Open Mon-Fri : 08:30am to 04:30pm

I Have a Question About

IT Project Clearance
Data Protection
IICP Registration
Scholarship
NITDA Academy
Domain Name Registration
Nigeria Digital Trustmark
VAPT
PKI FAQ
Why does a Federal Public Institution need to submit its projects to NITDA for Clearance?

The reasons for IT Projects Clearance are to ensure:

  • i. That IT projects are not replicated;
  • ii. Integration of systems and services by Federal Public Institution to save costs, promote shared services, interoperability and improve efficiency;
  • iii. That there is an indigenous capacity for after-sales-service to sustain the project beyond the initial deployment; and
  • iv. That the project promotes indigenous content and that preference shall be given to indigenous companies where capacity or the product or service exists.
  • For more information, kindly read Guidelines for Clearance of Information Technology (IT) Projects by Ministries, Departments and Agencies (MDAs)

    What type of projects should a Federal Public Institution submit for Clearance?

    Only IT related projects should be submitted to NITDA for Clearance

    How does a Federal Public Institution submit its IT projects for Clearance?

    All projects are expected to be submitted via the visit IT Projects Clearance portal

    For more information, please see Requirements for Registration on the IT Projects Clearance portal.
    At what stage is a Federal Public Institution expected to submit its IT projects to NITDA for Clearance?

    All proposed IT projects are expected to be submitted to NITDA for Clearance at their Conceptualization stage.

    What is the minimum estimated amount for a Federal Public Institution’s proposed IT project requires submission for Clearance by NITDA?

    Currently, there is no minimum estimated amount. All proposed IT projects are expected to be submitted to NITDA for Clearance.

    How long does it take to obtain clearance?

    The IT Projects Clearance team will communicate within 21 working days

    Can a Federal Public Institution proceed with implementation of its IT project with a Conditional Clearance?

    NO. The Conditional Clearance cannot be used by Federal Public Institution for implementation of its IT project.

    What specific objectives is the Regulation meant to achieve?

    The objectives of the NDPR are: data privacy protection; secure exchange of data; improve business environment and create sustainable jobs.

    What is the scope of the NDPR. Who does it apply to?

    The NDPR applies to all residents of Nigeria; all Nigerians within and outside Nigeria.

    Has the Regulation come into effect and when does the 6-months grace period expire?

    The Regulation came into effect on 25th January, 2019. A major advertorial was carried in four major national dailies between 14th and 15th of February, 2019 to sensitize people on this. The grace period elapsed by 25th of July, 2019 and extended till 25th October, 2019.

    What is data processing?

    Processing is defined in Article 1.3(r) as follows: “Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction; …

    What is the legislative competence of NITDA to issue data regulation?

    NITDA is empowered to regulate electronic data use in Nigeria. Section 6(a and c) of the NITDA Act 2007 makes this clear. This provision makes it clear that NITDA has the authority to regulate data from any electronic or digital platform. A breach of NITDA regulation is a breach of the NITDA Act as provided by Section 17 and 18 of the Act. Therefore, a breach of this Regulation is enforceable in the Nigerian court.

    Our business operates an international model, wherein customer’s data are transferred across borders often, how does the NDPR impact on this model?

    The NDPR recognizes the need for cross-border transfer of data in an era of globalized and high-speed business transactions. Article 2.11 of the Regulation, which relates to Transfer to a Foreign Country, addresses this concern. To comply with the provision and other aspects of the Regulation, the Data Controller would provide the following:

  • i. The List of Countries where personally identifiable information of Nigerian citizens are transferred in the regular course of business.
  • ii. The Data Protection laws and contact of National Data Protection Office/Administration of such countries listed in i) above.
  • iii. The privacy policy of the Data Controller, compliant with the provisions of the NDPR.
  • iv. Overview of encryption method and data security standard
  • v. Any other detail that assures the privacy of personal data is adequately protected in the target country.
  • These information may be captured in the annual data audit report where the transfer is done in the regular course of business

    Does the NDPR mandate businesses to host data only on local servers?

