Banwo & Ighodalo Logo

Milestone in Electronic Commerce: How the Cybercrimes Act 2015 impacts businesses

A new challenge is created, by the Cybercrimes Act, for business organisations as a result of the obligation imposed on them to report cyber threats on their computer systems. The new position is that all organisations operating a computer system or network must “immediately inform the National Computer Emergency Response Team’s (“National CERT”) coordination center of attacks, intrusions and other disruptions likely to hinder the functioning of another computer system or network, so that the National CERT can take the necessary measures to tackle the issues; which measures may involve the isolation of such computer system or network till the issues are resolved. Failure to make the report within 7 days of the occurrence of the threats attracts the penalty of internet services denial with the compulsory payment of N2,000,000 into the National Cyber Security Fund (“NCSF”). As a result of these new requirements, businesses are going to be faced with the challenge of determining the optimal decision to make when confronted with cyber threats; for instance whether they should (i) immediately report such occurrences to the National CERT, a decision that may have adverse impacts on their operations (e.g. their systems/networks being declared as CNII); or (ii) first attempt to deal with the threat internally before reporting same (a situation that may make them liable to penalties if such internal actions eventually fail)?

Further, ISPs are required to report to relevant authorities or law enforcement agents, when requested, whatever traffic data and subscriber information which they are lawfully required as the case may be to intercept, record, retain and protect. This will be another important risk factor for other business organisations that are clients of the ISPs. It is likely that firms/companies will begin to demand the inclusion in their internet service agreements, clauses that will compel ISPs to notify them whenever any data that relate to their operations are requested by third parties such as law enforcement agents.

Improved confidence, more transactions

There is hope that the new legal regime will boost the confidence of individuals, firms and companies to transact more businesses and render services online, without the fear of falling victims to identity theft, plagiarism or copyright violation. For instance, the Cybercrimes Act criminalises cybersquatting, that is any act which amounts to “the acquisition of a domain name over the internet in bad faith to profit, mislead, destroy reputation, and deprive others from registering the same, if such a domain name” is an existing and legally registered trademark or is confusingly similar or identical to it; or similar and identical to the name of a person; or acquired without right or with intellectual property in it.

The widespread confidence which the new regime is likely to engender, to the extent that one will most likely be dealing with the real person/entity as represented in any online business proposal, negotiation or actual transaction; should significantly raise the volume of e-business in the country.

The establishment of institutions which are going to work together to enhance cybersecurity in the country should further boost confidence and ultimately result in increase in the volumes of e-commerce. In this connection, the Cybercrimes Act established (i) the Cybercrimes Advisory Council, which is the policy think-tank for coordinating all research and policy issues “relating to the prevention and combating of cybercrimes and the promotion of cyber security in Nigeria”; and (ii) the NCSF which will provide substantial part of the needed capital for financing the country’s cybersecurity policy.


The NCSF, by the provisions of section 44(2)(a) of the Cybercrimes Act, shall be entitled to receive sums equivalent to 0.005% of all electronic transactions done by certain entities, such as GSM service providers and all telecommunication companies; ISPs; banks and other financial institutions; insurance companies; and the Nigerian Stock Exchange. It is however not clear whether this levy is payable on deals done by these entities themselves or those transacted through their platforms. The accrued amount in the NCSF may be allocated, to the maximum limit of 40%, for executing programs relating to countering violent extremism.