As a result of the above, it has become imperative for companies to adopt proactive and practical risk management strategies aimed at identifying vulnerabilities, strengthening internal controls, and mitigating potential cyber threats. At the heart of these are legal and compliance issues which companies have to comply with in a world of increasing cyber security risks. To effectively manage cyber risks, organizations must first understand the modern forms cyber threats and risks may take. Some of the most prevalent threats include the following:

1. Phishing Attacks: Phishing is one of the most common and dangerous cyber threats to businesses, responsible for many data breaches. It occurs when attackers pretend to be trusted contacts and trick employees into clicking malicious links, downloading harmful files, or revealing sensitive information such as passwords or financial details. Modern phishing attacks are highly sophisticated, including corporate email compromise, where criminals steal the email credentials of executives and send fraudulent payment requests. Because phishing targets human behavior rather than technical systems, it is usually difficult to stop. Businesses can reduce the risk by using email security gateways, post-delivery protection tools, and security awareness training to help employees identify and report suspicious emails.

2. Malware Attacks: Malware refers to harmful software such as viruses and trojans that hackers use to access networks, steal data, or damage systems. It often spreads through infected websites, spam emails, or compromised devices. Small businesses are especially vulnerable because malware can damage devices, cause costly repairs, and expose sensitive business or customer data. To prevent malware attacks, organizations should implement endpoint protection systems and web security tools that block malicious downloads and prevent access to dangerous websites.

3. Ransomware: Ransomware is a cyberattack where hackers encrypt a company’s data and demand payment to restore access. It has become increasingly common because it is highly profitable for cybercriminals. Businesses that are often targeted are the ones that lack strong security systems or reliable backup systems. When important data is locked, organizations may face major operational disruptions and financial losses. To reduce this risk, businesses should install strong endpoint protection across all devices and implement secure cloud backup systems. Reliable backup systems allow companies to recover their data without paying ransom demands.

4. Insecure Passwords: Weak or easily guessed passwords are a major cybersecurity risk for many businesses. Employees often reuse passwords across multiple accounts or create simple passwords that attackers can easily guess. This can allow hackers to gain unauthorized access to sensitive company systems and information. The problem often occurs because employees are unaware of the risks associated with poor password practices. Businesses should use password management tools to generate and store strong passwords securely. In addition, multi-factor authentication (MFA) should be implemented to add an extra layer of security protection.

5. Insider Threats: Insider threats arise from individuals within the organization, such as employees, former staff, contractors, or partners who have access to company systems. These threats may occur intentionally due to malicious motives or unintentionally due to negligence or lack of awareness. Because insiders already have authorized access, they can cause serious data breaches or security incidents. The risk increases when employees have access to systems or information, they do not need for their roles. Businesses can reduce insider threats by promoting cybersecurity awareness, providing regular employee training, and limiting system access based on job responsibilities.

Key Compliance Obligations for Companies in Nigeria.

As cyber threats continue to evolve, several legal and regulatory frameworks impose specific obligations on companies to safeguard digital systems and personal data. To remain compliant and avoid regulatory sanctions, organizations must prioritize the following key compliance obligations.

1. Risk Management Requirements: Nigerian companies must continually evaluate and mitigate risks to ensure that they avoid any potential breaches that may occur from cybersecurity threats and risks. Central Bank of Nigeria (CBN) Guideline on Risk-Based Cybersecurity Framework and Guidelines for Deposit Money Banks and Payment Service Banks, 2024 mandates that Nigerian financial institutions move beyond basic security to a structured, continuous risk lifecycle. Under this guideline, companies must execute these four core risk management activities:
• Risk Identification: Organizations must identify all information assets and the specific threats or vulnerabilities associated with their confidentiality, integrity, and availability.
• Risk Assessment: A formal risk assessment must be conducted at least annually. Also, new assessments are required immediately following major changes, such as mergers, acquisitions, or the deployment of new technology and it also requires that the findings be recorded in a Cybersecurity Risk Control Self-Assessment report.
• Risk Measurement: Institutions are now required to quantify the financial loss and reputational damage that could result from identified cyber risks.
• Risk Mitigation & Treatment: Security measures such as encryption or multi-factor authentication must be implemented in direct proportion to how critical the asset is and based on the assessment, management must explicitly choose to reduce, accept, avoid, or transfer (e.g., through insurance) each identified risk.

2.Registration as a Data Controller / Processor with the NDPC: Pursuant to section 44 of the Nigeria Data Protection Act 2023 (NDPA), organisations that process personal data in Nigeria are required to register with the Nigeria Data Protection Commission (NDPC) as a Data Controller or Data Processor, particularly where they process personal data on a large scale or process sensitive personal data. Registration enables the NDPC to ensure compliance with applicable data protection obligations. Organisations are generally required to provide details of their data processing activities, the categories of personal data processed, and the security measures implemented to protect such data. Failure to register where required may expose organisations to regulatory sanctions and administrative penalties under the NDPA.

3. Conducting Data Protection Impact Assessments (DPIAs): Prior to the commencement of any project or data processing activity in Nigeria, an organization must identify its objectives and determine the necessity of a Data Protection Impact Assessment (DPIA). Under Section 28 of the Nigeria Data Protection Act (NDPA) 2023, a data controller is legally mandated to carry out a DPIA where processing is likely to result in a high risk to the rights and freedoms of data subjects. The NDPA General Application and Implementation Directive (GAID) 2025 clarifies these high-risk circumstances. A DPIA is mandatory when evaluating or scoring (profiling) data subjects, when engaging in automated decision-making with legal or similar significant effects, when conducting systematic monitoring and when sensitive or highly personal data is involved etc. Adherence to Section 28 of the NDPA 2023 and the GAID 2025 is a mandatory prerequisite for high-risk data processing. Failure to conduct a DPIA where required not only invites significant regulatory sanctions from the NDPC but also compromises the organization’s commitment to Data Protection.

4. Appointment of Data Protection Officers: Pursuant to section 32 of the Nigeria Data Protection Act 2023 (NDPA), a data controller of major importance is required to designate a Data Protection Officer (DPO) with expert knowledge of data protection law and practices and the ability to carry out the tasks prescribed under the Act. The Act further provides that a data controller or data processor must ensure that its Data Protection Officer is involved, properly and in a timely manner, in all issues relating to the protection of personal data. The duties of the DPO include informing the organisation and its employees of their legal obligations under applicable data protection laws, overseeing internal data protection policies and audits, and preparing periodic internal compliance reports for management, which may be integrated into the organisation’s Record of Processing Activities (RoPA).

5. Filing of Annual Compliance Audit Returns (CARs): Under the Nigeria Data Protection Act (NDPA) 2023 and the General Application and Implementation Directive (GAID) 2025, data controllers and processors of major importance are required to conduct an annual audit of their data protection practices. It mandates the filing of a Compliance Audit Return (CAR) with the Nigeria Data Protection Commission (NDPC) to demonstrate accountability and transparency, the deadline for this filing is 31st March of each year. The audit must be conducted and the CAR filed through a licensed Data Protection Compliance Organisation (DPCO), which provides an independent verification statement to the Commission. Failure to file the CAR by the prescribed deadline may result in penalty.

6. Breach Notification Obligations: Under Section 40 of the Nigeria Data Protection Act (NDPA) 2023, organizations are strictly required to report personal data breaches to the Nigeria Data Protection Commission (NDPC) within 72 hours of becoming aware of an incident likely to result in a risk to the rights and freedoms of individuals. Where a breach is categorized as high risk, the data controller must also notify the affected data subjects immediately in plain and clear language. The GAID 2025 further clarifies that these notifications must include a description of the breach, the categories of data affected, likely consequences, and the mitigation measures taken.

7. Legal Consequences: Cybersecurity incidents can expose organizations to significant legal, financial, and reputational consequences. Under the Cybercrimes (Prohibition, Prevention, etc.) Act, unauthorized access to computer systems, cyber fraud, identity theft, and related cyber offences attract criminal penalties, including fines and imprisonment for offenders. Organizations that fail to implement adequate safeguards may also face regulatory scrutiny, particularly where their systems are exploited to facilitate cybercrime. In addition, the Nigeria Data Protection Act empowers the Nigeria Data Protection Commission to impose administrative fines and corrective measures on organizations that fail to adequately protect personal data or comply with statutory data protection obligations.

Strategies for Strengthening Cybersecurity Compliance.

To effectively manage regulatory obligations and reduce cybersecurity risks, companies and organisations operating in Nigeria should consider adopting the following strategies:
1. Conduct Regular cybersecurity Risk Assessments: Organizations should carry out periodic cybersecurity risk assessments tailored to their specific operational and technological environment. A structured and tiered risk management approach enables companies to identify vulnerabilities, prioritize the protection of critical assets, and allocate resources efficiently.

2. Develop and Maintain an Incident Response Plan: Companies should establish a comprehensive incident response plan outlining procedures for the detection, containment, investigation, and remediation of cyber incidents. The plan should also include clear protocols for notifying regulatory authorities and affected stakeholders within the timelines required by law.

3. Implement Regular Cybersecurity Training for Employees: Human error remains one of the leading causes of cybersecurity incidents. Regular training programs focusing on phishing awareness, secure data handling, and general cybersecurity best practices can significantly reduce vulnerabilities and promote a culture of security within the organization.

4. Ensure Continuous Compliance Monitoring and Reporting: Organizations should actively monitor developments in cybersecurity regulations and guidelines, both within Nigeria and internationally. Continuous compliance monitoring enables companies to remain aligned with evolving regulatory standards and to respond proactively to emerging legal requirements.

5. Leverage Technology and Automation for Security Management: The use of advanced cybersecurity technologies, including automated monitoring tools and artificial intelligence-driven threat detection systems, can significantly strengthen an organization’s security posture. Automated systems can detect anomalies, flag potential threats, and initiate rapid responses, thereby enhancing both regulatory compliance and operational resilience.

Conclusion

Cybersecurity has become an essential priority for organizations operating in today’s digital economy. As businesses increasingly rely on digital systems for their operations, they must also recognize the growing risks posed by cyber threats such as phishing, ransomware, malware, and insider attacks. These threats not only cause financial and operational disruptions but may also expose companies to regulatory penalties and reputational damage.