    The NDPR does not mandate private businesses to host data only on local servers, although this is highly encouraged. Government data as well as critical national data in the custody of private organisations must however be hosted in-country. Where hosted abroad, the Data Controller, should however, provide NITDA with the countries where such servers are located and their data protection policies.

    Would data privacy audits conducted by private auditors be compliant to the NDPR?

    NITDA does not accept audit report by non-licensed third-party auditors. The Data Controller may encourage its auditors to obtain the Data Protection Compliance Organisation (DPCO) license or alternatively deal with NITDA licensed DPCOs. Every audit report required under the Regulation must be accompanied by a Verification Statement by a licensed DPCO.

    When are Data Controllers expected to file data protection audit report?

    Except for other specified purposes or request by NITDA, Data Controllers are expected to file their data audit report annually before the 15th of March of the following year.

    What is the role of a Data Protection Compliance Organisation (DPCO)

    A “Data Protection Compliance Organization (DPCO)” means any entity duly licensed by NITDA for the purpose of training, auditing, consulting and rendering services and products for the purpose of compliance with the NDPR or any foreign Data Protection Law or Regulation having effect in Nigeria. In essence any organization that wishes to provide any form of data privacy protection service to Nigerian companies must acquire this license. Submission of annual audit report by Data Controllers must be accompanied by a verification statement by a licensed DPCO.

    Do Data Controllers wishing to transfer data abroad, obtain permission of the Attorney-General of the Federation before doing so?

    Article 2.11 of the NDPR provides: Any transfer of Personal Data which is undergoing processing or is intended for processing after transfer to a foreign country or to an international organisation shall take place subject to the other provisions of this Regulation and the supervision of the Honourable Attorney General of the Federation (HAGF).

    Data Controllers do not require permission of the Attorney-General for every transfer of Data outside Nigeria. In transferring data abroad, Data Controllers shall provide the following information to NITDA through their annual audit report or where specifically requested by NITDA.

  • i. The List of Countries where Nigerian citizens personally identifiable information of Nigerian citizens are transferred in the regular course of business.
  • ii. The Data Protection laws and contact of National Data Protection Office/Administration of such countries listed in i) above.
  • iii. The privacy policy of the Data Controller, compliant with the provisions of the NDPR.
  • iv. General overview of the data protection mechanism to protect Nigerian citizens’ data.
  • NITDA shall relate with the Office of the Attorney General of the Federation to seek guidance on Nigerian legal position on any aspect of the Regulation or where there is a breach of private data in a foreign jurisdiction.

    We have engaged a Data Protection Compliance Organisation (DPCO) but our audit process is not concluded, what should we do?

    The Controller may through its appointed DPCO file a request for extension, stating the processes already initiated and other information to show commitment to compliance.

    We process less than 2000 data subjects, do we need to file data Audit Report?

    NO! there is no need to file audit report, however it is essential to conduct the audit for future reference.

    How do we submit the audit report?

    The report, accompanied with requisite payment, is to be submitted through a DPCO to NITDA.

    If we file the Initial Data Audit Report (IDAR), would we be obligated to file another report before 15th March, 2020?

    NO! Organisations who implement demonstrable corrective measures after filing IDAR are exempt from filing 2019 Annual Audit Report which expires on 30th June, 2020

    How much are we to pay for audit filing.
  • Filing of Report of less than 5,000 Data Subjects N10,000
  • Filing of Report of more than 5,000 Data Subjects N20,000
  • How do we pay the Audit Filing fee?

    Pay into NITDA TSA account. In the Description, write- XXXXXX LTD AUDIT FILING. (Note that the GIFMIS number is not a mandatory field)

    Can Data Controllers and Processors file Audit Reports directly?

    NO! filing of audit report must be done through a DPCO

    Our sector regulator has issued a data protection regulation for my sector, are we still expected to still comply with the NDPR?

    Yes, the NDPR applies to all sector and every data controller and processor.

