The Central Bank of Nigeria (CBN) recently imposed a cybersecurity levy on financial institutions and telecom companies. This levy is not aimed at individual citizens or ordinary bank customers, as clarified by Senator Shehu Umar Buba, the Senate Committee on National Security and Intelligence Chairman.
Who is Required to Pay the Levy?
The Cybercrime Act 2015 specifies the businesses required to pay the levy:
- Telecommunications companies
- Internet Service Providers
- Banks
- Insurance Companies
- The Nigerian Stock Exchange
- Other Financial Institutions
These sectors have been identified as the most vulnerable to financial crimes and cyber fraud.
What is the Amount of the Levy?
The cybersecurity levy is set at 0.5% of electronic transactions. This figure was previously stated as 0.005 in the principal act and has now been converted to a percentage.
Exemptions from the Levy
The CBN circular announcing the levy has provided exemptions for certain transactions, including:
- Loan disbursements and repayments
- Salary payments
- Intra-account transfers
- Other specified financial transactions
Collaborative Effort and Stakeholder Involvement
The passage of the amendment bill was a collaborative effort involving the government, industry players, civil society, and academia. Stakeholders actively participated in the public hearing before the bill was endorsed by the National Assembly and signed into law by President Bola Ahmed Tinubu in February 2024.
Protecting National Security and the Economy
The implementation of the cybersecurity levy is not intended to punish citizens but rather to protect national security and the economy. The financial burden primarily falls on the specified businesses, while the levy aims to combat cyber threats and safeguard critical economic infrastructure. The National Cybersecurity Fund, administered by the Office of the National Security Adviser (ONSA), will receive the collected levies to enhance cybersecurity measures and ensure a secure cyberspace for all stakeholders involved.