In Nigeria, legal frameworks such as the Nigeria Data Protection Act and the Cybercrimes (Prohibition, Prevention, etc.) Act place clear obligations on organizations to safeguard personal data and maintain secure digital systems. Consequently, companies must adopt proactive cybersecurity practices, including risk assessments, employee training, incident response planning, and continuous compliance monitoring. By strengthening internal controls and prioritizing cybersecurity governance, Nigerian organizations can better protect their systems, maintain regulatory compliance, and build long-term trust with customers and stakeholders.

Please note that the contents of this article are for general guidance on the Subject Matter. It is NOT legal advice.

For further information or to see our other service offerings, please visit www.goldsmithsllp.com or contact:

The Nigerian telecommunication sector has continued to experience exponential growth by attracting interests from local and international investors. With a teeming youth population, increase in remote work, online streaming, Nigeria presents immense opportunity for investments in the telecommunication sector especially the provision of internet services.
An Internet Service Provider (ISP) is a company that provides access to the internet through various technologies including fibre-optics, satellite and cable, to individuals and organisations and may also provide other related services such as web hosting, etc.

The Nigerian Communications Commission (NCC) is the regulatory authority with the responsibility of licensing Internet Service Providers in Nigeria. NCC has over the years, issued ISP licenses to some notable internet service providers in Nigeria while ensuring that the Nigerian telecommunication market remains competitive through strict regulations and supervisory oversight of licensed entities. Any entity desirous of providing internet services as an ISP in Nigeria must comply with all the licensing and technical requirements and be issued a license by NCC before it can legally operate in Nigeria.
This article discusses the regulatory requirements and processes for obtaining an Internet Service Provider’s license from the NCC in Nigeria.

Requirements for Obtaining Internet Service Provider’s License

An Internet service provider’s license is an individual license which means that the licensing terms, scope of operation and limitation, obligations, etc. are specific to the service being provided. This is distinct from a class license which has its terms and conditions and the obligations of the licensees common to all the holders. Therefore, to apply for an internet service provider’s license in Nigeria, the applicant must satisfy the conditions for obtaining individual license. These requirements include the following:

1. Company incorporation: The company laws in Nigeria, require that a local company must first be incorporated with the Corporate Affairs Commission (CAC) in Nigeria. There is no minimum share capital requirement for an Internet Service provider’s license, however, where the company has foreign participation, the minimum share capital requirement is N100,000,000 (One Hundred Million Naira) as required by the Federal Ministry of Interior. The corporate documents of the company including the certificate of incorporation, certified true copy of the memorandum and articles of association and status report are required to be submitted to NCC.
2. Tax Registration: Upon incorporation with CAC, the company must be registered with the Federal Inland Revenue Service (FIRS) and obtain its Tax Identification Number (TIN), Tax Clearance Certificate (TCC), etc. which are required to be submitted to NCC for obtaining an ISP license.
3. Security Clearance: An applicant for an ISP license may be required to obtain security clearance from the State Security Service (SSS) for the proposed service and provide NCC with the report on the company and its directors to NCC.
4. The applicant must meet the technical requirements including type approval of telecommunication equipment for operating ISP license as stipulated by NCC.
5. Evidence of sufficient financial resources to provide long-term services to the satisfaction of NCC.
6. Feasibility report of proposed services.
7. Any other document or information that NCC may require from the applicant.

Internet Service Provider’s Licensing Process
Upon satisfying the requirements for obtaining an ISP license, the applicant is required to submit an application to NCC for ISP license, supported by the required documents. The applicant must pay a non-refundable application fee which is 5% of the applicable ISP license fee. Upon the satisfactory review and approval of the application, NCC shall require the payment of the license fee within 30 days. Upon the payment of the license fee, the applicant would therefore be issued with an ISP license authorizing it to provide internet services in Nigeria subject to the terms and conditions stated in the license and compliance with all applicable laws and regulations.

License Validity and Renewal
The internet service providers license is usually valid for 5 years and subject to renewal before the expiration of the license. The application for the renewal of an ISP license must be submitted to NCC at least six months before the expiration of the license. The licensee must also have complied with the terms and conditions of the license including the payment of the annual operating levy to be eligible for the renewal of the license.

Conclusion
Nigerian teeming youth population, growing internet penetration, coupled with increase in remote work and online streaming, presents immense opportunity for investments in its telecommunication sector especially the provision of internet services. ISP license is issued by NCC which is the regulatory authority that regulates the Nigerian telecommunication sector. ISP license allows the provision of internet services through either fibre-optic, satellite or cable to individuals and organisations. Only companies incorporated in Nigeria can apply for ISP license after satisfying other licensing and technical requirements stipulated by NCC. If NCC is satisfied with the application for ISP license, it issues approval to the applicant and requires the payment of the full license fee to be paid within 30 days. Once the applicant pays the license fee, NCC issues the applicant with the license authorising it to provide internet services in Nigeria subject to the terms and conditions of the license and compliance with applicable laws and regulations.

Please note that the contents of this article are for general guidance on the Subject Matter. It is NOT legal advice.

For further information or to see our other service offerings, please visit www.goldsmithsllp.com or contact:

Nigeria’s investment in satellite technology, anchored by the Nigerian Communications Satellite Limited (NIGCOMSAT), sits at the intersection of law, policy, and rapid technological innovation. As a state-owned enterprise mandated to provide satellite communication services, NIGCOMSAT operates within a sophisticated legal and regulatory ecosystem designed to ensure compliance with global norms while positioning Nigeria strategically within the emerging global space economy. For industry stakeholders, legal practitioners, and technology enthusiasts, understanding this framework is essential, as it dictates how satellite services are delivered, how international partnerships are structured, and how the broader technology landscape is governed.

The International Foundation

Nigeria’s involvement in global space governance is rooted in its commitments under the United Nations Committee on the Peaceful Uses of Outer Space (COPUOS). The cornerstone of these commitments is the Outer Space Treaty of 1967, which establishes that outer space is a domain accessible to all nations for peaceful purposes and prohibits national appropriation of celestial bodies. For Nigeria, this treaty carries a significant implication: the assignment of international responsibility for all national space activities, whether conducted by governmental or non-governmental entities.

Beyond the foundational 1967 treaty, Nigeria is a signatory to several other key instruments, including the Rescue Agreement of 1968, the Liability Convention of 1972, and the Registration Convention of 1975. These agreements form a safety net for international space operations, ensuring that states are held liable for damages caused by their space objects and are committed to the rescue of astronauts in distress. This international layer ensures that NIGCOMSAT’s operations, such as the management of the NigComSat-1R satellite, remain consistent with the principles of transparency and liability shared by the global community.

Technical Coordination and Spectrum Management

At the technical level, satellite operations are governed by the International Telecommunication Union (ITU). The ITU manages the two most finite resources in the satellite industry: radio frequency spectrum and orbital slots. Because satellite signals do not respect national borders, coordination is required to prevent “signal interference,” which could disrupt critical communications.

Nigeria participates in this process to secure its orbital slots, that is, the specific positions in geostationary orbit where its satellites reside. This coordination is not merely a technical necessity but a legal safeguard that provides regulatory assurance to commercial partners that satellite services will remain stable and secure from external interference.

The Domestic Regulatory Architecture

At the home front, the primary regulator of the space sector is the National Space Research and Development Agency (NASRDA). Established under the NASRDA Act of 2010, the agency is tasked with the development and regulation of space science and technology in Nigeria.

The regulatory reach of NASRDA has been significantly strengthened by the Regulations on Licensing and Supervision of Space Activities (2015), which became effective in 2021. These regulations introduced a formal licensing regime for all entities operating space objects or conducting space-related activities within Nigerian territory. More recently, the Handbook on Space Regulation and Spectrum Management, 2025 has modernized this framework by introducing three distinct licensing categories:

1. Upstream Licenses: These cover the space segment itself, including Satellite Landing Permits for operations over Nigerian territory and Space Spectrum Access licenses.

2. Midstream Licenses: These involve the processing and management of satellite data, including teleport services, encryption, and network management.

3. Downstream Licenses: These focus on ground-based infrastructure, such as the operation of ground stations, the manufacturing of space objects, and the construction of launch facilities.

The 2025 Handbook also emphasizes stringent financial and safety requirements for operators. Operators are now required to provide an indemnity to the Federal Government and maintain a minimum of $15,000,000 (Fifteen Million USD) in third-party liability insurance to cover potential damages arising from their space activities.

Telecommunications and Commercial Oversight

While NASRDA oversees the space segment of operations, the Nigerian Communications Commission (NCC) regulates the communications segment under the Nigerian Communications Act (NCA), 2003. This dual oversight is particularly relevant for NIGCOMSAT’s commercial activities. The NCC ensures that satellite-based telecommunications services adhere to national standards for quality of service, competition, and consumer protection.

Specific NCC guidelines, such as the Commercial Satellite Communications Guidelines 2018 dictate how foreign and domestic satellite operators can land their signals in Nigeria. This ensures that while Nigeria remains open to global satellite constellations, it maintains the sovereign right to regulate data transit and protect the local digital economy.

Future Outlook and Digital Ambition

Nigeria’s legal and regulatory architecture is the backbone of its long-term digital ambitions. Recent initiatives, such as the “Big Picture” Digital Switchover (DSO), a collaboration between NIGCOMSAT and the National Broadcasting Commission (NBC) demonstrate how this framework supports practical national goals. By pivoting to a satellite-first approach for digital broadcasting, the government aims to provide universal access to information while accelerating the rollout of digital services to underserved regions.

Furthermore, the introduction of a digital portal for license applications under the 2025 Handbook signals a move toward a more transparent and efficient “Space-as-a-Service” model. For innovators and businesses, this structured foundation mitigates international risks and provides the regulatory clarity needed to drive investment in satellite engineering, remote sensing, and the Internet of Things (IoT).