    What are the possible consequences of non-compliance with the NDPR
  • i. Breach of personal data by a non-compliant Controller or Processor would attract criminal and administrative sanctions
  • ii. Data Subjects have the right to take civil actions against the Controller on the basis of the NDPR
  • iii. Business implication of non-compliance include brand image damage, loss of customers, restriction from international market opportunity; lack of support from national Supervisory Authority against foreign investigation of breach by an international authority.
  • Does the NDPR limit my right as a professional to advise clients on Data Protection?

    NO! Professionals are not restricted from performing their professional duties; however, only licensed DPCOs can provide verification statement on an audit report. Also, request for recognition of data protection training, services or products is predicated on licensing as a DPCO except management deems otherwise.

    We are an indigenous IT company service Providers how do we obtained IICP licence/ certificate?

    You can obtain this licence/certificate by visiting Indigenous ICT Company Registration Portal to register your company and upload all the necessary documents listed out by the Agency and submit.

    How much does it cost to register?
    Registration is free.
    Can I register my company without a government domain name?

    No, your company must have a government domain name for you to register

    How do I obtain a government domain name?

    You can visit NiRA to get list of accredited registrars and chose one that can register a domain for you.

    How much time do the license/ certificate take to be obtained?

    Upon successful registration and upload of all necessary documents, verification will be done. When NITDA is satisfied with all the documents submitted, a provisional license that will last for six (6) months will be provided to you within a period of 10 working days.

    What are the necessary documents needed to obtain this license/ certificate?

    All necessary documents needed to obtain the registration certificate are listed on the online registration portal Indigenous ICT Company Registration Portal

    Can a company which started functioning and does not meet all requirements outlined by the Agency be given this certificate?

    No, It is mandatory to submit verifiable documents before registration certificate can be issued.

    What is the validity period of the certificate?

    The Provisional license last for Six (6) months, while the original Certificate last for Two (2) years.

    How do I renew the certificate?

    Renewal at the moment is automatic and is done by returning the expired one and upon citing updated necessary documents submitted at the initial application stage. However this can be change at the discretion of NITDA management.

    Do you have a support mail where I can register my complaints please?

    All complaints concerning the registration process can be sent to the Agency mail info@nitda.gov.ng that is managed by the Servicom Unit or to the registration desk officer.

    If i have difficulties in submitting my registration what should I do?
    When such issues arise and since we are yet to establish first contact with you, the best option is to send a message to the Agency mail info@nitda.gov.ng stating your challenges and how to reach you.
    What do you do when you encounter any registration issue?
    Contact iicp@nitda.gov.ng or 08131976463
    What do you do when you misplace your original or provisional certificate?
    Provide a police report and affidavit.
    For complaints and enquiries
    contact iicp@nitda.gov.ng
    What are my chances of getting a scholarship?
    This will depend on your performance at the scholarship examination and interview. Every applicant has equal opportunity.
    How do I know if I am eligible to apply?
    Can I choose the University I intend to study?
    You cannot, NITDA will provide a list of universities that it has collaboration with, which you can choose from depending on your area of study.
    How do I know when to apply for the scholarship?
    Adverts will be placed in national dallies and on the NITDA website and Scholarship portal
    What is NITDEF scholarship?
    NITDEF is the National Information Technology Development Fund Scholarship which is meant for Nigerian graduates, who have made a First Class or Second Class Upper in any IT related course. The scholarship covers only Msc and PhD.
    How are candidates selected?
    After application, shortlisted candidates will be required to write an aptitude test, upon which the scholarship will be awarded to two candidates with the highest scores, one person selected from each state for MSc and one person per geopolitical zone for PhD. Note: that the PhD scholarship is only for lecturers in Higher Institutions
    Does the scholarship cover local Universities?
    Yes, the Scholarship cover local Universities.
    Does NITDA offer employment after completion of scholarship?
    No NITDA does not offer employment
    Who is the NITDA Academy training programs meant for?

    NITDA Academy training programs are meant for staff who are in the Ministries, Departments and Agencies (MDAs), Students, special interest groups, Researchers and the General Public.

    What type of courses are offered by NITDA Academy?

    A wide variety of courses are offered ranging from digital literacy, networking, cybersecurity, programming, Internet of Things (IoT) , Big Data, Artificial Intelligence (AI), Embedded Systems Designs and digital entrepreneurship among others.

    Can I enroll myself for any course?

    Many of the courses can be self-enrolled or instructor can enroll students, however, you need to simply register first on the website. To register simply navigate to NITDA Academy’s home page, click “REGISTER” on the top right corner of the page and you will be brought to the registration page. Fill in your details and click on “SUBMIT” to create an account.

    Where can I find my login details?

    You create your login details during registration. Your username is always your email address and you can create a password of your choice. To log in simply go to NITDA Academy’s home page, click “LOGIN” on the top right hand corner of the page and you will be brought to the login page. Enter your username and password. You will then be brought to your Member’s area.

    What happens if I forget my password?

    - If you forget your password, don’t worry. Click on “login” on the homepage and this will take you to the login page. You will see a “forgot password” link under where you enter your login details. Click on “forgot password” and an email will be sent to your email address in order to reset your password.

    Are NITDA Academy programs free?

    NITDA Academy provides free access to self-enroll courses and free access and training for instructor led courses offered by our top industry partners such as Cisco and Huawei etc. However, industry certification exam vouchers are not free.

    What is the training duration?

    Different courses have different durations based on content and difficulty level.

    Do I get a certificate after the training?

    Yes. However, other conditions may apply such as assessment and examinations

    What happens next after completing a training?

    The choice is yours whether to enroll for another course or an advance component of the course.

    Who do I contact with other questions?

    You can contact us by email at academy@nitda.gov.ng or info@nitda.gov.ng

    I have submitted but not received a confirmation

    •Check junk or spam mail for the link or otherwise

    •Send email to academy@nitda.gov.ng

    How do I apply for a Government Domain?

    There are two ways to register a .GOV.NG domain name as provided for on NITDA website https://nitda.comepower.com.ng/gov-ng-domain-registration. You can either send a written application to National Information Technology Development Agency (NITDA) or Nigeria internet Registration Association (NiRA) through any of the accredited registrars. See https://www.nira.org.ng/accredited-registrars for the list of accredited registrars and you may contact them.

    What is the criterion for government domain?

    All websites/portal of government constituents at all levels (Federal, State and Local governments) or specialized projects of government that would last for 18 months or more are required to register on .GOV.NG zone.

    How much does it cost to register a domain?

    Currently, NITDA charges no fee for .GOV.NG domain name registration and update. However, if a .GOV.NG domain name is registered through a NiRA accredited registrar, it is expected that the registrar would charge a consultancy fee. The charged fee varies from one registrar to another.

    Can I register a domain without name server as well as Admin and Technical Contacts?

    No. This is not possible. The information is needed to populate the registry at the time of creating the domain.

    What is the criterion for Administrative and Technical Contact?

    The admin contact must be a member of staff of the institution/MDA while the technical contact can either be a member of staff of the MDA or a consultant to the institution/MDA where a technical staff is not available.

    Who should the request for a .gov.ng be addressed to?

    The letter must be addressed to the Director General of NITDA and a scanned/Advance copy can be submitted to domains@nitda.gov.ng while the hard copy is sent to NITDA.

    How do I update my domain information and name server?

    To update registration information through NITDA, an authorization letter containing the information to be updated should be communicated to NITDA through the email domains@nitda.gov.ng The letter should be signed by the most senior officer and must include the contact phone number for verification.

    What are the modes of communication with NITDA?

    NITDA uses domains@nitda.gov.ng and phone numbers 08140504418, 08119131085 and 08119130085 for domain management related issues.

    How do I know if my requested domain will be approved?

    Domains are in levels. For example nitda.gov.ng is a third label domain while judiciary.kn.gov.ng is a fourth level domain. While Federal MDAs only, are allowed to be on third level domain, agencies of state government and local government must be on the forth level and the zone of their states. Available zones are ab.gov.ng ad.gov.ng ak.gov.ng an.gov.ng be.gov.ng bo.gov.ng bu.gov.ng by.gov.ng cr.gov.ng dl.gov.ng eb.gov.ng ed.gov.ng ek.gov.ng en.gov.ng gm.gov.ng im.gov.ng jg.gov.ng kb.gov.ng kd.gov.ng kg.gov.ng kn.gov.ng kt.gov.ng kw.gov.ng lg.gov.ng na.gov.ng ni.gov.ng og.gov.ng on.gov.ng os.gov.ng oy.gov.ng pl.gov.ng rv.gov.ng sk.gov.ng tr.gov.ng yb.gov.ng zm.gov.ng abj.gov.ng

    How can I verify if a particular domain is available?

