Government of Nigeria ↗President Tinubu signed the Nigeria Data Protection Act 2023, elevating data protection from a regulatory instrument to a full statute and establishing the Nigeria Data Protection Commission (NDPC) as the dedicated regulator. The Act introduced GDPR-aligned data-subject rights, mandatory registration for significant-importance data controllers, and strict restrictions on cross-border data transfers.
ngCERT / Federal Government of Nigeria ↗Drawing directly on lessons from the Twitter ban, NITDA finalised its Code of Practice for Interactive Computer Service Platforms and Internet Intermediaries. It obligates social media and internet intermediaries operating in Nigeria to implement content moderation, cooperate with lawful-interception requests, maintain user-complaints mechanisms, and register locally — bringing major platforms under Nigerian regulatory oversight for the first time.
NITDA ↗The ECOWAS Community Court of Justice ruled that the seven-month Twitter suspension violated freedom of expression and access to information guaranteed under the African Charter on Human and Peoples' Rights and the UN Charter. The Court ordered Nigeria to pay litigation costs and take legislative steps to prevent recurrence — a landmark regional human-rights check on government internet shutdowns.
Access Now (reporting ECOWAS Court ruling) ↗After 222 days, Nigeria restored Twitter access on conditions including the platform registering as a Nigerian corporate entity, appointing an in-country representative, paying applicable taxes, and complying with the Broadcasting Code and NCC regulations. The conditions set a template for how Nigeria would subsequently regulate all major foreign digital platforms.
Wikipedia (citing NCC and Ministry of Information statements) ↗President Buhari's administration indefinitely suspended Twitter after the platform deleted a presidential tweet seen as inciting violence. ISPs were ordered to block the service, and the federal government threatened criminal prosecution of users who accessed it via VPN. The ban drew condemnation from the US, EU, UK, Amnesty International, and ECOWAS, and triggered Nigeria's first serious national debate on platform governance.
Access Now ↗NITDA issued the NDPR — Nigeria's first comprehensive data-protection framework, modelled on the EU GDPR. It established lawful-basis requirements for personal-data processing, data-subject rights, breach-notification obligations, and mandatory annual data-protection audits, applying to any entity processing data of Nigerian residents regardless of where the processor is based.
NITDA ↗Nigeria's first standalone cybercrime statute criminalised hacking, identity theft, cyberstalking, cyber-terrorism, and online fraud, and mandated ISPs, telecoms, and financial institutions to cooperate with law enforcement and the ng-CERT. The Act established the procedural and institutional foundations of Nigeria's entire cyber-law framework and remained the primary instrument until its 2024 amendment.
ngCERT / Federal Government of Nigeria ↗Act No. 28 of 2007 placed NITDA's operations (which had begun informally in 2001) on a firm statutory footing, granting the agency authority to plan, coordinate, standardise, and regulate IT development and internet services in Nigeria. This Act became the direct legal basis for the NDPR 2019 and the Code of Practice for online platforms in 2022.
NITDA ↗The foundational statute signed by President Obasanjo created the Nigerian Communications Commission (NCC) as an independent regulator with authority over all communications networks and services, including internet infrastructure. Its licensing, spectrum management, and enforcement powers form the base layer of Nigeria's online-governance architecture and underpin the NCC's later moves into platform regulation.
NCC ↗Nigeria - other topics
Last verified 5/23/2026 · Orientation, not legal advice - verify against the primary sources linked above. Explore the full world map →