In conclusion, it is important to note that despite the structured evolution of the legal landscape, Nigeria’s space sector has encountered notable setbacks and criticisms, most significantly the 2008 in-orbit failure of the original NigComSat-1 due to power subsystem anomalies and the extended delay in activating the 2015 NASRDA Regulations, which only took effect in 2021. Historical critiques have often focused on perceived inter-agency rivalries between NASRDA and NIGCOMSAT and a lack of private sector engagement, alongside financial hurdles that have left some technical facilities underfunded. However, the 2025 Handbook on Space Regulation and Spectrum Management marks a significant shift toward future growth by introducing a streamlined, tiered licensing system and a digital portal for applications, aimed at transforming the sector into a revenue-generating industry with a projected annual potential of over $200 billion. As NigComSat-1R nears its decommission date in 2028, the government’s strategic move toward full commercialization and the engagement of “gap-filler” partnerships with global operators like Eutelsat and OneWeb underscore a more resilient, market-driven approach to maintaining Nigeria’s orbital presence and regional influence.

Please note that the contents of this article are for general guidance on the Subject Matter. It is NOT legal advice.

For further information or to see our other service offerings, please visit www.goldsmithsllp.com or contact:

2025 was a very exciting year and saw significant changes in Nigeria’s legal and regulatory landscape. Series of laws were enacted by the National Assembly and regulatory guidelines were also issued by regulators including the Central Bank of Nigeria, Federal Competition and Consumer Protection Commission, the Nigerian Communications Commission, etc. There were also some important judicial decisions from the courts in Nigeria which shaped the legal and regulatory space in the country. This recap is divided into four parts representing the four quarters of the year, highlighting what we think are the most impactful laws and regulations, reforms, and judicial decisions in 2025.

1st Quarter (January – March 2025)

The first quarter was significantly marked by the issuance of guidelines and regulations from regulators and key judicial decisions by the courts. The Central Bank of Nigeria issued guidelines to suspend the extension of export proceeds and also announced the approval of the Nigerian Foreign Exchange (FX) Code. Key decisions which shaped the tax landscape and also affirmed the multi-sectoral regulatory authority of the Federal Competition and Consumer Protection Commission 9FCCPC) were delivered by the courts. The Investment and Securities Act, 2025 was also signed into law by the Nigerian President.

• The implementation of the Deduction of Tax at Source (Withholding) Regulations, 2024 began on 1st January 2025 requiring corporate entities, statutory bodies, public authorities, etc. to deduct withholding tax at source from 1st January 2025.
• On 8 January 2025, the Central Bank of Nigeria (CBN) issued a circular on the Suspension of Extension of Exports Proceeds on Behalf of Exporters for the immediate suspension of approvals for the extension of repatriation of export proceeds on behalf of exporters mandating that proceeds for non-oil exports must be repatriated and credited to the exporters’ domiciliary accounts within 180 days and for oil and gas exports, within 90 days from the date of the bill of lading.
• On 11th January 2025, the Presidential Enabling Business Environment Council announced that it would establish commercial courts and Ease of Doing Business Councils across all 36 states and the Federal Capital Territory as part of its effort to improve the country’s business climate.
• On 22nd January 2025, the CBN announced the approval of the Nigerian Foreign Exchange (FX) Code as a guideline to the banking industry to promote ethical conduct of Authorised Dealers in the Nigerian Foreign Exchange Market.
• 0n 24 January 2025, in a circular titled “Waiver of Non-Refundable Annual License Renewal Fee for Existing Bureaux De Change”, the CBN announced the waiver of payment of annual renewal fee for existing bureau de change (BDC) operators due to transition into the new BDC regulatory structure required by CBN.
• On 27 January 2025, the Federal High Court (FHC) in the appeal between Federal Inland Revenue Service v. MTN Nigerian Communications Plc (FHC/L/1A/2024), set aside the judgement of the Tax Appeal Tribunal (TAT) which awarded the sum of $71 million against MTN while declining the reliefs for penalties and interest sought by FIRS. The FHC increased the liability and ordered MTN to pay $87.9 million as penalties and interest.
• On 28 January 2025, the Collective Management Regulations, 2025 was issued by the Nigerian Copyright Commission and repealed the Copyright (Collective Management Organisation) Regulations, 2007. The Regulations provide for the approval and supervision of companies seeking to operate as a Collective Management Organisation (CMO) and their relationships with users and other CMOs, etc. The Regulations impose administrative fines ranging from N200,000 t0 N500,000 for unethical practices and non-compliance with the Regulations. Other sanctions include caution, suspension or disqualification.
• On 3 February 2025, the National Pencom Commission issued the Revised Circular on the Operations of Branch Offices and Service Centres by Licensed Pension Fund Administrators. The circular was issued to give effect to section 72 of the Pension Reform Act, 2014 and provides the metrics for requiring the opening and operation of branches and service centres by Pension Fund Administrators in Nigeria.
• On 7 February 2025, the Federal High Court in Emeka Nnubia v. Minister of Industry, Trade and Investment, Federal Competition and Consumer Protection Commission & Anor in Suit No: FHC/L/CS/1009/2024 affirmed the Federal Competition and Consumer Protection Commission (FCCPC) as the primary regulator for competition and consumer protection issues in all sectors in Nigeria including the telecommunications sector.
• On 12 February 2025, the Federal Ministry of Interior issued a circular on the Review of Approving Authority for Expatriate Quota and Citizenship Applications. The review was done to enhance transparency and accountability in the administration of Expatriate Quota and Citizenship applications.
• On 4 March 2025, the first Mobile Virtual Network Operator (MVNO) to be licensed by the Nigerian Communications Commission (NCC) launched and commenced operations in Nigeria.
• On 13 March 2025, the Court of Appeal in Kuda Microfinance Bank Ltd v. Amarachi Kenneth Blessing (CA/EK/48/2024) held that a bank may lawfully restrict a customer’s account upon receiving reports of fraudulent or suspicious activity without the need to first obtain a court order.
• On 20 March 2025, the Nigeria Data Protection Commission issued the Nigeria Data Protection Act General Application and Implementation Directive, 2025 (hereinafter “the GAID). The GAID was issued to provide clarity and practical guidance on the implementation of the NDPA. It repealed the Nigeria Data Protection Regulation, 2019 and the Nigeria Data Protection Regulation Implementation Framework, 2020.
• On 29 March 2025, the Nigerian President, signed the Investment and Securities Act, 2025 into law. The Act repealed the Investment and Securities Act, 2007 and it is aimed at strengthening the legal and regulatory framework for investments and capital market activities in Nigeria. The Act classified exchanges into composite and non-composite exchanges and also legally recognised virtual assets bringing an end to the uncertainty concerning transacting virtual assets in Nigeria.

2nd Quarter (April – June 2025)

The second quarter saw a lot of regulatory actions from regulators in the exercise of their regulatory powers and functions. Laws were also enacted in this quarter. The Securities and Exchange Commission issued a circular on the transmutation of executive directors and the Nigerian Immigration Service (NIS) issued guidelines for the purpose of implementing e-visa system, automated landing and exit cards in Nigeria. Four Nigerian tax laws were enacted to unify tax laws and revolutionize tax collections and enforcement in Nigeria.

• On 6 April 2025, the Registrar General of the Corporate Affairs Commission, announced the launch of an AI-driven Intelligent Company Registration Portal (ICRP) to revolutionize business registration in Nigeria and improve ease of doing business in Nigeria.
• On 25 April 2025, the Competition and Consumer Protection Tribunal upheld the $220 million penalty imposed on Meta platforms Incorporated (Facebook and WhatsApp) by the Federal Competition and Consumer Protection Commission (FCCPC) for data discriminatory practices in Nigeria and ordered for the payment of $35,000 as reimbursement for FCCPC’s investigation expenses. Part of the orders made by the Tribunal against Meta Platforms Incorporated include to immediately reinstate the rights of Nigerian users to determine how their data is shared and submit a compliance letter by 1 July 2025.
• On 2 May 2025, the Nigerian Immigration Service released the Guidelines for the Implementation of the e-Visa Application System and Automated Landing and Exit Cards. The Guidelines introduced e-visa which replaced visa on arrival. The e-visa application system also introduced thirteen (13) short-visit visa categories for eligible foreign travellers and imposed penalties for overstaying visas effective from 1 September 2025. Electronic landing and exit cards were also introduced to replace the manual processes of embarking and disembarking travellers.
• On 29 May 2025, the Nigerian President approved the establishment of the National Credit Guarantee Company Limited (NCGC) and the appointment of its board and management team. The NCGC is backed with an initial capital of N100 billion for the purpose of expanding access to finance for Micro, Small and Medium Enterprises (MSMEs), manufacturers, large businesses, etc. across Nigeria.
• On 11 June 2025, the Lagos State Electricity Regulatory Commission (LASERC) issued Order No. LASERC ORDER/001/2025 establishing the regulatory framework for electricity market operations within Lagos State. The issuance of the Order marked the conclusion of the transition for transfer of regulatory oversight from Nigerian Electricity Regulatory Commission to LASERC. The Order requires individuals and entities to obtain licenses from LASERC to legally undertake regulated electricity activities within Lagos State.
• On 17 June 2025, the Corporate Affairs Commission (CAC) announced the review of its service fees effective from 1 August 2025. The fees for company incorporation and post-incorporation services were therefore reviewed upward. The implementation date was also subsequently postponed to 1 October 2025.
• On 19 June 2025, the Securities and Exchange Commission (SEC) issued the Circular to All Public Companies and Capital Market Operators on the Transmutation of Independent Non-Executive Directors and Tenure of Directors. SEC directed the immediate discontinuance of the transmutation of Independent Non-Executive Directors (INEDS) into Executive Directors within the same company or its group structure by public companies and significant capital market operator. SEC also introduced a 3-year cool off period for Chief Executive Officer or Executive Director upon stepping down from a company before being eligible for appointment as Chairman.
• On 26 June 2025, the Nigeria President signed four tax reform bills into law. The four laws are: the Nigeria Tax Act 2025, the Nigeria Tax Administration Act 2025, the Nigeria Revenue Service (Establishment) Act 2025, and the Joint Revenue Board (Establishment) Act 2025. The Acts repeals certain tax laws and also reduced the multiplicity of taxes with the aim harmonising tax collection and enhancing the ease of doing business in Nigeria.
• On 30 June 2025, the Nigerian President ordered the temporary suspension of the implementation of the Financial Reporting Council (Amendment) Act, 2023 which imposed new annual dues on large private companies classified as Public Interest Entities.

