REGULATION OF ONLINE PLATFORMS IN NIGERIA: DRAFT CODE OF PRACTICE FOR INTERACTIVE COMPUTER SERVICE PLATFORMS/INTERNET INTERMEDIARIES 

/1 Comment/in /by

By Seun Timi-Koleolu and Adedolapo Arisoyin

DOWNLOAD PUBLICATION

Introduction

On June 13, 2022, the National Information Technology Development Agency (“NITDA”) released the Code of Practice for Interactive Computer Service Platforms/Internet Intermediaries (the “Draft Code”).

The Draft Code aims to safeguard the security and interest of Nigerians and non-Nigerians with respect to activities conducted on online platforms. It also regulates the activities of online platforms including websites and social media operators.

We have set out in this article, the scope, objectives, and key points to note in the Draft Code.

  1. Scope of the Draft Code

The Draft Code applies to Interactive Computer Service Platforms/Internet Intermediaries and their agents (the “Platform(s)”) in Nigeria. These Platforms include social media operators like facebook, twitter, tiktok, instagram e.t.c., websites, blogs, streaming platforms, online discussion forums (e.g. podcasts), streaming platforms, and other similar platforms.

  1. Objectives of the Draft Code

The Draft Code sets out best practices required of Platforms to ensure the safety of the digital ecosystem for Nigerians and non-Nigerians in Nigeria.

  1. Key points from the Draft Code

i) Regulatory compliance: Platforms are required to comply with applicable laws and the directives of court orders received.

ii) Take down notices: Platforms should acknowledge and take down any unlawful content[1]; non-consensual sexual content; or information that is objectionable on the grounds of public interest, morality, order, security, peace, or is prohibited by applicable Nigerian law (prohibited material) within 24 hours.

iii) Compulsory disclosure: Platforms should disclose the identity of the creator of information on its Platform when directed to do so by court order, (where the first creator of such information is located outside Nigeria, the first creator of that information in Nigeria shall be deemed to be the first creator).

iv) Complaint channel: Platforms are to provide a channel for users and authorised government agencies[2] to lodge complaints or make requests against unlawful or harmful content[3]. They are also expected to issue tracking codes to complainants and inform them in writing of the resolutions of such complaint.

v) Risk assessment requirement: Platforms are to ensure that they carry out risk assessment to determine whether content is harmful upon receiving notice of such complaint.

vi) Terms of Use: Platforms are to publish on their websites and/or applications in simple language, terms of use of its platform.

vii) Compliance report: Platforms are required to file an annual compliance report with NITDA.

viii) Categorization and Incorporation requirement: The Draft Code categorizes Platforms with more than one hundred thousand (100,000) users as Large Service Platforms (“LSPs”).

  • Incorporation requirements: LSPs are required to be incorporated and have a physical contact address in Nigeria and ensure that the details of this physical address are visible on their websites/platforms. They are also required to appoint a liaison officer.
  • Content oversight: LSPs are to furnish a user or authorized government agency (on demand) with information with respect to: a) the reason behind a popular content and the factor/figure behind such influence; and b) why users get specific information on their timelines.

ix) Penalty: Non-compliance with the Draft Code shall be construed as a breach of the provisions of the NITDA Act 2007.

The NITDA Act provides that any corporate body who commits an offence where no specific penalty is provided, is liable on conviction: (a) for a first offence, to a fine of Two Hundred Thousand Naira (N 200,000) or imprisonment for a term of 1 year or to both such fine and imprisonment; and (b) for a second and subsequent offence, to a fine of  Five Hundred Thousand Naira (N 500,000) or to imprisonment for a term of 3 years or to both such fine and imprisonment. Please note that the penalities may be reviewed from time to time.

x) Non-Large Service Platforms: The Draft Code also stipulates that Platforms with less than one hundred thousand (100,000) users may be required by NITDA to comply with the obligations of a Large Service Platform.

Conclusion

We applaud NITDA’s efforts in working toward establishing a code that will regulate online platforms.

We have however set out below a few recommendations to improve the Draft Code.

  1. The code needs to clearly state the metrics to determine when a Platform is deemed to be in Nigeria.
  2. The code should clarify whether the one hundred thousand (100,000) users specified for LSPs pertain to users solely in Nigeria or users on the Platform irrespective of country of residence.
  3. The code should introduce a provision to enable Platforms to appeal and put forward a defence against take down notices and obtain approval to re-instate content upon a successful appeal.

