Banwo & Ighodalo Logo

Milestone in Electronic Commerce: How the Cybercrimes Act 2015 impacts businesses

PRIOR LEGAL REGIME

A review of the legal regime before the enactment of the Cybercrimes Act can best be done by understanding how electronic/online business transactions fared in the periods before 2011 and thereafter (but before the enactment of the Cybercrimes Act). In the first period (that is, before 2011), no recognition was given to electronic or computer generated documents in our evidential law. The main effect of this situation was that where disputes arose out of commercial deals concluded by e-mails or via online platforms, the computer-generated contract documents were not competent for proving their contents in the court of law (even where they were admitted for “relevancy” sake); as it was not clear whether they should be treated as primary or secondary evidence under the Evidence Act, Cap. E14, Laws of the Federation of Nigeria, 2004 (the “Old Evidence Act”).

Besides, there was the challenge of proving the authenticity and/or the identity of the owner of an electronic signature appearing on any computer or online print-out of contractual terms. Under the Old Evidence Act, procedure for proving the sealing of a document required actual “writing” on a tangible medium by the person alleged to have executed such document; so as to examine his signature or finger impression – see sections 100, 102 and 108 of the Old Evidence Act. This legislation did not envisage the now widespread use of electronic signature in e-mail transactions, cryptographic codes on internet platforms and biometric system in financial institutions (such as the current use of Bank Verification Number (BVN) in the banking system).

However, the enactment of the Evidence Act 2011 (the “New Evidence Act”) which resulted in substantial improvements on the Old Evidence Act, ushered in the second period of the previous legal regime. Sections 84 and 93 of the New Evidence Act provide for the admissibility of computer-generated documents, the recognition of electronic signature and waiver of its proof by means of writing on a tangible medium. This was the first major boost to e-commerce in Nigeria prior to the coming into force of the Cybercrimes Act.

However, despite improvements on the evidential value of electronically-generated documents since 2011, many cybercrimes which undermine the confidence of parties to online transactions and deter, ipso facto, the growth of e-commerce still went unchecked. This was due to certain circumstances, including:

(i) the fact that common fraudulent and harmful electronic and internet activities such as scamming, cybersquatting, cyberattack, PIN theft, hacking, phishing etc. were not defined in any statute and therefore were somewhat “unknown” to the Nigerian legal system. It is trite that an action will only constitute a crime in Nigeria where it is stated, by a statute, to be a crime and the penalty thereof is prescribed in a written law – see section 36(12), Constitution of the Federal Republic of Nigeria 1999, as amended.

(ii) neither any court with designated jurisdiction to prosecute cybercrimes nor a body with the needed specialised skill and machinery for properly investigating alleged commission of same (other than the Economic and Financial Crimes Commission and the Police Force, which are trained to generally deal with conventional criminal matters) existed.


THE REFORM

The coming into force of the Cybercrimes Act changed the Nigerian legal landscape significantly, with the overall effects of better securing and further expanding the scope of e-business transactions. Some of the specific provisions of the Cybercrime Act which are expected to impact investments and general commercial activities in Nigeria include:

1. Creation of the concept of “Critical Infrastructure” (see section 58 of the Cybercrimes Act) and the empowerment of the President to designate any computer system as Critical National Information Infrastructure – see section 3 of the Cybercrimes Act

2. Presumption of regularity and binding effect of electronic signatures in respect of many common business transactions – see section 17(1) of the Cybercrimes Act

3. Creation of new offences by criminalising certain fraudulent activities done through electronic devices and the internet, which were not previously defined as crimes in the country’s regular penal laws – see Part III (sections 5-36), section 46 and generally section 58 of the Cybercrimes Act – and the creation of both individual and corporate liabilities and penalties such as committal of the directors of affected companies to various terms of imprisonment, as well as imposition of heavy fines on affected organisations.

4. Protection of organisations’ copyrights in trademarks and domain names

5. Obligation of business entities to report incidences amounting to cyber threats – see section 21 of the Cybercrimes Act