3rd Quarter (July – September 2025)

The third quarter was also significantly marked by regulatory actions through issuance of Guidelines and regulations. Sanctions and penalties were also imposed for regulatory breaches. The Federal Inland Revenue Service (FIRS) announced the discontinuance of the issuance of tax exemption certificates. The Nigerian Communications Commission issued a license framework for licensing and regulating international Application to Person (A2P) messaging in Nigeria.

• On 6 July 2025, the Nigeria Data Protection Commission (NDPC) imposed a fine of N766,242,500 on Multichoice Nigeria who are the owners of DSTV for breaching the Nigerian Data Protection Act through unlawful cross-border data transfers and violation of Nigerian data subjects’ personal data.
• On 8 July 2025, the Nigerian Communications Commission (NCC) issued the License Framework for International Application to Person (A2P) Messaging in Nigeria. The framework was issued by NCC in a move to regulate Application to Person services in Nigeria through the introduction of the International A2P Messaging Aggregator License.
• On 25 July 2025, the Federal Competition and Consumer Protection Commission (FCCPC) issued the Digital, Electronic, Online or Non-Traditional Consumer Lending Regulations, 2025. The regulations provide for the registration of digital and traditional money lenders with the exception of licensed microfinance banks. It also imposes obligations including filing of bi-annual and annual reports, etc. on money lenders with sanctions and penalties provided for the breach of any of the provisions of the Guidelines.
• On 29 July 2025, the Federal Inland Revenue Service (FIRS) in a public notice announced the discontinuance of issuance of tax exemption certificates to all taxpayers including pioneer status companies, non-governmental organisations and free zone entities. Subsisting tax exemption certificates would not be renewed by the FIRS.
• On 30 July 2025, the National Insurance Commission (NAICOM) issued the Guidelines for Insurtech Operations in Nigeria. The Guidelines became operational on 1 August 2025 providing a regulatory framework for the safe and responsible deployment of Insurtech solutions by licensed insurance operators. The Guidelines provide the minimum capital requirements for Insurtech operators as well as the permissible and non-permissible activities.
• On 5 August 2025, the Nigerian President, signed the Nigerian Insurance Industry Reform Act, 2025 into law. The Act repealed the Insurance Act 2003 and consolidated several insurance laws including the Marine Insurance Act, Motor Vehicles (Third Party Insurance) Act, etc. into a unified and streamlined legal framework for the insurance industry. It also revised the minimum capital requirements for insurance companies across various insurance categories to reflect a risk-based capital approach in alignment with current international standards and practices.
• On 6 August 2025, NCC announced the release of the Guidelines on Corporate Governance, 2025. The Guidelines are applicable to all communication companies in Nigeria and provides for the composition of the board of directors, board committees and appointment processes, etc.
• On 16 September 2025, the Central Bank of Nigeria (CBN) issued a circular on the Appointment and Announcement of Successors to Managing Director. The CBN requires Payment Service Banks (PSBs) to obtain the regulatory approval of the CBN of the successor of a Managing Director (MD/CEO) no later than six months to the expiration of the tenure of the incumbent MD/CEO.
• On 18 September 2025, the Federal Government issued a directive mandating all mining and quarrying companies licensed since 2024 to finalize their Community Development Agreements with host communities before 31 December 2025.
• On 21 September 2025, the Minister of Solid Minerals Development announced the revocation of 1,263 mineral licenses in Nigeria following failure by the licensees to comply with the mandatory payment of their annual service fees.
• On 29 September 2025, the National Pension Commission (PENCOM) issued a circular which reviewed the minimum capital requirement for Pension Fund Administrators (PFAs) and Pension Fund Custodians (PFCs). The circular directs PFAs to increase their capital base to 20 million Naira from 5 million Naira while PFCs are to increase their capital base to 25 billion Naira from 2 billion Naira.

4th Quarter (October – December 2025)

Key regulatory activities especially in the Nigerian financial services and oil and gas sectors occurred in the fourth quarter. The Central Bank of Nigeria (CBN) issued guidelines to regulate agent banking activities in Nigeria. A draft Guidelines for handling Authorized Push Payment Fraud was also issued by CBN to preserve the integrity of Nigerian payment system. The Nigerian Investment Promotion Commission also put a stop to applications for Pioneer Status Incentive in view of the Economic Development Tax Incentive (EDTI) to commence from 1 January 2026.

• On 6 October 2025, the Central Bank of Nigeria (CBN) issued the Guidelines for the Operation of Agent Banking in Nigeria. The Guidelines provides for the permissible and non-permissible agent banking activities, appointment of agents, agent qualification and due diligence requirements, rules on agents’ locations and geo-tagging of agents’ devices, etc.
• On 9 October 2025, CBN issued the Exposure Draft Guidelines on the Operations of Automated Teller Machines (ATMs) in Nigeria to provide additional guidance on the operation of ATMs and provide clarity of security requirements of ATMs, resolution of failed transactions, etc.
• On 10 November 2025, the Nigerian House of Representatives ad hoc committee on the economic, regulatory and security implications of cryptocurrency adoptions and Point of Sale Operations discussed the opportunities, challenges and future of Nigeria’s digital finance ecosystem with cryptocurrency operators and digital asset innovators.
• With effect from 10 November 2025, the Nigerian Investment Promotion Commission (NIPC) stopped receiving applications for Pioneer Status Incentive in a bid to fully transition to the new Economic Development Tax Incentive (EDTI) scheme which will take effect from 1 January 2025.
• On 13 November 2025, the Nigerian Midstream and Downstream Petroleum Regulatory Authority (NMDPRA) announced the suspension of the proposed 15 percent import duty on Premium Motor Spirit (PMS) and Automotive Gas Oil (AGO) which was initially approved by the President and announced by the NMDPRA on 21 October 2025.
• On 26 November 2025, the Securities and Exchange Commission (SEC) directed all capital market operators to state their compliance level and ensure that all tradable instruments are registered in line with the newly enacted Investments and Securities Act, 2025 no later than January 2026.
• On 26 November 2025, CBN issued the Draft Guidelines for Handling Authorised Push Payment Fraud. The draft Guidelines provides for reporting APP fraud, resolution and reimbursement and the roles of financial institutions in preventing, detecting and mitigating APP fraud. The Guidelines also mandates financial institutions to have an APP Fraud Policy and implemented by the Boards of financial institutions.
• On 28 November 2025, the Nigeria President approved the establishment of the National Tax Policy Implementation Committee to oversee the implementation of Nigeria’s newly enacted tax laws which would take effect from 1 January 2025.
• On 1 December 2025, the Nigerian Upstream Petroleum Regulatory Commission (NUPRC) launched the 2025 oil licensing round through digital bids of the 50 oil and gas blocks approved for bidding. The oil licensing round is expected to deepen investment in the Nigerian upstream sector.
• On 10 December 2025, the Joint Revenue Board (formerly Joint Tax Board) placed a nationwide ban on road taxes, levies and related charges in a bid to sanitize Nigeria’s tax administration and improve the ease of doing business.

Conclusion

2025 has been a remarkable year of significant changes and reforms in Nigeria’s legal and regulatory landscape. Key regulatory guidelines and regulations were introduced by regulators including the Central Bank of Nigeria, the Federal Competition and Consumer Protection Commission, the Nigeria Data Protection Commission, etc. The CBN introduced the guidelines for agent banking to regulate agent banking activities. The CBN guidelines for handling APP fraud was also issued to preserve the integrity of the financial services sector. The Nigerian tax landscape was also reshaped with the enactment of four new tax laws which repealed some existing tax laws and consolidated several tax laws. The Investments and Securities Act, 2025 ushered in a new regime for the recognition of virtual assets. Key judicial pronouncements were also made by the courts. The Competition and Consumer Protection Tribunal imposed fines on Meta Platforms incorporated for violating the Nigeria Data Protection Act and unlawful cross-border transfer of data of Nigerian data subjects. The Court of Appeal also delivered a judgement authorizing financial institutions to freeze customers’ bank accounts on suspicion of fraudulent activities without the need to first obtain a court order.

As we approach the new year, we extend our sincere gratitude to all our clients for their continued trust in us and wish you a Merry Christmas and a prosperous New Year 2026.

Please note that the contents of this Article are for general guidance on the Subject Matter. It is NOT legal advice.

For further information or to see our other service offerings, please visit www.goldsmithsllp.com or contact:

Arbitration is a process where parties to a dispute agree to submit their dispute to one or more neutral third parties, known as arbitrators, who render a binding decision on the matter. This method is distinct from other ADR forms, such as mediation or conciliation, in that the arbitrator’s decision is typically final and enforceable, similar to a court judgment. The consensual nature of this approach allows parties to tailor the process to their specific needs, selecting arbitrators with relevant expertise and determining procedural rules that best suit the context of their dispute.

The advantages of using Alternative Dispute Resolution in Commercial disputes provides confidentiality, expertise, flexibility and autonomy, enforceability, cost and time efficiency.

Regulatory Framework in Nigeria.

Nigeria has established a comprehensive regulatory framework for private dispute resolution, notably through the Arbitration and Mediation Act 2023 (the Act). This legislation modernizes and consolidates the country’s approach to alternative dispute resolution, aligning it with international standards and best practices.

Key Features of the Arbitration and Mediation Act 2023:

1. Unified Legal Framework: The Act creates a unified pathway for resolving conflicts via private mechanisms, promoting fair and efficient outcomes in commercial matters.
2. Mandatory Stay of Court Proceedings: Courts are now mandated to halt proceedings and refer parties to dispute resolution when a valid agreement exists, unless the agreement is deemed void, inoperative, or incapable of being performed.
3. Third-Party Funding: The Act explicitly permits third-party funding, addressing previous uncertainties and enhancing access to justice. This arrangement involves a funder who has no prior interest in an investment or commercial dispute, providing financial support to one of the parties engaged in the dispute resolution, in return for a share of the eventual proceeds of the award, if any.
4. Award Review Tribunal: This innovative provision allows parties to opt for an Award Review Tribunal to review arbitral awards, providing an additional layer of scrutiny before resorting to court intervention.
5. Interim Measures: The Act empowers both arbitral tribunals and national courts to grant interim relief to protect parties’ interests during dispute resolution. Interim measures issued by arbitral tribunals are enforceable by the courts, strengthening the process’s effectiveness. Examples of Interim measures include injunctions, security for costs, preservation of assets.
6. Arbitrator Immunity: The Act grants immunity to arbitrators, appointing authorities, and arbitral institutions, except in cases of bad faith, promoting impartiality and independence.
7. Electronic Communications: Agreements can now be validly made through electronic communications, broadening the scope of acceptable forms for such agreements.

