Senator Shehu Umar Buba, Chairman of the Senate Committee on National Security and Intelligence, clarified that the cybersecurity levy introduced by the Central Bank of Nigeria (CBN) targets financial institutions and telecom companies, not individuals or ordinary bank customers.
The levy aims to enhance cybersecurity measures and national security, and the relevant section of the Cybercrime Act clearly specifies the businesses required to pay the levy, including telecom companies, banks, and financial institutions. These organisations have been listed in previous circulars by the Central Bank of Nigeria, especially in 2018. The new circular by the CBN further provided many exemptions.
The senator explained that the amount payable as a cybersecurity levy is either 0.005 or 0.5% arithmetically. The figure in the principal act was 0.005 as a fraction, which was converted to the percentage that became 0.5% in the amendment. Therefore, the statistics in fractions and percentages are the same.
The passage of the amendment bill was a collaborative effort involving the government, industry players, civil society, and academia in the contributions and active participation in the public hearing before and endorsement by the two chambers of the National Assembly. After rigorous processes, President Bola Ahmed Tinubu signed the bill into law in February 2024.
The senator acknowledged the concerns of Nigerians, civil groups, and other stakeholders about the current economic situation, but reassured that implementing the cybersecurity law was not meant to punish citizens. He emphasised that the levy is a collective effort to protect national security and the economy, with the financial burden primarily falling on the specified businesses.
The Cybercrime (Prohibition, Prevention, etc.) (Amendment) Act 2024, which President Tinubu signed into law in February, imposes a 0.5 percent (0.005) levy equivalent to half the value of all electronic transactions by the businesses specified in the Second Schedule of the Act. The levy will be remitted to the National Cybersecurity Fund, which the Office of the National Security Adviser (ONSA) shall administer. The circular announcing the levy also exempted some transactions from the cybercrime levy, including loan disbursements and repayments, salary payments, intra-account transfers, and other financial transactions.
