Nigeria: Communications Commission adopted Internet Code of Practice including cybersecurity regulation

On 13 February 2026, the Communications Commission adopted the Internet Code of Practice, including cybersecurity regulation. The Code requires internet access service providers to implement the cybersecurity framework issued by the Commission as the operational baseline for the sector and comply with the Nigerian Data Protection Act 2023 and relevant consumer protection regulations. They must adopt appropriate safeguards to protect customer information from unauthorised access or disclosure, taking into account data sensitivity and technical feasibility. In the event of a data breach, providers must notify affected customers within 48 hours, issue preliminary notices where necessary, provide full updates within 14 days or as approved, and inform the Commission in writing within 48 hours of determining that a breach has occurred.