These provisions collectively enhance Nigeria’s alternative dispute resolution landscape, making it more attractive for both domestic and international commercial disputes. The Act’s alignment with global standards underscores Nigeria’s commitment to providing a robust and efficient dispute resolution mechanism.

Reasons Why Parties Should Choose Arbitration

This method offers several compelling advantages over traditional litigation, making it an attractive option for resolving commercial disputes:

1. Confidentiality: Proceedings are conducted in private, ensuring that sensitive business information remains confidential. This privacy helps protect trade secrets and maintain reputations.
2. Expertise of Arbitrators: Parties can select arbitrators with specialized knowledge relevant to their industry or the specific issues at hand, leading to more informed and appropriate decisions.
3. Flexibility and Control: The process can be customized to fit the parties’ preferences, ranging from the procedural rules and timelines to the venue of hearings.
4. Enforceability of Awards: Arbitral awards are generally easier to enforce internationally compared to court judgments. Nigeria is a signatory to the New York Convention on the Recognition and Enforcement of Foreign Arbitral Awards, which means that awards obtained abroad can be enforced in Nigeria.
5. Cost and Time Efficiency: This mechanism is often quicker and less expensive than court litigation. . The streamlined procedures and limited discovery processes often result in faster resolutions, reducing legal fees and associated costs. For example, a typical court case in Nigeria can take 4 to 10 years to conclude, depending on the complexity of the case and the jurisdiction, with some cases taking even longer.
6. Neutral Forum: In international disputes, it offers a neutral venue, which can alleviate concerns about potential biases in a foreign court system. This neutrality fosters fairness and can be pivotal in disputes involving parties from different countries.

The Arbitration Process in Nigeria

To effectively utilize this method of dispute resolution, it’s essential for parties to include clear and comprehensive dispute resolution clauses in their commercial agreements. These clauses serve as a mutual commitment to resolve potential disputes handle potential disagreements outside the courtroom.

The process typically unfolds in the following stages:

1. Commencement: The process begins when a party submits a “Notice of Arbitration” or “Demand for Arbitration,” outlining the dispute and the relief sought. This notice is sent to the opposing party and where applicable, to the designated dispute resolution institution.
2. Selection of Arbitrator(s): Depending on the clause in the agreement, parties select one or more arbitrators based on criteria such as expertise, neutrality, and availability. Selection can be by mutual consent or through institutions such as the Nigerian Institute of Chartered Arbitrators (NICArb), Lagos Court of Arbitration, International Centre for Arbitration and ADR, Maritime Arbitrators Association of Nigeria, or the Lagos Chamber of Commerce International Arbitration Centre. etc.
3. Preliminary Hearing and Scheduling: Once appointed, the arbitrator(s) conduct a preliminary hearing to discuss procedural matters, including timelines, discovery processes, and the scheduling of hearings. This stage ensures that both parties understand the procedures and have an opportunity to present their case adequately.
4. Exchange of Information (Discovery): Parties exchange relevant documents and information pertinent to the dispute. Although this stage is usually more concise than in court proceedings, it still allows for meaningful disclosure to support the hearing.
5. Hearing: During the hearing, both parties present their evidence and argument through their skilled lawyers. This may include witness testimonies, expert reports, and documentary evidence. Hearings can be conducted in person, via video conference, or through written submissions, depending on the agreement and circumstances.
6. Deliberation and Award: After the hearing, the arbitrator(s) deliberate and issue a written decision, known as an award. This award is binding on the parties and enforceable in courts, subject to limited grounds for challenge.

Throughout the dispute resolution process, parties maintain control over various aspects, such as selecting arbitrators and tailoring procedures to fit the specific needs of their dispute. This flexibility, combined with the binding nature of arbitral awards, makes this method a valuable tool for resolving commercial disputes efficiently and effectively.

Parties’ Role in the Arbitration Process

In resolving disputes outside the courtroom, the disputing parties play a central and proactive role, exercising significant control over various aspects of the process. Their key responsibilities and rights include:

1. Initiating the Process: A party seeking to begin proceedings must file a “Notice of Arbitration” or “Demand for Arbitration,” formally initiating the proceedings and outlining the dispute and desired remedies.
2. Selecting Arbitrators: Parties have the autonomy to choose arbitrators with relevant expertise and impartiality, ensuring a knowledgeable and unbiased tribunal.
3. Determining Procedural Rules: Through mutual agreement, parties can establish the rules governing the proceedings, including timelines, confidentiality measures, and specific procedures, tailoring the process to their specific needs.
4. Presenting Evidence and Arguments: Parties through their lawyers are responsible for presenting their case, including submitting evidence, calling witnesses, and making legal arguments to support their positions.
5. Maintaining Confidentiality: Given that this form of dispute resolution is a private process, parties are expected to uphold the confidentiality of the proceedings, safeguarding sensitive information and the integrity of the process.
6. Complying with the Arbitral Award: Once a decision is rendered, parties are obligated to adhere to the terms of the arbitral award, which is binding and enforceable. It can be contested on specific grounds including misconduct, fraud or error in judgement.

By actively engaging in these roles, parties can ensure a fair, efficient, and tailored resolution to their commercial disputes.

Contract Clauses and Pending Court Proceedings

When a commercial contract includes an alternative dispute resolution clause specifying that disputes should be resolved through a private adjudication process, and a party initiates court proceedings instead, the legal framework provides mechanisms to address this situation.

Under the Arbitration and Mediation Act 2023 (AMA), if a lawsuit is filed concerning a matter covered by such an agreement, the defendant can request the court to refer the parties to the agreed procedure. Section 5(1) of the AMA mandates that courts must redirect the matter unless the agreement is found to be “null and void, inoperative, or incapable of being performed.” This provision underscores the judiciary’s commitment to upholding parties’ agreements to arbitrate disputes.

To enforce the private dispute resolution clause, the defendant should promptly file an application for a stay of proceedings before submitting any pleadings or taking further steps in the court process. Timeliness is crucial; any delay or participation in the court proceedings may be interpreted as a waiver of the right to arbitrate. The court, upon receiving such an application, is obligated to halt its proceedings and direct the parties to follow the agreed path,  provided the agreement is valid and applicable to the dispute at hand.

The enactment of the AMA has further solidified the legal framework supporting private dispute resolution in Nigeria. By aligning with international standards, the AMA enhances the enforceability of such agreements and awards, providing parties with greater confidence in choosing this method as their preferred dispute resolution mechanism.

Conclusion

Arbitration plays a crucial role in resolving commercial disputes by offering parties a flexible, efficient, and enforceable alternative to litigation. As an ADR mechanism, it provides confidentiality, expert decision-making, international enforceability and cost-effectiveness, making it a preferred choice for businesses seeking to protect their commercial interests.

By including well-drafted dispute resolution clauses in commercial agreements, parties can ensure that disputes are resolved in a structured manner, avoiding the delays, costs and uncertainties of court litigation.

Please note that the contents of this article are for general guidance on the Subject Matter. It is NOT legal advice.

For further information or to see our other service offerings, please visit www.goldsmithsllp.com  or contact:

With the expansion of internet penetration in Nigeria, telemedicine has become an emerging business in Nigeria and has begun to experience significant growth. This is partly driven by the increasing need for accessible healthcare, the advancement of technology, the outbreak of Covid-19 which resulted into limited physical consultations with healthcare providers and the mass exodus of health care professionals from Nigeria in the last few years. Telemedicine also provides accessibility and thereby bridges the gap in healthcare access, especially in rural and underserved areas where medical facilities and professionals are scarce. Recently, there has been an increased interest in telemedicine business from both local and foreign players in that space.

Presently, there is no single substantive law regulating the operation of telemedicine in Nigeria. However, the operation of a telemedicine business is subject to the specific requirements of certain laws which include the Companies and Allied Matters Act, 2020 (CAMA), Nigeria Data Protection Act, 2023, Medical and Dental Practitioners Act, 1988, the National Health Act 2014, Pharmacists Council of Nigeria (Establishment) Act, 2022, Nursing and Midwifery (Registrations, etc.) Act, 1979, Constitution of the Federal Republic of Nigeria, 1999, etc.

This article highlights the regulatory requirements necessary for the operation of telemedicine business in Nigeria.

Regulatory Requirements

Although there is no specific law regulating telemedicine in Nigeria, telemedicine is not unregulated. There are certain regulatory requirements which broadly apply to the operation of a telemedicine (business) in Nigeria. These requirements include:

1. Company incorporation: One of the requirements for the operation of any business in Nigeria, is the incorporation of a local company as required by the CAMA. Thus, to operate a telemedicine business in Nigeria, a local company has to be incorporated with the Corporate Affairs Commission (CAC).
   There are different share capital requirements which apply depending on whether the business is locally or foreign owned. In addition to incorporating a local company, a company with foreign participation is also required to be registered with the Nigerian Investment Promotion Commission (NIPC) and also obtain a business permit from the Federal Ministry of Interior.

2. Registrations and Licensing: Healthcare providers must possess the necessary qualifications, professional licenses and registrations to provide healthcare services to patients in Nigeria.
   These registrations and licenses are provided by the Medical and Dental Practitioners Act, 1988, Nursing and Midwifery (Registrations, etc.) Act, 1979 and the Pharmacists Council of Nigeria (Establishment) Act, 2022.
   Depending on the model of operation, it may also be necessary to obtain certain licenses/registrations from the Federal Ministry of Health, National Agency for Food and Drug s Administration and Control (NAFDAC), etc.

In Lagos state, health facilities including telemedicine are to be registered with the Health Facility Monitoring and Accreditation Agency (HEFAMAA) pursuant to the Lagos State Health Sector Reform Law, 2006 with the registration renewable annually. 

3. Data Privacy and Protection: The Nigerian Constitution, 1999 guarantees and protects the privacy of citizens and to that extent, the Nigeria Data Protection Act, 2023 (NDPA) which amplifies the constitutionally guaranteed right to privacy, is the regulatory framework applicable to the collection, processing and storage of (patients’) data.
   Telemedicine providers are required to process patients’ data in accordance with the requirements of the NDPA. The NDPA regulates the cross-border transfer of patients’ data and also provides for security measures to be adopted by telemedicine businesses to ensure the security and protection of patients’ data.

The NDPA also provides for the obligation to register as a data processor/controller. Since telemedicine businesses collect and process patients’ data including health records, they are required to register with the Nigeria Data Protection Commission (NDPC) as data controller/processor.

4. Technology Transfer: The National Office for Technology Acquisition and Promotion Act 1979 (NOTAP Act) regulates the transfer and acquisition of foreign technology by companies in Nigeria by making the contracts and agreements to transfer technology registrable with NOTAP. Invariably, the transfer of foreign healthcare technologies such as patents to a telemedicine company would be subject to registration with NOTAP.

5. Confidentiality: Patients’ health information is to be obtained and held confidentially by telemedicine providers without disclosing it or allowing access to it by unauthorized third parties as required by the National Health Act, 2014.
   Thus, there is an obligation to put in place measures to ensure that unauthorized persons do not have access to the medical information and health records of patients. Failure to comply attracts sanctions which include monetary penalties and terms of imprisonment.

Other Legal Considerations

To ensure seamless operation in Nigeria, telemedicine operators should pay particular attention to the following:

1. Records System: It is required as a matter of best practice and in line with the requirements of applicable laws and regulations for telemedicine providers to develop and maintain a robust records system for the management of the health records of patients.
   These records enable the providers to easily keep records of consultations, diagnoses, prescriptions, hospital referrals, etc. provided to patients.
2. Privacy policy: Developing a privacy policy which elaborately provides for the essence of the collection and retention of patients’ information and health records. The privacy policy should be in compliance with the requirements of the Nigerian Data Protection Act, 2023 and its subsidiary regulations.
3. Data Security: Telemedicine operators should have a robust data security system capable of protecting the information and health records of patients from data breaches and violations. Some of the data security measures that could be adopted include anonymisation, pseudonymisation, encryption, etc. which ensures the integrity and protection of patients’ sensitive information and health records.
4. Licence Renewals: Attention must be paid to licenses and registrations renewal deadlines to ensure that providers continuously comply with legal requirements regarding renewal of licences. It is very important that health practitioners including doctors, nurses and pharmacists’ licenses and registrations are up to date.
5. Regulatory Filings: Appropriate returns should be filed with the relevant regulatory authorities to ensure continuous regulatory compliance. Company annual returns should be filed with the Corporate Affairs Commission (CAC) as at when due to avoid the payment of penalties. There is also the obligation to conduct and file data impact assessment reports with the Nigerian Data Protection Commission (NDPC) relating to processing of data that may pose high risk to the confidentiality of patients’ data.
6. Tax Returns: Telemedicine companies are required to pay tax and file tax returns with the Federal Inland Revenue Service (FIRS). In particular, telemedicine companies are obliged to pay companies income tax (CIT) on their profits and file their returns with the FIRS usually within six months from the end of their financial year.

Conclusion

Driven by the increasing need for accessible healthcare, the advancement of technology and the mass exodus of healthcare professionals from Nigeria in the last few years, there has been a marked increase in the provision of telemedicine in Nigeria.

The operation of a telemedicine business in Nigeria is regulated by various laws relating to the incorporation of businesses, licensing and registrations, data processing and protection, confidentiality, etc. Telemedicine providers must ensure that their healthcare professionals’ licenses and registrations are up to date in compliance with applicable laws and regulations. Contracts and agreements for the transfer of healthcare technologies are required to be registered with NOTAP.

Telemedicine providers are to ensure compliance with applicable laws and regulations relating to data security, regulatory and tax filings with the CAC, NDPC and FIRS, license and registrations renewals and keeping and maintaining robust health record systems that guarantees the confidentiality of patients.

Please note that the contents of this Article are for general guidance on the Subject Matter. It is NOT legal advice.

For further information or to see our other service offerings, please visit www.goldsmithsllp.com  or contact:

The most recent attempt prior to this Act, was the Fifth Alteration (No. 33) Bill 2022 (The Electricity Constitutional Amendment), which was signed in the last days of the previous administration and altered the Constitution of the Federal Republic of Nigeria to empower states to enact laws with respect to the generation, transmission, and distribution of electricity in areas covered by the national grid system within their state.

Overview

The Electricity Act 2023 repeals the Electric Sector Reform Act, 2005. The primary objective of the Act is  to provide a comprehensive legal and institutional framework to guide the operation of a privatized, contract and rule-based competitive electricity market in Nigeria, and to attract private sector investments in the entire power value chain of the Nigerian Electricity Supply Industry (NESI).

Applicability of the Act: The Act applies throughout the country with respect to all aspects and segments of the power sector value chain in Nigeria, but nothing in the Act invalidates any law passed by the House of Assembly of any state with respect to all aspects of generation, transmission, system operation, distribution, supply, and retail of electricity within the state. What this means is that states still have the liberty to enact laws through their state Houses of Assembly to regulate state electricity market, create power stations for generation of electricity for supply, transmission and distribution to rural unserved and underserved areas.

Creation of Integrated National Electricity Policy and Strategic Implementation Plan: To further guide the overall development of the electric power sector in Nigeria for optimal utilization of resources like coal, natural gas, nuclear substance, and materials, as well as renewable energy sources for the generation, transmission and distribution of electricity, the Act mandates the Federal Government to create an Integrated National Electricity Policy and Strategic Implementation Plan. This new strategic policy implementation plan is to be initiated through the ministry in charge of power, within one year of the commencement of the Act upon approval of the Federal Executive Council (FEC) and may be reviewed periodically but not later than every five years.

Validity of the pre-privatization and post-privatization of the Nigerian Electricity Supply Industry (NESI): The Act recognizes the validity of the pre-privatization and post-privatization of the Nigerian Electricity Supply Industry (NESI) which resulted in the unbundling of the defunct National Electric Power Authority (NEPA), into 18 distinct Power generation, transmission, and distribution companies, which emerged from the Power Holding Company of Nigeria (PHCN) which was the initial holding company. The Act also provides for the regulation and supervision of competition in the substantially privatized electricity market, by ensuring that the federal minister in charge of power exercise supervisory powers and functions.

Creation of the Nigerian Electricity Regulatory Commission (NERC): The Act creates the Nigerian Electricity Regulatory Commission (NERC) as the apex regulator of the NESI. It empowers NERC to among other things, license and regulate persons engaged in the generation, transmission, system operation, distribution, supply and trading of electricity, create market rules and grid codes, safety, security, reliability and quality standards, establish consumer rights and obligations regarding the provision of electricity services, monitor the general operation of the electricity markets, and place sanctions as necessary in deserving circumstances. Any grievance with the decisions or actions of the NERC by any person with respect to the cancellation of a licence, refusal to issue or renew a licence, etc.  is subject to a review first by NERC upon an application made to it and it may give a final decision rescinding or varying its earlier decision. Any further grievance with the final decision given by NERC pursuant to its review is subject to an appeal at the Federal High Court. The Act further states that a person shall not institute and maintain a suit against NERC without first initiating and exhausting the internal dispute resolution with NERC.

Compulsory installation of meters for distribution of electricity to consumers. The Act makes it mandatory for electricity distribution licensees to install meters for distribution of electricity to consumers. There is also a corresponding mandatory obligation on all consumers of electricity to allow the installation of meters in their premises and pay bills chargeable to the electricity distribution licensees. The Act provides that where a consumer fails to pay bills, the electricity distribution licensee may cut off the consumer’s connection to power after giving notice in the manner prescribed by the NERC.

Establishment of the Power Consumer Assistance Fund: The Act establishes a Power Consumer Assistance Fund (PCAF), which shall be used to subsidize electricity supply to underprivileged power consumers. This category of underprivilege power consumers shall be determined by the Minister in charge of power in consultation with the NERC.

Creation of the Rural Electrification Agency: The Act creates the Rural Electrification Agency with the objectives of coordinating corporate bodies, private investors using renewable energy sources for rural electrification in the rural, unserved, underserved areas, thereby promoting universal access to affordable and sustainable electricity, and improving the quality of life and economic opportunities of rural, unserved, and underserved communities in Nigeria.

Key Highlights

• The Electricity Act, 2023 repeals the Electric Power Sector Reform Act, 2005, the Nigerian Electricity Management Services Agency Act, 2015, the Hydroelectric Power Producing Areas Development Commission (Establishment Act, Etc.) and its various amendment Acts
• Under the Act, the Federal Government shall support the development and utilization of renewable energy sources for the generation, transmission, system operation and distribution of electricity.
• The Transmission Company of Nigeria (TCN) is obliged to incorporate a company to be known as Independent System Operator (ISO) upon a written directive of NERC which is to be licensed by NERC to carry out the market and system operation functions such as generation scheduling, commitment and dispatch, transmission congestion management, administration of wholesale electricity market, etc. which were hitherto being exercised by TCN.
• A licence is required for electricity generation (excluding captive generation), transmission, distribution, supply trading and system operation.
• The construction, ownership and operation of an undertaking for generating electricity not exceeding 1 megawatt (MW) or an undertaking for distribution for electricity with a capacity not exceeding 100 kilowatts (KW) does not require a licence.
• The Act encourages private sector investments in the generation, transmission, distribution, and supply of electricity from renewable sources such as solar, wind or water.
• The Act provides for the introduction of tax incentives as are necessary to incentivize, promote and facilitate the generation and consumption of electric power from renewable energy sources.
• The Act recognizes the power of federating states to regulate their electricity markets by issuing licenses to private investors to operate mini-grids and power plants within the state. Interstate and international electricity delivery from such mini grids is however prohibited to state as it is within the remit of the Federal Government.
• The NERC maintains its status as the apex regulator of electricity sector in Nigeria, and until the federating states pass their own electricity laws, the NERC shall continue to regulate electricity business and markets within the federating states.
• The Act creates a Power Consumer Assistance Fund (PCAF), which shall be used to subsidize electricity supply to underprivileged power consumers.
• The Act creates the Rural Electrification Agency with the objectives of coordinating the use of renewable energy sources for rural electrification and promoting universal access to affordable and sustainable electricity, which improve the quality of life and economic opportunities.
• The Act creates offences and imposes penalties. Offences such as theft of electricity, theft of electric lines and materials, receiving stolen electricity, interference with meters or works of licensees, negligently breaking or damaging, intentionally disrupting power supply, damage to public street lightings, obstruction and impersonation, general contravention of orders and regulations and their penalties are specifically provided for under the Act.

