The Act provides an effective, unified and comprehensive legal, regulatory and institutional framework for the prohibition, prevention, detection, prosecution and punishment of cybercrimes in Nigeria. This act also ensures the protection of critical national information infrastructure, and promotes cybersecurity and the protection of computer systems and networks, electronic communications, data and computer programs, intellectual property and privacy rights.
ENACTED by the National Assembly of the Federal Republic of Nigeria as follows: PART I -‐ OBJECT AND APPLICATION
- The objectives of this Act are to –
- provide an effective and unified legal, regulatory and institutional framework for the prohibition, prevention, detection, prosecution and punishment of cybercrimes in Nigeria;
- ensure the protection of critical national information infrastructure; and
- promote cyber security and the protection of computer systems and networks, electronic communications, data and computer programs, intellectual property and privacy rights.
Objectives.
- The provisions of this Act shall apply throughout the Federal Republic of Nigeria. Application.
PART II -‐ PROTECTION OF CRITICAL NATIONAL INFORMATION INFRASTRUCTURE
- (1) The President may on the recommendation of the National Security Adviser, by Order published in the Federal Gazette, designate certain computer systems, and/or networks, whether physical or virtual, and/or the computer programs, computer data and/or traffic data vital to this country that the incapacity or destruction of or interference with such system and assets would have a debilitating impact on security, national or economic security, national public health and safety, or any combination of those matters as constituting Critical National Information Infrastructure.
- The Presidential Order made under subsection (1) of this section may prescribe minimum standards, guidelines, rules or procedure in respect of -‐
- the protection or preservation of critical information infrastructure;
- the general management of critical information infrastructure;
- access to, transfer and control of data in any critical information infrastructure;
Designation of certain computer systems or networks as critical national information infrastructure.
- infrastructural or procedural rules and requirements for securing the integrity and authenticity of data or information contained in any designated critical national information infrastructure;
- the storage or archiving of data or information designated as critical national information infrastructure;
- recovery plans in the event of disaster, breach or loss of the critical national information infrastructure or any part of it; and
- any other matter required for the adequate protection, management and control of data and other resources in any critical national information infrastructure.
- The Presidential Order made under section 3 of this Act may require the Office of the National Security Adviser to audit and inspect any Critical National Information Infrastructure at any time to ensure compliance with the provisions of this Act.
PART III -‐ OFFENCES AND PENALTIES
- (1) Any person who with intent, commits any offence punishable under this Act against any critical national information infrastructure, designated pursuant to section 3 of this Act, shall be liable on conviction to imprisonment for a term of not more than 10 years without an option of fine.
- Where the offence committed under subsection (1) of this section results in grievous bodily harm to any person, the offender shall be liable on conviction to imprisonment for a term of not more than 15 years without option of fine.
- Where the offence committed under subsection (1) of this section results in the death of person(s), the offender shall be liable on conviction to life imprisonment.
Audit and Inspection of critical national information infrastructure.
Offences against critical national information infrastructure.
- (1) Any person, who without authorization, intentionally accesses in whole or in part, a computer system or network for fraudulent purposes and obtain data that are vital to national security, commits an offence and shall be liable on conviction to imprisonment for a term of not more than 5 years or to a fine of not more than
N5,000,000.00 or to both fine and imprisonment.
- Where the offence provided in subsection (1) of this section is committed with the intent of obtaining computer data, securing access to any program, commercial or industrial secrets or classified information, the punishment shall be imprisonment for a term of not more than 7 years or a fine of not more than
N7, 000,000.00 or to both such fine and imprisonment.
- Any person who, with the intent to commit an offence under this section, uses any device to avoid detection or otherwise prevent identification or attribution with the act or omission, commits an offence and shall be liable on conviction to
Unlawful access to a computer.
imprisonment for a term of not more than 7 years or to a fine of not more than N7,000,000.00 or to both such fine and imprisonment.
- Any person or organisation who knowingly and intentionally trafficks in any password or similar information through which a computer may be accessed without lawful authority, if such trafficking affects public, private and or individual interest within or outside the federation of Nigeria, commits an offence and shall be liable on conviction to a fine of not more than N7, 000,000.00 or imprisonment for a term of not more than 3 years or both such fine and imprisonment.
