Nigeria's Digital Sovereignty: Analysis of Cybersecurity Legislation, Policies, and Strategies
Polra Victor Falade, Oluwafemi Osho
TL;DR
The paper investigates Nigeria's bid for digital sovereignty through two core instruments: the Cybercrimes Act and the National Cybersecurity Policy and Strategy (NCPS). It adopts a multi-method, triangulated qualitative design—document analysis, secondary studies, expert input, and direct observation—to assess how these instruments function in practice and identify implementation gaps. The analysis finds that while reforms strengthen regulatory capacity, international alignment, and incident-response capabilities, persistent enforcement bottlenecks, definitional ambiguities, and workforce attrition limit tangible sovereignty gains. The study argues that sustained implementation, adequate resourcing, workforce retention, and clearer accountability mechanisms are essential to translate policy ambitions into durable digital security outcomes.
Abstract
This paper examines Nigeria's pursuit of digital sovereignty through two core instruments: the Cybercrimes (Prohibition, Prevention, etc.) Act and the National Cybersecurity Policy and Strategy (NCPS). Despite recent reforms, it remains unclear whether these frameworks effectively secure Nigeria's digital domain and advance its digital sovereignty amid escalating cross-border cyber threats. Using a multi-method, triangulated qualitative design that combines document analysis, secondary analysis of existing studies, expert insights, and direct observation of cybersecurity developments, the paper assesses how these instruments operate in practice. The Cybercrimes Act (2015, amended 2024) and NCPS (2015, revised 2021) have strengthened Nigeria's commitments to tackling cybercrime, regulating digital activities, and protecting critical infrastructure. Yet persistent gaps remain, including legislative ambiguities, weak enforcement, uneven threat prioritization, limited institutional coordination, and loss of skilled professionals. The paper argues that achieving digital sovereignty will require stronger implementation, sustainable resourcing, workforce retention, and clearer accountability mechanisms to translate policy ambition into tangible and durable security outcomes.