Conclusion

The deficiency in power transmission in Nigeria has been attributed to inadequate power transmission infrastructure. The decentralization of power generation and distribution under the Electricity Act 2023, which gives states the power to develop legislations to create local markets for generation and transmission of power to all areas within their boundaries is anticipated to enhance affordable and sustainable electric power to all areas. Indeed, with the introduction of a parallel electricity market in the states, customers within the states can decide to remain connected to the national grid or opt for a mini-grid operator licensed by the state within which they reside in. The shift from fossil-based systems of energy production and consumption to renewable energy sources will create a market for renewable energy and stimulate private sector investments.

Please note that the contents of this article are for general guidance on the Subject Matter. It is NOT legal advice.

For further information or to see our other service offerings, please visit www.goldsmithsllp.com  or contact:

This article provides an overview of the new law, it considers the objectives, application, principles guiding the processing of personal data, cross-border transfer of personal data and other key provisions.

Application of the Nigeria Data Protection Act

The Act applies to data controllers or data processors domiciled, resident or operating in Nigeria and the processing of personal data that occurs within Nigeria. It also applies to situations where the data controllers or data processors are not domiciled, resident or operating in Nigeria but are processing the personal data of data subjects in Nigeria.

The Act does not apply to the processing of personal data which is done solely for personal or household purposes by one or two more persons. The Act also does not apply to the processing of personal data necessary for the investigation, detection or prosecution of crimes or the prevention or control of a public health emergency, etc.

Objectives of the Act

The Act seeks to achieve the following objectives:

1. Safeguard the fundamental rights, freedoms and interest of data subjects as guaranteed under the Constitution.
2. Regulate the processing of personal data and ensures that personal data is processed in a fair, lawful and accountable manner.
3. Protect data subjects’ rights and provide means of recourse and remedies in the event of breach.
4. Ensure that data controllers and data processors fulfill their obligations to data subjects.
5. Establish an impartial, independent and effective regulatory Commission to superintend over data protection and privacy issues and supervise data controllers and data processors.

Establishment and Functions of the Nigeria Data Protection Commission

The Act established the Nigeria Data Protection Commission (“the Commission”) for the purposes of achieving the objectives of the Act. Thus, the Commission has the core functions of regulating the deployment of technological and organizational measures to enhance personal data protection, accredit, licence, and register suitable persons to provide data protection compliance services, register data controllers and data processors, receiving complaints relating to violations of the Act or any subsidiary legislations.

Principles of Processing Personal Data

Data controllers and data processors process personal data on the basis of care and accountability to data subjects. Accordingly, data controllers and data processors must act in a fair, lawful and transparent manner, collect data only for specified and legitimate purpose, hold and retain the data accurately, not longer than necessary, and generally ensure appropriate security measures are taken to secure the personal data.

Consent and Lawful Basis for the Processing of Personal Data

Consent of a data subject is very important for processing personal data. A data subject is a person whose information or data is being processed or sought to be processed. A data controller or data processor must obtain the consent of a data subject before processing his/her data, and it lies on the data controller or processor to prove that the data subject has given consent. The request for consent must be in a clear simple language and format with information that the data subject reserves the right to withdraw the consent at any time.  The consent must be freely and intentionally given either in writing, orally or through electronic means. Silence or inactivity does not amount to consent. In the case of a child, or person lacking legal capacity), the consent of a parent or guardian will suffice. The need to obtain consent of parent or guardian, may however not apply where the processing of personal data is necessary to protect the vital interests, or for the purpose of the education, medical or social care of such child or person lacking legal capacity, or where it is necessary for proceedings before a court.

The consent must be given for the specific purpose(s) for which personal data is processed, or where the processing is necessary for the following purposes:

1. For the performance of a contract to which the data subject is a party
2. For compliance with a legal obligation to which the data controller or data processor is subject
3. To protect the vital interest of the data subject or another person
4. For the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller or data processor
5. For the purposes of the legitimate interest pursued by the data controller or data processor, or by a third party to whom the data is disclosed.

Obligations of a Data Controller

• Obligation to Provide Information: A data controller has the obligation to provide certain necessary information to a data subject before collecting his personal data. The information which the data controller must provide to the data subject include the following:

1. Identity, residence or place of business and means of communication with the data controller and its representative.
2. Recipients or categories of recipients of the personal data
3. Existence of the rights of the data subject
4. Retention period for the personal data, etc.

The data controller shall make this information available by means of a privacy policy which should be expressed in a clear, concise, transparent, intelligible and easily accessible format.

• Data Privacy Impact Assessment Obligation: The assessment is a process designed to identify the risks and impact of processing personal data. A data controller is required to conduct a data privacy impact assessment where the processing of personal data may result in high risk to the rights and freedom of a data subject. This is to be conducted before the processing of personal data.
• Obligation to Erase Personal Data: A data controller has the obligation to erase the personal data of a data subject without undue delay where it is no longer necessary or where the data controller has no other lawful basis to retain the personal data.

Obligations of a Data Processor

Data controllers are engaged by data processors to process personal data. These data processors are also mandated to comply with the principles for the processing of personal data, assist the data controller to fulfill its obligation, implement appropriate technical and organizational measures to ensure the security, integrity, and confidentiality of personal data. Where a data processor engaged by a data controller further engages another data processor, the data processor directly engaged by the data controller is obliged to notify the data controller of its engagement with another data processor.

Data Protection Officers

Data controllers that process significant personal data are required to designate a person as a Data Protection Officer (DPO). The DPO may be an employee of the data controller or a person engaged by a service contract and must possess expert knowledge on data protection laws and practices. A DPO advises data controller, monitors compliance with the Act and related data protection policies of the data controller. The DPO also act as the contact point for the Commission on data processing issues.

Rights of Data Subjects

A data subject has the following rights with respect to the processing of his personal data by a data controller.

1. Right to Confirmation from a Data Controller. A data subject has the right to obtain from a data controller without constraint or unreasonable delay, confirmation as to whether the data controller or a data processor operating on its behalf is storing or otherwise processing personal data relating to the data subject and if so, the purpose of the processing, the recipients or categories of recipients to whom the personal data have been disclosed or will be disclosed, etc.
2. Right to receive a copy of his personal data in a commonly used electronic format.
3. Right to correction or deletion of the data subject’s personal data where correction is not possible where the personal data is inaccurate, out of date, incomplete or misleading.
4. Erasure of personal data of the data subject without undue delay
5. Right to restrict the processing of personal data
6. Right to withdraw consent to the processing of personal data at any time.
7. Right to object to the processing of personal data relating to the data subject.
8. The right to reject being subject to a decision based solely on automated processing of personal data.
9. The right to receive personal data in a structured, commonly used and machine-readable format and be able to transmit it to another data controller without any hindrance.

Data Security

Data controllers and data processors are required to implement appropriate technical and organisational measures to ensure the security, integrity and confidentiality of personal data in the possession. They must ensure that personal data are protected against accidental or unlawful destruction, loss, misuse, alteration, unauthorized disclosure or access.

The security measures that may be implemented to ensure personal data security include encryption, periodic assessments of risks to processing systems and services, regular testing, assessing and evaluation of the effectiveness of the measures, regular updating of the measures and introducing new measures to address shortcomings, etc.

Personal Data Breaches

Personal data breach is the breach of the security of a data controller or data processor which leads to or may lead to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or processed.

Data processors are required to notify data controllers or engaging data processors of personal data breaches which the data processors store or process upon becoming aware of it by describing the nature of the personal data breach and the number of data subjects and personal data records concerned and also respond to all information requests from the data controllers or the engaging data processors.

Data controllers should also notify the Commission of personal data breaches which are likely to result in a risk to the rights and freedoms of individuals within 72 hours of becoming aware of such breach. Data controllers are also to communicate the personal data breach to the data subjects in a plain and clear language including measures that could be taken by the data subjects to mitigate any possible adverse effects.

Data controllers and data processors are also required to keep a record of all personal data breaches, facts relating to the breaches, its effects and remedial actions taken.

Cross-border Transfers of Personal Data

Data controllers and data processors are not allowed to transfer or permit the transfer of personal data from Nigeria to another country unless:

1. The recipient is subject to a law, binding corporate rules, contractual clauses, code of conduct or certification mechanism that affords an adequate level of protection.
2. meets one of the lawful basis for transfer of personal data outside Nigeria.

The level of protection considered adequate must uphold the principles that are substantially similar to the conditions for processing personal data provided by the Act. An adequate level of protection is assessed by taking into account the existence of an effective data protection law, access of public authority to personal data, existence of an independent supervisory authority, etc.

Registration of Data Controllers and Data Processors

Data controllers and data processors of major importance are mandated to register with the Commission within six months after the commencement of the Act or upon becoming a data controller or data processor of major importance. Data controllers or data processors of major importance are data controllers or data processors that process personal data of particular value or significance to the economy, society or security and are resident or operating in Nigeria.

The Commission is required to maintain and publish a register of duly registered data controllers and data processors of major importance on its website. A data controller or data processor of major importance shall be removed from the register where it ceases operation.

Enforcement and Penalties

A data subject who is aggrieved by the action, inaction or decision of a data controller or processor may lodge a complaint with the Commission and it may investigate the complaint where it is not vexatious or frivolous.

The Commission may also issue a compliance order once it is satisfied that any requirement of the Act or subsidiary legislation has been violated or likely to be violated by a data controller or data processor. The order may be a warning, order to comply with the request of a data subject or a cease-and-desist order. The Commission may also issue an enforcement order or impose a sanction for violation of the Act or a subsidiary legislation.

The penalty or remedial fee for violation of the Act or subsidiary legislation is:

1. Higher maximum amount, which is the greater of N10,000,000 and 2% of its annual gross revenue in the preceding financial year, in the case of a data controller or data processor of major importance.
2. Standard maximum amount, which is the greater of N2,000,000 and 2% of its annual gross revenue in the preceding financial year, in the case of a data controller or data processor not of major importance.

