Nigeria moves toward comprehensive AI regulation
Nigeria is consolidating years of scattered legislative efforts into a coordinated AI governance framework. In December 2024, Parliament consolidated four separate bills introduced between 2021 and 2024 for second reading. Two new bills followed in 2025: the National Artificial Intelligence Commission (Establishment) Bill and the Digital Sovereignty and Fair Data Compensation Bill.
The push reflects a broader shift across Africa. Angola, Egypt, Kenya and Morocco have adopted national AI strategies and regulatory frameworks. Nigeria published its own National AI Strategy in 2024, outlining plans to establish a governance body, develop risk management frameworks and create transparent guidelines for AI deployment.
The Digital Economy Bill sets the foundation
The National Digital Economy and E-Governance Bill establishes Nigeria's central AI regulator: the National Information Technology Development Agency (NITDA). The bill applies to anyone developing or deploying AI systems in public and private sectors.
It introduces a risk-based framework requiring AI systems to be fair, transparent, secure and nondiscriminatory. Developers must implement governance and risk management measures proportional to their system's potential impact.
The bill empowers NITDA to consider seven factors when evaluating AI risk: the system's purpose and context, its scope of application, likelihood and severity of harm, reversibility of effects on people's rights, degree of autonomy, possibility of human oversight, and control over system outcomes.
A regulatory sandbox feature allows companies to test new AI products under controlled conditions with predefined safeguards. This gives regulators early visibility into emerging technologies and risks while supporting innovation.
NITDA gains broad enforcement powers: conducting compliance audits, accrediting AI auditors, requiring corrective measures, suspending risky systems and imposing penalties. Fines can reach 10 million Nigerian Naira (approximately USD 7,332) or up to 2% of annual gross revenue in Nigeria.
Data localization and foreign company obligations
The Digital Sovereignty and Fair Data Compensation Bill targets foreign digital companies generating revenue from Nigerian users. It requires all data from Nigerian users to be stored and processed within Nigeria through local data centers or mirror servers.
Cross-border data transfers require NITDA approval and proof of compliance with Nigeria's data security laws. Foreign companies using Nigerian data to train AI models must contribute 2% of their annual Nigerian revenue to a new Nigeria AI Development Fund.
Companies must also ensure at least 30% of their AI research and development using Nigerian data occurs in Nigeria. Financial penalties range from 10% of annual Nigerian turnover to 1 billion Nigerian Naira (approximately USD 733,259).
The bill creates potential conflicts with Nigeria's Data Protection Act, which permits cross-border transfers based on adequacy decisions and appropriate safeguards without requiring prior regulatory authorization. Privacy professionals should assess transfer purposes and contexts carefully to align with both frameworks.
What IT leaders need to prepare for
Data localization and AI training requirements will force fundamental changes to AI system architecture, data pipelines and vendor relationships. IT teams should assess whether existing AI models rely on Nigerian data and whether current cross-border processing arrangements can meet the new localization regime.
The financial stakes are substantial. Digital services taxes, AI data compensation contributions and revenue-based penalties create material regulatory risk that affects product design, market-entry strategy and contracts.
Both bills signal clear expectations: organizations deploying AI in Nigeria must adopt mature, documented governance frameworks. This includes formal risk assessments, human oversight mechanisms, auditability and clear internal accountability for AI decisions.
Companies should monitor NITDA's guidance notes and AI-related regulations closely once the bills take effect. Organizations that proactively embed governance controls will be better positioned as Nigeria moves from legislative development to active enforcement.
For IT and development professionals managing AI systems, AI for IT & Development resources cover governance, compliance and implementation frameworks aligned with regulatory requirements. For technology leaders responsible for infrastructure and strategy, the AI Learning Path for CTOs addresses governance, risk frameworks and regulatory compliance.
Your membership also unlocks:
