Introduction
On May 15, 2015, the nation made a decisive move in addressing the
growing threat of cybercrime by enacting the Cybercrimes (Prohibition,
Prevention, etc.) Act. Ten years later, the law remains central to the
country’s cybersecurity framework, offering legal definitions, prosecutorial
mechanisms, and institutional frameworks to combat digital threats. As we mark
this decade-long journey, it is time to assess the Act's major impacts, its
2024 amendments, its misuses, and what must change in the future to safeguard
security and civil liberties.
1. The Country’s First
Comprehensive Legal Framework on Cybercrime
Prior to 2015, the legal environment addressing cybercrime in the nation was fragmented. Offenses were prosecuted under laws like the Advanced Fee Fraud Act, which did not fully capture the nature of modern digital threats. The 2015 Act changed that by clearly defining crimes such as hacking, identity theft, cyberterrorism, online fraud, and child pornography. It introduced penalties that enabled structured prosecution. The result has been a series of high-profile convictions, including notorious syndicates involved in ATM cards, phishing scams, etc.
2. Creation of the Cybercrime
Advisory Council
The Act provided for the establishment of the Cybercrime Advisory
Council under the leadership of the National Security Adviser (NSA). Comprising
stakeholders from public and private sectors, the Council was tasked with
coordinating national cybersecurity policy. Although the Council has faced
criticism for slow bureaucratic response, it has enabled strategic partnerships with international agencies like INTERPOL and the UK National Crime Agency.
3. Protection of Critical
National Infrastructure (CNII)
A notable provision of the Act was the designation of key sectors such
as banking, energy, and telecommunications as Critical National Information
Infrastructure (CNII). These sectors were mandated to implement enhanced
cybersecurity protocols. Although large institutions have complied, enforcement
remains inconsistent, especially among smaller banks and regional service
providers.
4. Reforming Section 24: From
Overreach to Targeted Protection
Originally, Section 24 criminalized messages deemed "grossly
offensive" or causing "needless anxiety." This provision was
vague and became a tool for silencing journalists and critics. The 2024
amendment narrowed its scope, now targeting child pornography and false
information likely to incite violence. This change followed the ECOWAS Court's
2020 judgment, which found the original section unconstitutional. Still,
enforcement remains uneven and politically influenced.
Notable Misuse Cases:
· Omoyele Sowore (January 2025). Charged with 16 counts under the Cybercrime Act based on his social media posts referring to the Inspector General of Police as an “illegal IGP.”
·
Agba Jalingo (2022): Prosecuted over Facebook posts alleging
corruption.
The Erisco Tomato Paste Review Case – A Cautionary Tale
In 2023, Chioma Okoli, a national consumer, posted a Facebook review stating that she found Nagiko Tomato Mix, a product of Erisco Foods Limited, to be sugary. Erisco Foods Limited refuted her claim as untrue and unfounded. Subsequently, Okoli was arrested by the police following a petition by the company's President and CEO, Eric Umeofia. The police obtained an arrest warrant and remand order from a magistrate court in Masaka, Nasarawa State, leading to her detention. She was later arraigned at the Federal High Court in Abuja, where she pleaded not guilty to two counts of conspiracy and cyberstalking. Amid the legal proceedings, Okoli suffered a miscarriage. Her arrest and detention sparked public outrage, with many citizens calling for her release.
Displeased with the remand order, Okoli's counsel, Inibehe Effiong, petitioned the Nasarawa State Judicial Commission. He argued that it was improper for the magistrate to issue arrest and remand warrants against his client, who neither resided in Nasarawa State nor had ever visited it. Effiong contended that the alleged offences were not committed in Nasarawa State and that cybercrime is a federal offence under the Cybercrimes (Prohibition, Prevention, etc.) Act, 2015, which grants exclusive jurisdiction to the Federal High Court for such matters.
Following the petition, the Nasarawa State Judicial Commission investigated the matter and, in a letter dated January 6, 2025, informed Effiong that Chief Magistrate Emmanuel A. Jatau had been demoted from Chief Magistrate II (Grade Level 15) to Senior Magistrate I (Grade Level 14) and stripped of his magisterial duties. The commission cited misconduct in the handling of Okoli's case as the reason for the disciplinary action.
This case underscores the importance of adhering to proper jurisdictional procedures and the potential consequences of misapplying legal authority, particularly in matters involving federal offences such as cybercrime. It further highlights how cybercrime laws can be misapplied to suppress consumer rights and free expression, exemplifying a growing trend of using criminal prosecution to settle what are fundamentally civil disputes.
5. International Collaboration
and Extradition Challenges
The country’s endorsement of the Budapest Convention significantly
improved its ability to cooperate on international cybercrime investigations.
Countries such as the UK, South Africa, and Japan have partnered with the
nation to track and extradite suspects. However, the process remains hampered
by slow bureaucratic procedures and lack of mutual legal assistance frameworks
with some jurisdictions.