Conclusion and Remarks

The Nigeria Data Protection Act, 2023 is an important piece of legislation and has been long in coming. It provides for the basic principles and the lawful bases for the processing and transfer of personal data in Nigeria and applies to both resident and non-resident data processors. It provides for the responsibilities of data controllers and data processors while also providing for the rights of data subjects. The processing of sensitive personal data and the personal data of children and persons lacking legal capacity to consent must follow the applicable principles as provided by the Act. Data security measures which are robust are expected to be put in place by data controllers and data processors to protect against the risk of personal data breaches. The Act creates the Nigerian Data Protection Commission which has the overall responsibility to ensure compliance and impose penalties where necessary. Both resident and non-resident data processors are advised to pay particular attention to this new legislation as they are now required to take specific steps to ensure compliance with the Act.

Please note that the contents of this article are for general guidance on the Subject Matter. It is NOT legal advice.

For further information or to see our other service offerings, please visit www.goldsmithsllp.com  or contact:

A Trademark is a unique sign or mark that distinguishes the goods and services of one business from another. A mark can either be a device, brand, heading, label, ticket, name, signature, word, letter, numeral, or any combination thereof. Most businesses, companies or organizations have distinctive marks that sets them apart from other businesses.

The relevant law that governs Trademark in Nigeria is the Trademarks Act, Laws of the Federation of Nigeria 2004 (LFN 2004). This article explains the procedure for the registration of trademarks, enforcement, and remedies for the infringement of trademarks in Nigeria.

Requirements for Registration of Trademark:

1. Applicant’s details (i.e., name, signature, nationality, and address).
2. Details of the trademark.
3. A representation of the mark.
4. The classification of goods and/or services (Nigeria uses the Nice Classification of Goods and Services).
5. A signed Power of Attorney

Procedures for Registering a Trademark:

1. Availability search: The first step is to conduct an availability search at the Trademark Registry to ensure that there are no marks similar or in conflict with the proposed mark.
2. Application: If there are no conflicts, an application for trademark registration is filed at the Trademark Registry. After submission of the application form and payment of the necessary fees, the Registrar issues an Acknowledgement Letter confirming receipt of the application.
3. Acceptance: Where the application is approved on the grounds that the mark is distinctive, a Letter of Acceptance will be issued within one to three months by the Registrar of Trademarks.
4. Publication and Certification: Upon the acceptance of the application, the Registrar ensures the notice of the application is published in the Nigerian Trademark Journal. The purpose of this publication is to notify interested parties who may have objections to the application. The opposition period is two months from the date of publication. Where there are no objections or where an objection raised has been upheld, the Applicant may proceed to make an application for the issuance of Certificate of Registration and subsequently, a Certificate of Registration would be issued by the Registrar of Trademarks.

A trademark once registered is valid in Nigeria for an initial period of 7 years in the first instance and subsequent renewals are valid for 14 years.

Trademark Infringement

A trademark is infringed when a person without consent from the trademark owner uses the mark or an identical mark in a way that is likely to deceive the public or cause confusion. Where such rights are infringed upon, the proprietor can institute an action in court for the infringement of such trademark. The court with jurisdiction for trademark proceeding in Nigeria is the Federal High Court. The burden of proof lies on the Proprietor of the trademark to show that his right has been infringed upon. Section 5 (2) Trademarks Act provides that:

“without prejudice to the generality of the right to the use of a trade mark given by such registration as aforesaid, that right shall be deemed to be infringed by any person who, not being the proprietor of the trade mark or a registered user thereof using it by way of the permitted use, uses a mark identical with it or so nearly resembling it as to be likely to deceive or cause confusion, in the course of trade, in relation to any goods in respect of which it is registered.”

The owner of an unregistered trademark on the other hand may institute an action for passing off where there is an infringement.

Enforcement of Rights and Available Remedies.

The owner of a registered trademark can enforce his rights through the any of the following options:

1. Filing an opposition within 60 days of the publication in the Trademark journal against the registration of an identical or similar trademark. This is done by filing a Notice of Opposition, the Respondent is required to file a counter statement and the matter will be determined by the Registrar as to whether registration of the mark will be entertained or not. The notice must be in writing and must contain the grounds for the opposition.
2. Making a formal application to the Trademark Registrar for the cancellation of the trademark. This however should be supported with evidence of prior registration of the mark by the proprietor.
3. Sending a cease and desist letter to the infringer to inform him of the trademark that is being infringed and warning him to stop further violations of the mark. Where such infringer refuses, a legal action can be instituted.
4. Apply for a search and seize order where the infringement is known to the proprietor of the Trademark. It allows the owner the opportunity to enter the premises of the infringer without notice to seize all infringing goods.

Where the owner of a trademark commences legal action for the enforcement of his exclusive right to a trademark, the following remedies may be available through the courts:

1. The owner of the trademark can seek damages for compensation for losses suffered in relation to infringement of the trademark especially when such infringement impacts negatively on the owner’s business. The evidence must show a direct causal relationship between the infringement and actual harm.
2. Injunctive reliefs may be sought and granted. The court could prevent the infringer from further using the mark or may restrict usage of the mark to certain areas or impose certain conditions for its usage.
3. An Anton Pillar order can be sought to give access to the owner to enter the premises where the infringed goods are kept and take possession of it.
4. The court can also grant an order of account of profit to recover all the profits made by the infringer from the unauthorized use of the Trademark where such act amounts to gross loss of profit on the part of the owner.

Conclusion

The benefits of trademark registration generally and in Nigeria cannot be overemphasized. The certificate of trademark registration issued by the Registrar, is irrefutable evidence of registration of a mark and confers a right on the owner to use the trademark to the exclusion of others. Not only is a registered trademark protected under the law, but it also protects the identity and goodwill of the brand. The owner of a registered trademark can equally assign or transfer his trademark to an individual or corporate entity and generate revenue from it. Any infringement of the registered trademark could be met by an enforcement action and the registered trademark owner could get injunctive order or damages against the infringer.

Please note that the contents of this article are for general guidance on the Subject Matter. It is NOT legal advice.

For further information or to see our other service offerings, please visit www.goldsmithsllp.com  or contact:

A Payment Solution Service Providers (PSSP) licence is a financial licence within the payments system which is issued by the Central Bank of Nigeria (CBN). A PSSP licence authorizes the licensee to provide and operate payment processing gateway and portals, solution/application development, and merchant service aggregation and collections services. A  PSSP license does not provide the authorization to hold customers’ funds or create and issue wallets. PSSPs are predominantly Financial Technology (FinTech) companies that enable  and facilitate  online and offline payments solutions which include collections, check-out, biller aggregation and payout services.

The CBN is the regulatory authority that issues PSSP licenses in Nigeria. The CBN also provides constant regulatory oversight over the activities of PSSP licensees in Nigeria.

Who can Apply for a PSSP Licence in Nigeria

Only a company that is duly registered with the Corporate Affairs Commission (CAC) in Nigeria and also meets the minimum share capital requirements and other regulatory requirements of the CBN can apply for a PSSP licence in Nigeria.

The Process of Obtaining a PSSP Licence from the CBN in Nigeria

A PSSP licence is processed in two stages viz:

• Approval-in-Principle (AIP): This is the preliminary stage of obtaining a PSSP license. During this stage, an application is to be made to the CBN for the grant of the license and they are expected to give an Approval-in-Principle or reject the application. Where an AIP is given, it is only valid for a period of six months. The AIP does not authorize the applicant to commence operation but only allows the applicant to take steps towards obtaining the final licence.
• Final Licence: The applicant is required to consolidate the AIP stage by taking steps to ensure its readiness for commencement of operation, notifying the CBN of its readiness to commence operation, by paying and applying for final licence. Upon the grant of the final licence, the applicant can commence its operations.

The process of obtaining a PSSP licence from the AIP stage to the final licence stage involves the following:

1. Write an application letter for a PSSP license which is addressed to the Director, Payments Systems Management Department of the CBN.
2. The application letter is accompanied with the required documents which include:

• Certificate of incorporation of the company with the Corporate Affairs Commission (CAC), with a share capital of N100,000,000 (One Hundred Million Naira)
• Memorandum and Articles of Association of the company
• Form CAC 2A (Return of Allotment of shares)
• Form CAC 7A (Particulars of Directors)
• Tax Clearance Certificate (TCC) and Tax Identification Number (TIN) of the Company
• Company’s profile
• Details of ownership
• Board structure
• Business plan
• Information Technology policy
• Dispute resolution framework
• Necessary certifications such as Payment Card Industry Data Security Standard (PCIDSS), Payment Terminal Service Aggregator (PTSA), etc.
• Evidence of payment of the non-refundable application fee of N100,000 (One Hundred Thousand Naira).
• Evidence of the deposit of the refundable minimum capital of N100,000,000 (One Hundred Million Naira). This is required to be made in full (one lump sum) and in the name of the applicant.

3. The CBN assesses the application for the PSSP licence and the accompanying documents and if it is satisfied with the application, it proceeds to grant an Approval-in-Principle.

4. Upon obtaining AIP from the CBN, the applicant then makes payment of the licence fee of N1,000,000 (One Million Naira) to the CBN designated account and proceeds to apply for a final licence within six months of obtaining AIP.

5. The CBN inspects the registered place of business of the applicant company and its readiness to commence operation and proceeds to issue the final licence if it is satisfied with the outcome of its inspection.

Validity and Renewal of PSSP Licence

PSSP licence validity period is as determined by the CBN and renewable if the operations of the PSSP licensee is satisfactory to the CBN. Recently, CBN renewed Cellulant’s PSSP licence and this shows the satisfaction of the CBN with the services of the company in providing payment solutions in Nigeria. Thus, the renewal of a PSSP licence by the CBN is a vote of confidence on the operation of a PSSP licensee.

Conclusion

A Payment Solution Service Providers (PSSP) licence is an important licence within the Nigerian payment systems which enables the provision of financial services such as the operation of payment processing gateway and portals which is utilized by merchants to accept debit or credit card purchases from customers. A PSSP licensee provides both online and offline payment solutions. A PSSP licence is obtainable from the CBN by submitting an application to the CBN and paying the required application and license fees within the stipulated timelines.

Please note that the contents of this article are for general guidance on the Subject Matter. It is NOT legal advice.

For further information or to see our other service offerings, please visit www.goldsmithsllp.com  or contact: