AI Regulation in Nigeria
Explore Nigeria's emerging AI regulations, NDPA compliance, and strategic guidance for businesses implementing AI systems responsibly.
Nigeria is entering a critical phase in developing its AI governance framework. While the country does not yet have a dedicated AI Act, the regulatory environment is strengthening rapidly following the 2023 Nigeria Data Protection Act (NDPA) and the establishment of the Nigeria Data Protection Commission (NDPC). Together with the upcoming National AI Strategy and increasing activity from sector regulators such as the CBN, NCC and NITDA, organisations deploying AI must now meet practical expectations around privacy, accountability, transparency and safe system design. Nigeria's AI ambitions are situated within a broader national vision. The government's upcoming National Artificial Intelligence Strategy expected to be finalised between late 2025 and early 2026 focuses on responsible innovation, trust in digital systems and capacity-building across research, education and local industry. Its direction aligns closely with the African Union's Continental AI Strategy (2024), which promotes risk-based regulation, ethical standards and cooperation across African markets.
NDPA 2023 as the Foundation for AI Governance
Nigeria's most important binding instrument for AI today is the Nigeria Data Protection Act (NDPA). Although not an AI-specific law, its provisions directly shape how organisations develop and deploy AI systems. The NDPA requires organisations to have:
- Lawful basis for data processing in AI workflows
- Transparency about automated decision-making
- Meaningful information on logic used in profiling
- Human intervention mechanisms for significant decisions
- Data minimisation and purpose limitation for model inputs
- Adequate safeguards for cross-border data transfers
- Data Protection Impact Assessments (DPIAs) for high-risk AI
These obligations increasingly define AI governance in practice, especially as the NDPC intensifies enforcement through audits and compliance notices in 2024-2025.
Fig 1.0 Key NDPA obligations that directly shape how AI systems process personal data in Nigeria.
Nigeria's approach to AI governance is heavily sector-led, with regulators interpreting how AI fits into existing rules. The most active authorities include:
- CBN – credit scoring, AML automation, fintech AI validation
- NCC – telecom optimisation, automated customer service, data management
- NAFDAC + Ministry of Health – AI diagnostics, clinical software, medical safety
- NITDA – digital innovation, AI sandboxes and emerging tech guidelines
These regulators continue to expand their expectations. For example, the CBN sandbox (launched 2023, expanded 2024–2025) now evaluates model explainability, fairness and consumer transparency before granting approvals for AI-powered fintech tools.
Responsible AI Practices Becoming Standard in Nigeria
Across both public and private sectors, responsible AI concepts are rapidly becoming operational. Organisations are expected to ensure that AI systems do not reinforce discrimination or social inequities, particularly in areas such as lending, hiring, insurance or service delivery. Nigerian regulators increasingly expect:
- Fairness and non-discrimination assessments
- Explainable decision-making, especially in high-risk contexts
- Human oversight, particularly where AI decisions affect rights
- Safety validation, including model testing and monitoring
- Privacy-by-design approaches across system development
These expectations are not yet codified in a single instrument, but collectively they form the emerging standard of care for AI deployment in Nigeria.
International Alignment and Standardisation
Nigeria is aligning itself with global AI governance frameworks to ensure interoperability and attract investment. Larger organisations in banking, telecoms, energy and logistics increasingly reference:
- ISO/IEC 42001 – AI management systems
- ISO/IEC 23894 – AI risk management
- NIST AI RMF – governance, mapping and measurement of AI risks
This trend is reinforced by Nigeria's active participation in African Union digital governance initiatives and Smart Africa Alliance programmes, which aim to establish shared standards across member states.
What Comes Next for Nigeria
Nigeria is expected to introduce more formal AI policy instruments over the next two years. These will likely include sector-specific AI guidelines, updates to digital-economy regulations and eventually a dedicated AI Act. The NDPC is also expected to expand enforcement efforts, particularly in profiling, biometric technologies and automated decision-making.
For organisations, the direction is clear: incorporating risk-based AI governance, transparent model documentation and structured oversight mechanisms is no longer optional; it is essential for operational resilience and regulatory readiness.
How Nemko Digital Can Support Your AI Compliance Journey in Nigeria
As Nigeria transitions toward more structured AI governance, organisations need clear guidance on how to interpret regulatory expectations, assess risks and demonstrate compliance across complex digital ecosystems. Nemko Digital supports clients operating in Nigeria by translating regulatory requirements whether from the NDPA, sector regulators or emerging AI policy frameworks into practical controls and documentation tailored to each use case. We help organisations implement AI governance frameworks aligned with ISO/IEC 42001, conduct risk and impact assessments for high-risk AI systems, validate model transparency and fairness, design data-protection safeguards and establish end-to-end oversight processes for AI embedded in products or services. Through regulatory monitoring, readiness assessments and technical-legal support, Nemko ensures that your AI deployments remain compliant, trustworthy and aligned with Nigeria's evolving 2025 regulatory landscape.
Get in touch with us to start your AI compliance journey.