Licentium

AI Regulation Hub

Nigeria

Nigeria has no horizontal AI Act. Its framework rests on the National AI Strategy, the Nigeria Data Protection Act (with the 2025 General Application and Implementation Directive), digital-economy policy and sectoral regulation.

Key provisions

National AI Strategy

In force

Direction for responsible, ethical and inclusive AI innovation: economic growth, competitiveness, social development, inclusion, cross-sector adoption, responsible AI and effective governance.

Nigeria Data Protection Act + GAID 2025

In force

Where AI processes personal data: fairness, lawfulness, transparency, purpose limitation, minimisation, storage limitation, accuracy, confidentiality, integrity, availability and accountability.

High-risk AI requirements

In force

AI involving profiling, automated recommendations, identity verification, credit scoring, employment screening, healthcare, education, public or consumer services may require lawful-basis analysis, transparency, rights management, security safeguards and DPIA.

Detailed overview

Nigeria does not currently have a single horizontal AI Act. Its AI framework is based on the National AI Strategy, data-protection law, digital-economy policy, sectoral rules and regulatory development.

National AI Strategy

Nigeria's National Artificial Intelligence Strategy sets a national direction for responsible, ethical and inclusive AI innovation. Its goals include economic growth, competitiveness, social development, inclusion, adoption across sectors, responsible AI and effective governance.

The strategy is not itself a licensing regime or a full AI statute. It provides policy direction for AI infrastructure, skills, ecosystem development, research, innovation, responsible use and public-private cooperation.

Nigeria Data Protection Act + GAID 2025

Where AI processes personal data, Nigeria's data-protection framework applies. The Nigeria Data Protection Commission has issued the Nigeria Data Protection Act General Application and Implementation Directive 2025, which explains core data-protection principles such as fairness, lawfulness, transparency, purpose limitation, data minimisation, storage limitation, accuracy, confidentiality, integrity, availability and accountability.

AI systems involving profiling, automated recommendations, identity verification, credit scoring, employment screening, healthcare, education, public services or consumer services may require lawful basis analysis, transparency, data-subject rights management, security safeguards and data-protection impact assessment where risks are high.

Penalties

Nigeria does not currently have one AI-specific penalty table. Penalties arise under the underlying law breached, especially data protection, consumer protection, financial regulation, healthcare regulation, employment law, cybersecurity, telecommunications or criminal law.

Practical requirements & details

Sourced from the National AI Strategy, Nigeria Data Protection Act 2023 + 2025 General Application and Implementation Directive, NITDA guidance, and sectoral rules (CBN, NHIA, SEC, NCC).

NDPA 2023 + GAID 2025 — principles

  • Fairness, lawfulness, transparency; purpose limitation; data minimisation; storage limitation; accuracy; confidentiality, integrity, availability; accountability.

High-risk AI requirements

  • Lawful-basis analysis; transparency; data-subject rights management; security safeguards; DPIAs.
  • Particularly relevant for: profiling, automated recommendations, identity verification, credit scoring, employment screening, healthcare, education, public services.

Data subject rights

  • Information, access, rectification, erasure, restriction, objection, portability.
  • Special rules for automated decisions with legal effect: explanation and human review.

Penalties

  • Data Commission fines: up to NGN 10M or 2% of preceding-year turnover for Data Controllers of Major Importance (DCMI); NGN 2M or 2% for others (whichever is higher).

Sector overlays

  • CBN guidelines on cloud, cybersecurity and AI in banking and fintech.
  • NHIA and NAFDAC on AI-enabled medical devices.
  • SEC on AI in capital-market operations.
  • NCC on AI in telecoms; consumer-protection rules.

Ready to launch without the regulatory guesswork?

Book a 30-minute consultation. We'll map your AI or licensing path and tell you exactly what's required, in plain language.

Get Started