Nigeria: Cybercrimes (Prohibition, Prevention, etc.) Act including content moderation regulation entered into force

On 15 May 2015, the Cybercrimes (Prohibition, Prevention, etc.) Act, including content moderation regulation, entered into force following its signing into law by the President on the same day. The Act requires intermediaries, such as financial institutions and service providers, to prevent and address illegal online activities. Intermediaries are required to retain traffic data, subscriber information, and content for two years and must disclose this information to law enforcement upon request. They must also assist in criminal investigations by preserving, releasing, or intercepting data as ordered by a court, ensuring such data is used only for lawful purposes. Service providers must safeguard user privacy and confidentiality while complying with interception orders for criminal probes, including collecting communications data through technical means. Intermediaries are obligated to aid law enforcement in identifying offenders, tracking the proceeds of crimes, and freezing services used for illegal activities. Failure to comply results in fines of up to NGN10 million for organisations and imprisonment or fines for responsible officers. The Act criminalises misuse of customer security codes or data by service providers, requiring forfeiture of illicit gains. Additionally, intermediaries must prevent cybersquatting, phishing, spamming, and the spread of malware, with penalties including imprisonment and fines.