Nigeria’s telecom regulator is racing to finalise a cybersecurity framework designed to protect the nation’s digital backbone. The move follows growing concerns over data breaches, including a high-profile incident earlier this year involving MTN customers across several markets.
Although MTN said its core systems were unaffected, the breach exposed the vulnerability of telecom operators to cyber threats. The Nigerian Communications Commission (NCC) believes urgent steps are needed to safeguard networks that millions of Nigerians rely on daily.
A National Standard for Telecom Security
The framework, expected to be completed by Q3 2025 and rolled out in early 2026, will require telecom operators to adopt uniform safeguards. Operators will need to enforce data protection, develop incident-response plans, and conduct regular audits to keep systems secure.
NCC’s Executive Vice Chairman, Dr Aminu Maida, explained why the effort is critical: “Telecom networks are the backbone of our digital economy. Their security must be prioritised to ensure national resilience against cyber threats.”
Until now, operators relied on their own internal security measures. The new plan is meant to unify those strategies under a national standard, backed by the Cybercrime Act (2015) and the Data Protection Act (2023). Non-compliance could attract heavy penalties.
This is not the NCC’s first attempt at tightening telecom security. In 2024, it introduced a Device Management System (DMS) to track and block stolen or non-compliant mobile devices using International Mobile Equipment Identity (IMEI) numbers.
The new cybersecurity framework builds on that approach, but with wider scope. It aims to cover every aspect of telecom operations, from network monitoring to breach reporting. The commission has also said the rules will not remain static, and will be periodically updated to keep pace with evolving digital threats.
Until now, operators relied on their own internal security measures. The new plan is meant to unify those strategies under a national standard, backed by the Cybercrime Act (2015) and the Data Protection Act (2023). Non-compliance could attract heavy penalties.
This is not the NCC’s first attempt at tightening telecom security. In 2024, it introduced a Device Management System (DMS) to track and block stolen or non-compliant mobile devices using International Mobile Equipment Identity (IMEI) numbers.
The new cybersecurity framework builds on that approach, but with wider scope. It aims to cover every aspect of telecom operations, from network monitoring to breach reporting. The commission has also said the rules will not remain static, and will be periodically updated to keep pace with evolving digital threats.
I am passionate about crafting stories, vibing to good music (and making some too), debating Nigeria’s political future like it’s the World Cup, and finding the perfect quiet spot to work and unwind.
No Comments