- Nigeria’s telecom regulator, the NCC, is finalising a cybersecurity framework to protect the nation’s digital infrastructure.
- The framework will be implemented by telecom operators starting in early 2026.
- It draws legal backing from Nigeria’s Cybercrime Prevention Act (2015) and the Data Protection Act (2023).
- Escalating cyber threats and recent breaches have made the framework a regulatory imperative.
As Nigeria’s digital infrastructure grows, so do cyber risks, perfectly exemplified by a headline-making breach at MTN earlier this year, where customer data across several markets was compromised.
Although core systems remained unaffected, the incident sounded the alarm on telecoms’ vulnerability to cyber threats.
In response, the Nigerian Communications Commission (NCC) is fast‑tracking a cybersecurity framework to safeguard telecom operators and ultimately, the country’s digital economy and it is set for rollout in early 2026.
This policy push is not happening in isolation. In 2024, the NCC launched a Device Management System (DMS) to monitor and blacklist non-compliant or stolen mobile devices by registering International Mobile Equipment Identity (IMEI) numbers across networks. It’s an example of the commission’s proactive approach to tightening telecom infrastructure security.
Moreover, Nigeria’s broader cybersecurity and regulatory context underlines the urgency of this shift. The Cybercrime Act offers insights into the legal stringency of Nigeria’s cyber laws, including substantial penalties and mandatory breach reporting, which underline the importance of the new framework.
The new framework, expected to be finalised by Q3 2025, will require telecom operators to enforce risk mitigation strategies, data protection protocols, and incident-response plans. Non-compliance could attract sanctions backed by the Cybercrime Act (2015) and the Data Protection Act (2023).
NCC’s Executive Vice Chairman, Dr. Aminu Maida, has emphasised that “telecom networks are the backbone of our digital economy,” and that their security must be prioritised to ensure national resilience against cyber threats.
Where operators previously had varying internal protocols, this framework aims to unify safeguards under one national standard, mandating regular audits and system monitoring.
Once it’s in place, the NCC says it will periodically review and update the framework to stay ahead of evolving threats but telecom firms now have a short runway to gear up for this new compliance landscape.