6. Introduction of the
Cybersecurity Levy
A major provision in the 2024 amendment was the introduction of a 0.5%
cybersecurity levy on electronic transactions, administered by the NSA. While
aimed at funding national cyber defense infrastructure, the policy attracted
strong public opposition, prompting government reviews and clarifications.
Critics argue the levy disproportionately affects small businesses and
low-income earners.
7. Law Enforcement and Free
Speech: A Fragile Balance
Even after the amendment, Section 24 continues to be used against
journalists and whistleblowers. In 2024, journalist Daniel Ojukwu was detained
for publishing corruption-related stories. In 2023, lawyer Chike Ibezim was
charged over tweets criticizing a politician. Legal advocacy groups like SERAP and the Nigerian Union of Journalists (NUJ) have consistently called for more
robust protections for free speech.
8. Sectoral CERTs and Faster
Incident Reporting
The 2024 reforms also created Sectoral Computer Emergency Response
Teams (CERTs) to improve the handling of cyber incidents. Financial
institutions, for example, must now report security breaches within 72 hours, a
significant improvement over the previous 7-day period. This has improved
real-time threat analysis and response mechanisms.
9. Mandatory NIN for Electronic
Transactions
To combat identity fraud, the amendment now mandates the use of National
Identity Numbers (NIN) for all electronic transactions. While this policy has
had a positive impact in reducing the number of fraudulent accounts,
implementation remains difficult due to infrastructure gaps in the National
Identity Management Commission (NIMC).
10. Strengthening Law Enforcement Capacity
The Act led to the establishment of cybercrime units within agencies like the EFCC, the Nigeria Police Force, and the Nigerian Financial Intelligence Unit (NFIU). These units have recorded success in cracking complex cyber fraudcases. However, underfunding, skill shortages and accessibility outside Abuja and Lagos still limit their effectiveness.
Judicial Warning Against Misuse of Criminal Law for Civil Disputes
The Supreme Court of the country, in Aviomoh v. C.O.P & Anor (2021)
LPELR-55203(SC), offered a stark warning. Justice Helen Moronkeji Ogunwumiju
held:
"My Lords, the misuse of the criminal law machinery for getting
reliefs in disputes that are civil in nature, by using the instruments of State
has become dangerously rampant in recent times... Criminal Courts should ensure
that proceedings before it are not used for settling scores or to pressurize
parties to settle civil disputes."
This principle must guide the application of the Cybercrimes Act,
particularly Section 24, to prevent the criminalization of civil disagreements
or dissenting opinions.
The Way Forward
1. Judicial Training:
Introduce mandatory training on digital rights and cybercrime legislation for magistrates and judges. The mishandling of the Erisco case underscores the urgent need for judicial officers to understand jurisdictional limits and the civil liberties at stake in cybercrime prosecutions.
2. Expansion of Forensic Infrastructure:
Establish well-equipped cybercrime forensic laboratories in each of the six geopolitical zones to improve digital evidence collection and analysis.
Deploy Cybercrime Units of the Nigeria Police Force across all 36 state commands. These units should be equipped with modern tools, including digital forensic software and blockchain analysis systems. Replicating such capacity nationwide will help reduce investigative delays, particularly in underserved rural areas.
3. Capacity Building:
Invest in the continuous training of law enforcement personnel in areas such as ethical hacking, cryptocurrency tracking, and dark web surveillance. Partnerships with institutions like the UK's National Cyber Security Centre (NCSC) will ensure officers remain adept at handling sophisticated cyber threats.
4. Whistleblower Protection:
Enact legal safeguards to protect journalists, whistleblowers, and concerned citizens from retaliatory prosecutions under the Act. Such protection is crucial to fostering accountability and trust in public institutions.
5. Transparency and Accountability:
Mandate the publication of annual reports on cybercrime-related arrests, charges, and convictions. These reports should include disaggregated data to help identify patterns of misuse and support evidence-based reform.
Conclusion
In its first decade, the Cybercrimes Act has become a vital component of the national security framework. Yet, high-profile cases like Erisco and the detention of journalist Daniel Ojukwu expose persistent vulnerabilities in its application. As Justice Helen Ogunwumiju cautioned in Aviomoh v. C.O.P, criminal law must not be wielded as a tool for settling civil grievances or suppressing legitimate dissent.
To uphold both security and civil liberties in the digital age, the next phase must focus on legislative precision, institutional accountability, and infrastructural development. Decentralizing cybercrime units, expanding forensic capabilities, and ensuring judicial understanding of digital rights will help realign the Act with its original purpose: to protect citizens from genuine digital threats—not to punish lawful expression.
Without equipping all regions of the country to detect and respond to cybercrime effectively, the nation risks falling behind in its fight against increasingly complex digital criminality. Reform is no longer optional—it is imperative.