Nigeria’s AI Law: Africa’s First Framework for Governing Artificial Intelligence

The Regulatory Gap Africa Can No Longer Ignore

Across Africa’s 1.4 billion people, artificial intelligence is being deployed at accelerating speed in mobile banking, agricultural advisory systems, healthcare diagnostics, and government services. Forty-four African countries have enacted data protection legislation, and 25 mandate safeguards against automated decisions. Yet until Nigeria’s legislative push in early 2026, no African nation had a comprehensive, standalone legal framework specifically governing AI development, deployment, and use.

Nigeria’s National Digital Economy and E-Governance Bill changes this calculus. Targeting passage by the end of Q1 2026, the bill creates Africa’s first comprehensive AI governance architecture. It designates the National Information Technology Development Agency (NITDA) as a super-regulator with authority spanning AI classification, algorithmic transparency, and auditor accreditation. It introduces a risk-based classification system modeled on — but adapted from — the EU AI Act. It establishes penalties of up to 10 million naira (approximately $7,000) or 2% of annual gross revenue, whichever is higher. And it creates regulatory sandboxes designed to balance innovation with risk management.

The bill arrives as Nigeria’s digital economy approaches a projected $18.3 billion in revenue by 2026, and the country has climbed 31 places to 72nd in the Oxford Insights Government AI Readiness Index 2025, up from 103rd in 2023. Nigeria is not regulating from a position of weakness — it is regulating from growing capability and ambition.

How NITDA Becomes Africa’s AI Super-Regulator

The bill’s most structurally significant provision is the consolidation of digital governance authority in NITDA. Currently, Nigeria’s digital economy is regulated through multiple agencies: NITDA handles IT development, the National Communications Commission (NCC) regulates telecommunications, the Central Bank of Nigeria (CBN) oversees fintech, and the Nigeria Data Protection Commission (NDPC) manages data protection under the 2023 Nigeria Data Protection Act. AI systems frequently cross these jurisdictional boundaries — a fintech lending algorithm involves telecommunications infrastructure, financial services, personal data processing, and AI decision-making simultaneously.

The bill addresses this fragmentation by designating NITDA as the lead regulatory authority for AI governance. Its expanded mandate includes AI system registration and licensing for high-risk applications, conformity assessment oversight, enforcement powers including fines and suspension of non-compliant systems, technical standard-setting adapted from international frameworks (ISO, IEEE), and coordination with sector-specific regulators. An AI Advisory Council housed within NITDA will include representatives from industry, academia, civil society, and affected communities.

This super-regulator model concentrates significant power in a single agency. Whether NITDA receives the funding, talent, and institutional support to fulfill this expanded mandate remains the bill’s central implementation question. NITDA’s current capacity was built for IT development oversight, not comprehensive AI regulation.

Risk Tiers and What They Mean for AI Deployers

The bill adopts a risk-based classification approach. High-risk AI systems — those used in finance, public administration, surveillance, and automated decision-making — face the most stringent requirements. These systems must obtain formal licenses before deployment in the Nigerian market and submit annual impact assessments detailing risks, mitigation strategies, and system performance.

Mandatory requirements for high-risk AI include risk management systems across the AI lifecycle, data governance ensuring training data quality and representativeness for the Nigerian context, comprehensive technical documentation, transparency to users including clear disclosure of AI interaction, human oversight with qualified personnel able to monitor and override the system, and accuracy, robustness, and cybersecurity standards.

The bill prohibits certain AI applications outright, including government social scoring systems that restrict citizens’ access to services, real-time biometric identification for mass surveillance (with narrow law enforcement exceptions requiring judicial authorization), and AI designed to manipulate behavior or exploit vulnerable populations.

Lower-risk AI faces proportionate transparency obligations — chatbots must disclose their AI nature, AI-generated content must be labeled — but the regulatory burden is deliberately kept light to avoid stifling the innovation Nigeria’s digital economy depends on.

Penalties That Command Boardroom Attention

The bill establishes a graduated penalty structure. First-time or minor violations result in administrative warnings and compliance orders. Significant violations — including failure to register high-risk AI systems, material non-compliance, or obstruction of NITDA investigations — carry fines up to 10 million naira (approximately $7,000) or 2% of annual gross revenue in Nigeria, whichever is higher. The most serious violations can lead to suspension or revocation of AI deployment authorization, with personal liability for officers who knowingly authorize violations.

The 2% revenue figure is the headline number. For a multinational with substantial Nigerian revenue, a 2% penalty transforms AI compliance from a cost-of-doing-business calculation into a genuine boardroom priority. For Nigerian startups and SMEs, even the threat of a 2% penalty could prove disproportionately burdensome — a tension the bill partly addresses through regulatory sandbox provisions and NITDA’s enforcement discretion.

Regulatory Sandboxes for a Market That Must Innovate and Govern Simultaneously

The sandbox framework allows companies to test innovative AI applications in a controlled environment with modified compliance obligations. Participants apply to NITDA with detailed system descriptions and risk assessments, receive time-limited authorization (typically 12-24 months), operate under continuous NITDA monitoring, and may graduate to full deployment if testing demonstrates compliance capability.

The sandbox reflects Nigeria’s dual identity in the AI landscape: simultaneously a market where AI adoption is essential for economic development and a jurisdiction where unregulated deployment has produced documented harms in lending, hiring, and government service allocation. For the country’s startup ecosystem — which attracted approximately $410 million in venture capital in 2024 and hosts five unicorn companies including Flutterwave, OPay, and Moniepoint — the sandbox provides a structured path from experimentation to compliant deployment.

Continental Ripple Effects

When Nigeria acts on technology governance, the continent follows. Nigeria accounts for roughly a quarter of sub-Saharan Africa’s GDP. Lagos hosts Africa’s preeminent tech ecosystem. When Nigeria enacted data protection rules with the NDPR in 2019 and its successor the NDPA in 2023, it catalyzed similar legislation across West Africa.

Nigeria is not alone in the AI governance race. Kenya’s Artificial Intelligence Bill 2026, tabled in the Senate in February 2026, proposes its own regulatory framework with an AI Commissioner and penalties for harmful AI-generated content. Angola and Morocco are developing dedicated AI legislation. South Africa submitted its Draft National AI Policy to Cabinet in March 2026. The African Union endorsed a Continental AI Strategy in July 2024.

But Nigeria’s bill is the most comprehensive. If effectively implemented, it will drive regulatory emulation across Africa, compliance spillover as companies apply Nigerian standards to other markets, regional harmonization pressure through ECOWAS and the AfCFTA, and talent development as Nigeria builds a cadre of AI governance professionals.

The bill also adds a critical developing-economy voice to global AI governance conversations dominated by the EU AI Act, China’s AI regulations, and US sectoral approaches. Nigeria’s emphasis on financial inclusion AI, agricultural AI, and healthcare AI reflects priorities central to hundreds of millions of people but peripheral in wealthy-nation regulatory frameworks.

Sources & Further Reading

• Nigeria Set to Pass Sweeping AI Rules for Digital Economy — Bloomberg
• Nigeria’s Proposed AI Rules Could Set a Continental Precedent — TechInAfrica
• Government AI Readiness Index 2025 — Oxford Insights
• Nigeria Moves to Enforce Strict AI Rules Amid Adoption Challenges — Weetracker
• AI Regulation in Africa 2026: Laws, Compliance, and Opportunities — TechInAfrica
• Nigeria’s Digital Economy Near $18bn as Policy Shapes Growth — SmallWorldFS
• Why Data Protection Has Become Africa’s Default AI Policy Tool — TechCabal
• Continental Artificial Intelligence Strategy — African Union