Nigeria is navigating the complex balance between fostering AI innovation and establishing regulatory guardrails to ensure accountability, safety, and data protection. As artificial intelligence becomes increasingly embedded across finance, healthcare, telecommunications, education, and public governance sectors, the need for a structured legal and regulatory framework has become critical. This comprehensive guide examines the current state of AI regulations in Nigeria, outlines existing laws, draft policies, and provides actionable compliance guidance for organizations preparing for responsible AI adoption.
The Current Legal Landscape for AI Regulations in Nigeria
Nigeria does not yet have a standalone AI Act. Instead, AI governance is currently shaped through a combination of data protection laws, cybercrime legislation, sector-specific regulations, and emerging AI policy instruments. Understanding this patchwork of regulations is essential for any organization developing or deploying AI systems within Nigeria.
Nigeria Data Protection Act (NDPA) 2023 & GAID 2025
The Nigeria Data Protection Act (NDPA) is the most significant law affecting AI regulations in Nigeria. Enacted in 2023, it establishes the Nigeria Data Protection Commission (NDPC) and defines legal obligations for data controllers and processors handling personal data — including data used in AI systems. The General Application and Implementation Directive (GAID) 2025 provides practical enforcement rules for the NDPA.
Key NDPA compliance requirements affecting AI systems include:
- Lawful data processing grounds
- Data subject rights
- Consent mechanisms
- Data Protection Impact Assessments (DPIAs)
- Risk classification for high-impact processing
- Human oversight requirements for automated decisions
Any AI system processing personal data must comply fully with NDPA rules, especially where automated decision-making affects individuals’ rights, finances, employment, or access to services.
Cybercrimes (Prohibition, Prevention, etc.) Act 2015
This Act addresses criminal activity in digital environments, including offenses that could arise from AI misuse. While not specifically targeting AI, the law creates a framework that applies to malicious applications of the technology.
The Cybercrimes Act covers several areas relevant to AI systems:
- Identity theft and fraud
- System interference
- Data manipulation and unauthorized access
- Cyber-enabled financial crimes
- Protection of critical national information infrastructure
AI developers and platform operators are indirectly regulated through this law, especially where AI tools could be weaponized for cybercrime or digital harm.
National Artificial Intelligence Strategy (NAIS)
Nigeria’s National Artificial Intelligence Strategy, developed under NITDA and the National Centre for Artificial Intelligence and Robotics (NCAIR), functions as a policy roadmap rather than enforceable law. Released in 2024, it outlines national priorities for AI development and governance.
The NAIS identifies four broad AI risk categories:
- Economic risks
- Ethical risks
- Societal risks
- AI model risks
While not legally binding, the NAIS shapes the direction of AI regulations in Nigeria and informs future legislation. It emphasizes ethical AI use, skills development, research funding, responsible data practices, and public sector AI integration.
Download Our AI Compliance Checklist
Get our comprehensive guide to navigating Nigeria’s current AI regulatory landscape. This checklist helps businesses identify compliance gaps and prepare for upcoming regulations.
Draft and Emerging AI Regulatory Instruments
Several regulatory instruments are currently under development that will significantly shape the future of AI governance in Nigeria. Organizations should monitor these developments closely to prepare for compliance.
NITDA Draft Code of Practice for Artificial Intelligence
The National Information Technology Development Agency (NITDA) has proposed a draft AI Code of Practice aimed at setting baseline standards for AI development and deployment in Nigeria. Though still under consultation, it introduces key governance principles that will likely become mandatory.
Key elements of the draft code include:
- Transparency and accountability requirements
- Risk-based classification of AI systems
- Human oversight for high-impact AI
- Ethical safeguards and bias mitigation
- Explainability requirements
- Compliance audits and reporting
Once formalized, this code is expected to become a cornerstone document in Nigeria’s AI regulatory ecosystem, particularly for technology companies and AI developers.
Nigeria’s AI Bill
In November 2023, Nigeria took a major step toward formal regulation of artificial intelligence with the introduction of a new bill that would make registration and licensing compulsory for anyone developing or using AI technologies in the country. The proposed legislation, tagged “A Bill for an Act to Ensure Proper Control of Usage of Artificial Intelligence (AI) Technology in Nigeria and for Related Matters, 2023,” was sponsored by Sada Soli and received its first reading at the House of Representatives.
Key provisions of the bill include:
- Mandatory registration and licensing for AI developers and deployers
- Creation of a National Artificial Intelligence Council
- Risk-based classification system for AI technologies
- Ethical use, transparency, and accountability requirements
- Data protection and alignment with existing laws
- Import controls for foreign AI platforms
If passed, this bill would establish Nigeria’s first comprehensive legal and institutional framework for governing AI, setting standards for ethical use, oversight, and accountability.
NCC Draft Internet Code of Practice
The Nigerian Communications Commission has released a Draft Internet Code of Practice which contains provisions addressing AI systems deployed on telecommunications networks and digital platforms. This regulation particularly affects telecom operators, ISPs, and digital platform providers operating AI-driven services.
The draft code includes oversight on:
- AI-powered content moderation
- Algorithmic service delivery
- Consumer protection mechanisms
- Transparency in automated systems
- Data handling practices
Classification of AI Regulations in Nigeria
Passed and Enforceable Laws
- Nigeria Data Protection Act (NDPA) 2023 + GAID 2025
- Cybercrimes Act 2015
- Selected NCC data and network governance regulations
- Copyright Act 2022 (for AI-generated content)
- Federal Competition and Consumer Protection Act 2018
- Nigerian Communication Commission Act 2003
Draft or Under Legislative Consideration
- NITDA Draft AI Code of Practice
- NCC Draft Internet Code of Practice
- National Assembly AI Bill (first reading)
- Updated AI strategy implementation frameworks
- NBA Guidelines for AI use in legal profession
- SEC Rules on Robo-Advisory Services
How AI Regulations in Nigeria Affect Key Economic Players
The regulatory framework for AI in Nigeria has varying implications across different sectors of the economy. Understanding these sector-specific impacts is crucial for compliance planning.
