In a significant move to improve national cybersecurity, the Central Bank of Nigeria (CBN) has announced the implementation of a new cybersecurity levy, as detailed in the recent circular following the enactment of the Cybercrime (Prohibition, Prevention, etc.) (Amendment) Act 2024, an amendment of the Cybercrime (Prohibition, Prevention, etc.) Act of 2015.
Here’s everything you need to know about this new levy:
What is the Cybersecurity Levy?
The cybersecurity levy is a new financial measure introduced to strengthen Nigeria’s cybersecurity framework. It involves a deduction of 0.5% (half a percent) from the value of all electronic transactions. This levy is aimed at funding various cybersecurity initiatives across the country.
How Will the Levy Be Collected?
The cybersecurity levy will be paid by individuals and entities engaging in electronic transactions. Specifically, the levy is deducted from the value of all electronic transactions at the point of transfer origination.
Financial institutions, including all banks, other financial institutions, and payment service providers, are tasked with deducting this levy. The deducted amount will be clearly indicated in the customer’s account statement with the narration “Cybersecurity Levy”.
Who is Required to Implement the Levy?
The responsibility of implementing this levy falls on all banks, other financial institutions, and payment service providers. These entities are required to ensure the levy is deducted from electronic transactions and remitted appropriately.
Purpose of the Levy
Administered by the Office of the National Security Adviser (ONSA), the funds collected from the cybersecurity levy will be used to enhance the country’s cybersecurity measures. This includes developing more robust cybersecurity infrastructure and initiatives to protect against cyber threats.
Timeline for Implementation
The deduction of the cybersecurity levy will commence within two weeks from the issuance of the circular. Financial institutions are required to remit the collected levies in bulk to the National Cybersecurity Fund (NCF) account, which is domiciled at the CBN, by the 5th business day of every subsequent month.
This new levy is a proactive step towards safeguarding Nigeria’s digital landscape from increasing cyber threats. By funding critical cybersecurity initiatives, the levy aims to create a safer cyber environment for all Nigerians.
Penalty for Non-Compliance
Penalties for non-compliance with the cybersecurity levy are outlined in Section 44 (8) of the Cybercrime (Prohibition, Prevention, etc.) (Amendment) Act 2024. Entities that fail to remit the required levy are committing an offense and, upon conviction, are subject to a fine. The fine is not less than 2% of the annual turnover of the defaulting business, among other possible penalties.