 

[1] any content that violates an existing law in Nigeria.

[2] NITDA, Nigerian Communications Commission (NCC), National Broadcasting Commission (NBC), or any agency authorised by its enabling law.

[3] content which is not unlawful but harmful.

FINTECH REGULATION IN NIGERIA; PROPOSED OPERATIONAL GUIDELINES FOR OPEN BANKING

/in /by

By Aderonke Alex-Adedipe and Adedolapo Arisoyin

DOWNLOAD PUBLICATION

In our previous article, we provided a summary of the key provisions in the Framework for Open Banking (the “Framework”) released by the Central Bank of Nigeria (CBN) on February 17, 2021. The CBN had in the Framework, indicated that a set of operational guidelines will be subsequently issued to provide guidance to participants on the mode of implementing and operating within the ambit of the Framework.

In view of the above, the CBN, in May 2022, published the draft Operational Guidelines for Open Banking in Nigeria (the “Proposed Guidelines”).

In this newsletter, we highlight our understanding of the applicability of the Proposed Guidelines and key points in the Proposed Guidelines, which regulate participation in Open Banking.

  1. What is Open Banking?

Open Banking is the practice of sharing financial information electronically, securely, and only under conditions which customers approve of, by using Application Programming Interfaces (APIs[1]). This permits the networking of accounts and data across institutions for use by consumers, financial institutions, and third-party service providers.

  1. What is the Scope of the Proposed Guidelines?

The Proposed Guidelines apply to banking and other related financial services, including (i) payments and remittance services; (ii) collection and disbursement services; (iii) deposit-taking; (iv) credit; (v) personal finance advisory and management; (v) credit ratings/scoring; (vi) leasing/hire purchase; and (vii) mortgages.

  1. Who can participate in Open Banking?

Any organization in possession of customers’ data, which may be exchanged with other entities to provide innovative financial services within Nigeria may participate in the Open Banking ecosystem.

The Proposed Guidelines categorises participants as: (i) the API Provider (“APP”) i.e. a participant that uses API to provide data or service to another participant, e.g a licensed financial institution/service provider, a Fast-Moving Consumer Goods (FMCG) company, or a payroll service bureau; (ii) API Consumer (“AC”) i.e. a participant that uses API released by the AP to access data or service. An AC can be a licensed financial institution/service provider, an FMCG or a payroll service bureau; and (iii) Customer: i.e the data owner and end-user that may be required to provide consent for the release of data for the purpose of accessing financial services.

  1. What are the objectives of the Proposed Guidelines?

Some of the key objectives of the Proposed Guidelines include:

(i) to provide clear responsibilities and expectations for the various participant categories;

(ii) to ensure consistency and security across the Open Banking system;

(iii) to stipulate safeguards for financial system stability; and

(iv) to promote competition and enhance access to banking and other financial services.

5. How is Open Banking regulated?

The CBN under the Proposed Guidelines, commits to establishing an Open Banking Registry (OBR) to perform the following functions: (i) provide regulatory oversight on participants; (ii) enhance transparency in the operations of open banking; and (iii) ensure that only registered institutions operate within the open banking ecosystem.

The OBR is envisaged to serve as a public source for details of registered participants and each participant will be identified by its corporate registration number.

  1. What are the responsibilities of an APP?

An APP is required to: (i) maintain a configuration management policy approved by its executive team; (ii) execute a service level agreement (to include: accounting and settlement; fee structure; registration and sponsorship responsibilities etc) with the AC which will govern their relationship; and (iii) maintain a problem register which should indicate the date and time a problem was discovered, the timelines within which it was resolved, amongst others.

  1. What are the responsibilities of an AC?

An AC is required to: (i) maintain a data governance policy approved by its executive management committee; (ii) ensure it possesses a data ethics framework to ensure data security; and (iii) comply with all relevant data protection regulations in Nigeria to protect the customer’s data.

  1. Data Protection

A recurring theme in the Proposed Guidelines is the provisions on the protection of the customers’ data. The Proposed Guidelines generally require that participants develop and implement a data breach policy to ensure that the procedures for managing data breaches are set out. The Proposed Guidelines also provide that consent is required from customers whose data may be required by service providers to supply them with financial products and services.

