Introduction

On May 6, 2024, the Central Bank of Nigeria (CBN) issued guidance on implementing the National Cybersecurity Levy. However, following significant concerns from stakeholders, the government suspended this levy on May 17, 2024. As businesses increasingly rely on technology, balancing the benefits and risks of cyber threats becomes critical. This article examines the evolution of the Cybercrimes Act, the legality of the cybersecurity levy, its implementation issues, and the subsequent suspension.

Evolution of the Cybercrimes Act

The Cybercrimes (Prohibition, Prevention, Etc.) Act of 2015 aimed to address the growing concerns of cyber threats by providing a regulatory framework for prohibiting, preventing, detecting, and prosecuting cybercrimes. Key provisions included protecting critical national information infrastructure and establishing a Cybercrime Advisory Council. Section 44 of the Act called for creating a National Cybersecurity Fund (NCF) funded partly by a 0.005% levy on electronic transactions. This fund is overseen by the Office of the National Security Adviser.

In February 2024, the Act was amended to clarify and address gaps, particularly defining the cybersecurity levy as 0.5% (0.005) on all electronic transaction values by specified businesses. These businesses include GSM service providers, internet service providers, banks, financial institutions, insurance companies, and the Nigerian Stock Exchange.

Implementation of the Cybersecurity Levy

Despite the Act being in place since 2015, ambiguities prevented its implementation. The 2024 amendment aimed to resolve these issues, prompting the CBN to issue a circular in May 2024, detailing the levy’s collection and compliance requirements for relevant institutions.

Legality and Constitutionality of the Levy

The levy’s legality has raised significant concerns, particularly regarding its consistency with the Nigerian Constitution. Section 162 of the Constitution mandates that all federal revenues, except specific exemptions, be paid into the Federation Account. However, the levy is directed to the NCF, administered by the National Security Adviser, potentially conflicting with constitutional provisions.

Moreover, the Federal Inland Revenue Service (Establishment) Act (FIRSEA) designates the Federal Inland Revenue Service (FIRS) as the authority for administering federal taxes. Legal precedents, such as Guaranty Trust Bank Plc v. Anambra State Internal Revenue Service, affirm FIRS’s role in revenue collection. Additionally, the Federal High Court in Attorney-General of Rivers State v. Attorney-General of the Federation declared parts of the Nigeria Police Trust Fund Act unconstitutional for similar reasons.

Given these legal considerations, the responsibility for administering the cybersecurity levy should likely fall under the FIRS, ensuring alignment with constitutional mandates and proper revenue recognition.

Context of the Implementation

While the Cybercrimes Act’s objectives are crucial, the timing of the levy’s implementation is problematic. Nigeria’s economic indicators, such as a headline inflation rate of 33.69% in April 2024, reflect challenging economic conditions. The cost of essentials like electricity have risen due to subsidy removals, and the Naira’s depreciation has further increased the cost of goods and services. Introducing the levy now contradicts the government’s efforts to improve the ease of doing business and its stated policy of not introducing new taxes.

Moreover, the Presidential Committee on Fiscal Policy and Tax Reforms aims to harmonize taxes and levies into a single digit list, which the new levy would complicate. Existing taxes, such as Value Added Tax (VAT) and the Electronic Money Transfer Levy (EMTL) from the Finance Act, 2020, already burden electronic transactions. The suspension of the cybersecurity levy is thus a welcome development amid these economic and policy challenges.

Conclusion

The suspension of the cybersecurity levy by the President demonstrates the government’s responsiveness to stakeholder feedback. For businesses to thrive, a stable and predictable policy environment is essential. Consistency in policy implementation fosters this certainty.

Given the importance of cybersecurity, the government may revisit the levy in the future. However, any future implementation should address constitutional concerns about revenue administration and align with Nigeria’s overall fiscal and economic strategies. Ensuring that laws are introduced at appropriate times and are in sync with industry and economic realities is crucial.

Finally, the National Assembly should enhance stakeholder engagement in the legislative process to ensure diverse perspectives are considered. This approach can help prevent issues like those encountered with the cybersecurity levy and promote more effective and broadly supported legislation.

Recommendations for Future Consideration

1. Constitutional Alignment: Any future implementation of the cybersecurity levy should be constitutionally sound. Ensuring that FIRS administers the levy could resolve legal conflicts and provide clarity.
2. Economic Timing: The government should consider the economic environment and business realities before implementing new levies. Policymakers must align new taxes with overall fiscal strategies and economic indicators.
3. Stakeholder Engagement: The National Assembly should broaden consultations with stakeholders when drafting new legislation. Comprehensive stakeholder input can help identify potential issues early and create more effective laws.
4. Streamlined Regulatory Framework: Efforts to harmonize taxes and levies should continue. Simplifying the tax system can reduce administrative burdens on businesses and improve compliance.
5. Gradual Implementation: If reintroduced, the cybersecurity levy could be phased in gradually to allow businesses to adjust. This approach can mitigate immediate economic impacts and provide time for stakeholders to adapt.

By considering these recommendations, Nigeria can better balance the need for cybersecurity funding with the realities of its economic and business environment, ultimately fostering a more secure and prosperous digital economy.

For professional advice on Accountancy, Transfer Pricing, Tax, Assurance, Outsourcing, online accounting support, Company Registration, and CAC matters, please contact Inner Konsult Ltd at www.innerkonsult.com at Lagos, Ogun state Nigeria offices, or www.sunmoladavid.com. You can also reach us via WhatsApp at +2348038460036.