AI Startups & Tech Developers
- Must implement data compliance frameworks
- Required to conduct DPIAs for high-risk models
- Subject to algorithmic accountability requirements
- Need to maintain documentation of AI systems
- May require registration under proposed AI Bill
Financial Institutions & Fintechs
- Stricter controls over automated credit scoring
- Transparency obligations for AI-driven risk decisioning
- Enhanced consumer protection requirements
- SEC Rules on Robo-Advisory Services compliance
- Need human oversight for financial AI systems
Public Sector Agencies
- Mandated to ensure citizens’ rights protection
- Responsible for ethical AI deployment in governance
- Required audit trails and accountability reporting
- Must conduct impact assessments before AI implementation
- Need transparency in public-facing AI systems
Telecoms & Digital Platforms
- Oversight on AI content moderation
- Consumer data protection responsibilities
- Algorithm transparency requirements
- NCC compliance for AI-powered services
- Potential import restrictions on foreign AI tools
Request a Sector-Specific AI Compliance Assessment
Our experts can help evaluate your organization’s AI compliance readiness based on your specific industry requirements in Nigeria.
AI Compliance Checklist for Nigerian Organizations
Organizations deploying AI in Nigeria should implement a comprehensive compliance framework to address current regulations and prepare for upcoming requirements. This checklist provides a starting point for building AI governance.
Governance & Accountability
- Appoint a Data Protection Officer (DPO)
- Establish AI governance leadership
- Maintain documented AI policies
- Define roles and responsibilities
- Create AI incident response plans
Data Management & Legal Basis
- Maintain Records of Processing Activities (ROPA)
- Define consent mechanisms and lawful processing bases
- Secure children’s data with enhanced protections
- Document data sources and processing activities
- Implement data minimization practices
Risk and Impact Assessments
- Conduct DPIAs for automated and high-risk AI systems
- Maintain AI risk registers
- Schedule periodic compliance audits
- Document risk mitigation strategies
- Assess algorithmic bias risks
Transparency & Human Oversight
- Provide explanation pathways for AI decisions
- Implement human-in-the-loop mechanisms
- Create appeal and review channels
- Document AI system capabilities and limitations
- Disclose AI use to affected individuals
Security & Vendor Management
- Use strong cybersecurity protocols
- Execute data processing agreements
- Vet cloud and AI vendors for compliance readiness
- Implement access controls for AI systems
- Conduct security testing of AI applications
Ethics & Bias Mitigation
- Implement fairness testing and bias controls
- Document ethical oversight processes
- Perform regular algorithm quality reviews
- Consider diverse stakeholder perspectives
- Monitor for unintended consequences
What Comes Next for AI Regulations in Nigeria
As AI continues to evolve, Nigeria’s regulatory landscape is expected to develop significantly in the coming years. Organizations should prepare for these anticipated changes to maintain compliance and competitive advantage.
Key regulatory developments on the horizon include:
- A standalone Artificial Intelligence Act
- Mandatory algorithm impact assessment frameworks
- Stronger enforcement via NDPC and sector regulators
- AI certification and licensing regimes
- National AI registration systems for high-risk applications
- Sector-specific AI regulations for healthcare, finance, and education
The regulatory direction suggests movement toward a risk-based AI classification model similar to the EU AI Act, increased transparency requirements, and stricter accountability for harmful AI deployment. Nigeria’s approach is likely to balance innovation support with appropriate safeguards.
International Alignment
Nigeria’s AI regulatory approach is also being shaped by international developments. The country has signed the Bletchley Declaration on AI Safety alongside 28 other nations and is actively participating in global AI governance discussions. This international engagement suggests Nigeria will align aspects of its regulatory framework with global standards while adapting them to local needs.
Regulatory Capacity Building
A significant focus in the coming years will be building regulatory capacity within Nigerian institutions. NITDA, NDPC, NCC, and other agencies are investing in technical expertise and governance frameworks to effectively oversee AI systems. This capacity building will be crucial for the successful implementation of AI regulations.
Why AI Regulations in Nigeria Matter
Proper AI regulations in Nigeria are essential for multiple stakeholders and serve several critical functions in the digital economy.
Benefits of Effective AI Regulation
- Protects citizens’ data and rights
- Encourages responsible innovation
- Builds trust in AI-driven systems
- Prevents misuse and digital harm
- Strengthens Nigeria’s global AI competitiveness
- Creates regulatory certainty for investors
- Promotes ethical AI development
Risks of Inadequate Regulation
- Potential for algorithmic discrimination
- Privacy violations and data misuse
- Lack of accountability for harmful AI
- Regulatory fragmentation across sectors
- Barriers to international AI collaboration
- Erosion of public trust in technology
- Competitive disadvantage in global markets
For businesses operating in Nigeria’s digital economy, proactive compliance with AI regulations is not just about avoiding penalties—it’s about building sustainable, trustworthy AI systems that can compete globally while serving local needs effectively.
Final Thoughts
AI regulations in Nigeria are not static; they are actively developing alongside global technological progress. The country is taking significant steps toward creating a comprehensive framework that balances innovation with protection of rights and values. Businesses, developers, and institutions must proactively align with current legal expectations while preparing for stricter future controls.
As Nigeria continues to position itself as a leader in Africa’s digital economy, its approach to AI governance will play a crucial role in determining how technology shapes the nation’s future. By understanding and engaging with these regulatory developments, stakeholders can help ensure that AI serves as a force for positive transformation in Nigeria.