        Conclusion                                                           

The regulation on Open Banking operations provides a channel for financial inclusion and paves a way for access to financial services for millions of Nigerians. It is anticipated that upon the release of the final Guidelines, and proper implementation by participants, there will be a noticeable improvement to access to banking and payments services, as well as respect for data privacy.

[1] ) An API is a set of programming code that enables data transformation between one software product and another.

REGULATION OF TECHNOLOGY IN NIGERIA: 2022 DEVELOPMENTS

/in /by

Seun Timi-Koleolu and Feyijuwa Akinyanmi

 DOWNLOAD PUBLICATION

Introduction

As of June, 2022, there have been a few regulatory developments relevant to the tech space in Nigeria. We have set out below 7 notable developments to guide tech companies doing or intending to do business in Nigeria.

1. Non-resident digital companies may now be subject to income tax on a deemed profit basis.

Under the Finance Act 2021, enacted in January 1, 2022, the Federal Inland Revenue Service (“FIRS”) is empowered to charge and assess companies providing digital services that have a significant economic presence in Nigeria on a deemed profit basis (ie fair and reasonable percentage of its profits that are attributable to its presence in Nigeria). This will occur where it appears to the FIRS that for any year of assessment, the company either has no assessable profits or its assessable profits are in the opinion of the FIRS less than what should be realized from its operations in Nigeria or, where the assessable profits of the company cannot be ascertained.

2. Non-resident digital companies can now be compelled to collect and remit Value Added Tax (“VAT”) to the FIRS.

Where a non-resident company provides taxable goods and services to a person in Nigeria (“Beneficiary”), the Finance Act, 2021 empowers the FIRS to appoint any person (including the non-resident company) to act as a collection agent for the collection and remittance of VAT on the goods and services provided. The Beneficiary will not be obliged to withhold and remit VAT unless the entity appointed by the FIRS fails to collect and remit VAT as instructed.

3. Owners of copyrighted works will be exclusively entitled to post their works online.

There is currently a copyright bill undergoing the legislative review process that will repeal the existing Copyright Act and replace it with a new Copyright Act. (the “Copyright Bill”).

The Copyright Bill recognises the exclusive rights of a work owner to post his work online. Once enacted, persons whose copyrights have been infringed on online will be entitled to instruct platforms hosting the infringing work to take down or disable public access to the infringing content or the link to such content. The Nigerian Copyrights Commission will also be entitled to block the access of the public to any content, link, or website that it reasonably believes to infringe copyright.

4. The Nigerian Data Protection Bureau (“NDPB”) is now responsible for enforcing data protection in Nigeria.

The President of Nigeria on February 4, 2022, established the NDPB. The NDPB is to replace the National Information Technology Development Agency (“NITDA”) as the principal body for data protection in Nigeria. It is important to note that the NDPB is now responsible for among others, the registration of Data Protection Compliance Organisations and data privacy breach reporting.

5. The CBN has published draft Operating Guidelines for Open Banking in Nigeria.

The Central Bank of Nigeria on May 13, 2022, published the exposure draft of the Operating Guidelines for Open Banking in Nigeria. The guidelines recognises the ownership and control of data by customers of financial and non-financial service providers and provides for the conditions under which other service providers can be granted access to customer information. It is expected that open banking will drive innovation in the banking and payments sector.

6. The Securities and Exchange Commissions (“SEC”) has released rules for digital asset platforms.

The SEC released the Rules on Issuance, Offering Platforms, and Custody of Digital Assets on May 11, 2022. The rules regulate: (i) the issuance of Digital Assets as Securities; (ii) Digital Assets Offering Platforms (DAOPs); (iii) Digital Asset Custodians (DACs); (iv) Virtual Assets Service Providers (VASPs); and (v) Digital Assets Exchange (DAX). It also provides for the licensing requirements, non-permissible activities, minimum paid-up capital requirement, etc for companies carrying on businesses related to digital assets.

7. Insurance Web Aggregators are now regulated by the National Insurance Commission (“NAICOM”).

NAICOM on February 01, 2022, issued the Insurance Web Aggregators Operational Guidelines (“Guidelines”), 2022 for companies that own or maintain websites that provide information to the general public on insurance products, prices and features of various insurance companies ie Insurance Web Aggregators. Entities that intend to carry on business as web aggregators are required to apply to NAICOM for a license while entities already providing web aggregator services were given a grace period of 60 days to obtain a license from NAICOM.

To read more about these regulations, please visit our website at www. pavestoneslegal.com