- (1) From the commencement of this Act all operators of a cybercafé shall register as a business concern with Computer Professionals’ Registration Council in addition to a business name registration with the Corporate Affairs Commission. Cybercafés shall maintain a register of users through a sign-‐in register. This register shall be available to law enforcement personnel whenever needed.
- Any person, who perpetrates electronic fraud or online fraud using a cybercafé, shall be guilty of an offence and shall be sentenced to Three Years imprisonment or a fine of One Million Naira or both.
- In the event of proven connivance by the owners of the cybercafé, such owners shall be guilty of an offence and shall be liable to a fine of
N2,000,000.00 or a 3 years jail term or both.
- The burden of proving connivance in subsection 3 above shall be on the prosecutor.
- Any person who without lawful authority, intentionally or for fraudulent purposes does an act which causes directly or indirectly the serious hindering of the functioning of a computer system by inputting, transmitting, damaging, deleting, deteriorating, altering or suppressing computer data or any other form of interference with the computer system, which prevents the computer system or any part thereof, from functioning in accordance with its intended purpose, commits an offence and shall be liable on conviction to imprisonment for a term of not more than 2 years or to a fine of not more than
N5,000,000.00 or to both fine and imprisonment.
Registration of Cybercafé.
System Interference.
- Any person who unlawfully destroys or aborts any electronic mails or processes through which money and or valuable information is being conveyed is guilty of an offence and is liable to imprisonment for 7 years in the first instance and upon second conviction shall be liable to 14 years imprisonment.
- From the commencement of this Act, any person being employed by or under a Local Government of Nigeria, private organization or financial institution with respect to working with any critical infrastructure, electronic mails commits any act which he is not authorized to do by virtue of his contract of service or intentionally permits,
Intercepting Electronic Messages, Emails Electronic Money Transfers.
Tampering with Critical Infrastructure.
tampering with such computer, is guilty of an offence and is liable to a fine of N2,000,000.00 or imprisonment for 3 years .
- Any person who misdirects electronic messages with either the intention to fraudulently obtain financial gain as a result of such act or with the intention of obstructing the process in order to cause delay or speeding the messages with a view to cause an omission or commission that may defeat the essence of such messages is guilty of an offence and is liable to imprisonment for Three Years or a fine of
N1,000,000.00 or both.
Willful misdirection of Electronic Messages.
- 12.
- 13.
- Any person, who intentionally and without authorization, intercepts by technical means, non-‐public transmissions of computer data, content, or traffic data, including electromagnetic emissions or signals from a computer, computer system or network carrying or emitting signals, to or from a computer, computer system or connected system or network; commits an offence and shall be liable on conviction to imprisonment for a term of not more than 2 years or to a fine of not more than
N5,000,000.00 or to both such fine and imprisonment.
- Any person or organization who by means of false pretense induces any person employed by or under the government of the federal, state or local government of Nigeria or any person in charge of electronic devices to deliver to him any electronic messages which includes but is not limited to E-‐mail, credit and debit cards information, facsimile messages which is not specifically meant for him or his organization (in the latter case except he is authorized to receive such messages for and on behalf of his organization) commits an offence and shall be liable on conviction to imprisonment for a term of Two Years or a fine of not more than N1,000,000 or to both such fine and imprisonment.
- Any person who, being employed by or under the authorities of the Local, State, Federal Government of Nigeria or private organization who intentionally hides or detains any electronic mails, messages, electronic payment, credit and debit card which was found by him or delivered to him in error and which to his knowledge ought to be delivered to another person, commits an offence and shall be liable on conviction to imprisonment for 1 Year or a fine of N250,000 Naira or to both fine and imprisonment.
A person who knowingly accesses any computer or network and inputs, alters, deletes or suppresses any data resulting in inauthentic data with the intention that such inauthentic data will be considered or acted upon as if it were authentic or genuine, regardless of whether or not such data is directly readable or intelligible, commits an offence and is liable on conviction to imprisonment for a term of not less than 3 years or to a fine of not less than 7,000,000.00 or both
Unlawful interceptions.
Computer Related Forgery.