Nigeria Cybercrimes Prohibition Act 2015 | Felix Omoko Blog

Law Icon
The Act provides an effective, unified and comprehensive legal, regulatory and institutional framework for the prohibition, prevention, detection, prosecution and punishment of cyber crimes in Nigeria. 


This act also ensures the protection of critical national information infrastructure, and promotes cyber security and the protection of computer systems and networks, electronic communications, data and computer programs, intellectual property and privacy rights.


CYBERCRIMES (PROHIBITION, PREVENTION, ETC) ACT, 2015

A Bill For An act to provide for the prohibition, prevention, detection, response, investigation and prosecution of cybercrimes; and for other related matters, 2015.

ENACTED by the National Assembly of the Federal Republic of Nigeria as follows:

Objectives

1.     The objectives of this Act are to–

(a)    provide an effective and unified legal, regulatory and institutional framework for the prohibition, prevention, detection, prosecution and punishment of cybercrimes in Nigeria;

(b)    ensure the protection of critical national information infrastructure; and

 (c)    promote cyber security and the protection of computer systems and networks, electronic communications, data and computer programs, intellectual property and privacy rights.

 Application

2.     The provisions of this Act shall apply throughout the Federal Republic of Nigeria.


PART II -     PROTECTION OF CRITICAL NATIONAL INFORMATION INFRASTRUCTURE

Designation of certain computer systems or networks as critical national information infrastructure

3.(1) The President may on the recommendation of the National Security Adviser, by Order published in the Federal Gazette, designate certain computer systems, and/or networks, whether physical or virtual, and/or the computer programs, computer data and/or Traffic data vital to this country that the incapacity or Destruction of or interference with such system and assets would have a debilitating impact on security, national or economic security, national public health and safety, or any combination of those matters as constituting Critical National Information Infrastructure.

 (2)    The Presidential Order made under subsection (1) of this section may prescribe minimum standards, guidelines, rules or procedure in respect of -

(a)    the protection or preservation of critical information infrastructure;
(b)    the general management of critical information infrastructure;
(c)    access to, transfer and control of data in any critical information infrastructure; Designation of certain computer systems or networks as critical national information infrastructure.
(d)    infrastructural or procedural rules and requirements for securing the integrity and authenticity of data or information contained in any designated critical national information infrastructure;
(e)    the storage or archiving of data or information designated as critical national information infrastructure;
(f)     recovery plans in the event of disaster, breach or loss of the critical national information infrastructure or any part of it; and
(g)    any other matter required for the adequate protection, management and control of data and other resources in any critical national information infrastructure.

 Audit and Inspection of critical national information infrastructure

4.     The Presidential Order made under section 3 of this Act may require the Office of the National Security Adviser to audit and inspect any Critical National Information Infrastructure at any time to ensure compliance with the provisions of this Act.


PART III-OFFENCES AND PENALTIES

Offences against critical national information infrastructure

5.(1) Any person who with intent, commits any offence punishable under this Act against any critical national information infrastructure, designated pursuant to section 3 of this Act, shall be liable on conviction to imprisonment for a term of not more than 10 years without an option of fine.

 (2)    Where the offence committed under subsection (1) of this section results in grievous bodily harm to any person, the offender shall be liable on conviction to imprisonment for a term of not more than 15 years without option of fine.

 (3)    Where the offence committed under subsection (1) of this section results in the death of person(s), the offender shall be liable on conviction to life imprisonment.


Unlawful access to a computer

6. (1) Any person, who without authorization, intentionally accesses in whole or in part, a computer system or network for fraudulent purposes and obtain data that are vital to national security, commits an offence and shall be liable on conviction to imprisonment for a term of not more than 5 years or to a fine of not more than N5,000,000.00 or to both fine and imprisonment.


(2)    Where the offence provided in subsection (1) of this section is committed with the intent of obtaining computer data, securing access to any program, commercial or industrial secrets or classified information, the punishment shall be imprisonment for a term of not more than 7 years or a fine of not more than N7, 000,000.00 or to both such fine and imprisonment.


(3)    Any person who, with the intent to commit an offence under this section, uses any device to avoid detection or otherwise prevent identification or attribution with the act or omission, commits an offence and shall be liable on conviction to Unlawful imprisonment for a term of not more than 7 years or to a fine of not more than N7,000,000.00 or to both such fine and imprisonment.


(4)    Any person or organisation who knowingly and intentionally trafficks in any password or similar information through which a computer may be accessed without lawful authority, if such trafficking affects public, private and or individual interest within or outside the federation of Nigeria, commits an offence and shall be liable on conviction to a fine of not more than N7, 000,000.00 or imprisonment for a term of not more than 3 years or both such fine and imprisonment.

Registration of Cybercafé

7.(1) From the commencement of this Act all operators of a cybercafé shall register as a business concern with Computer Professionals’ Registration Council in addition to a business name registration with the Corporate Affairs Commission. Cybercafés shall maintain a register of users through a sign-in register. This register shall be available to law enforcement personnel whenever needed.

 (2)    Any person, who perpetrates electronic fraud or online fraud using a cybercafé, shall be guilty of an offence and shall be sentenced to Three Years imprisonment or a fine of One Million Naira or both.


(3)    In the event of proven connivance by the owners of the cybercafé, such owners shall be guilty of an offence and shall be liable to a fine of N2,000,000.00 or a 3 years jail term or both.

 (4)    The burden of proving connivance in subsection 3 above shall be on the prosecutor.

 System Interference

8.     Any person who without lawful authority, intentionally or for fraudulent purposes does an act which causes directly or indirectly the serious hindering of the functioning of a computer system by inputting, transmitting, damaging, deleting, deteriorating, altering or suppressing computer data or any other form of interference with the computer system, which prevents the computer system or any part thereof, from functioning in accordance with its intended purpose, commits an offence and shall be liable on conviction to imprisonment for a term of not more than 2 years or to a fine of not more than N5,000,000.00 or to both fine and imprisonment.

 Intercepting Electronic Messages, Emails Electronic Money Transfers.

9.     Any person who unlawfully destroys or aborts any Electronic mails or processes through which money and or valuable information is being conveyed is guilty of an offence and is liable to imprisonment for 7 years in the first instance and upon second conviction shall be liable to 14 years imprisonment.