    You will need to visit https://whois.nic.net.ng to check the availability of any domain of your choice before you make your request.

    How long does it take to get a .gov.ng domain?

    If all requirements are provided in the authorization letter and NITDA is able to verify the authenticity of the contents of the letter, the approval, registration and/or update is carried out within 24 hours.

    How long can I have my .gov.ng domain active before it expires?

    .gov.ng domain names do not expire.

    Can NITDA help to host my domain?

    NITDA does not host domains. However, all government domains and websites are expected to be hosted locally and any violation of this will attract sanctions as stipulated in the Nigeria Data Protection Regulation.

    What is the Nigeria Digital Trustmark?
    The Nigeria Digital Trustmark is a certification scheme introduced by the National Information Technology Development Agency (NITDA) to promote trust, transparency, and consumer confidence in digital products and services offered by Nigerian businesses.
    Who is eligible to apply for the Nigeria Digital Trustmark?
    Any Nigerian business or organization offering digital products or services, including e-commerce platforms, fintech companies, software developers, and digital service providers, is eligible to apply for the Nigeria Digital Trustmark certification.
    What are the benefits of obtaining the Nigeria Digital Trustmark certification?
    The Nigeria Digital Trustmark certification offers several benefits, including enhanced credibility and trustworthiness among consumers, improved market access and competitiveness, compliance with regulatory requirements, and access to promotional opportunities and government support programs.
    How does the Nigeria Digital Trustmark certification process work?
    The certification process involves several steps, including application submission, assessment of compliance with predefined criteria and standards, verification of documentation and evidence, and issuance of the Digital Trustmark certification upon successful completion of the assessment.
    How much time do the license/ certificate take to be obtained?

    Upon successful registration and upload of all necessary documents, verification will be done. When NITDA is satisfied with all the documents submitted, a provisional license that will last for six (6) months will be provided to you within a period of 10 working days.

    What criteria are evaluated during the Nigeria Digital Trustmark certification assessment?
    The assessment criteria cover various aspects of digital products and services, including data privacy and protection, cybersecurity measures, user experience and accessibility, transparency and accountability, compliance with relevant regulations and standards, and customer support and dispute resolution mechanisms.
    How long does it take to obtain the Nigeria Digital Trustmark certification?
    The certification process timeline may vary depending on factors such as the complexity of the applicant's digital products or services, the completeness of the documentation provided, and the workload of the certification body. However, the process certification of Verifiers typically takes several weeks to complete, while for Vendor is less than 14 working days
    Is the Nigeria Digital Trustmark certification recognized internationally?
    While the Nigeria Digital Trustmark certification is primarily intended for Nigerian businesses and consumers, it aligns with international best practices and standards for digital trust and cybersecurity. As such, it may enhance the credibility and competitiveness of certified businesses in both domestic and international markets.
    How can consumers identify businesses with the Nigeria Digital Trustmark certification?
    The certification process timeline may vary depending on factors such as the complexity of the applicant's digital products or services, the completeness of the documentation provided, and the workload of the certification body. However, the process certification of Verifiers typically takes several weeks to complete, while for Vendor is less than 14 working days
    Is the Nigeria Digital Trustmark certification mandatory for all Nigerian businesses?
    While the Nigeria Digital Trustmark certification is not mandatory for all Nigerian businesses, it is encouraged as a voluntary initiative to promote digital trust and confidence in the Nigerian digital economy. However, certain sectors or industries may be subject to specific regulatory requirements or certification mandates.
    What is NITDA VAPT Service?
    NITDA VAPT Service stands for Vulnerability Assessment and Penetration Testing Service, offered by the National Information Technology Development Agency (NITDA) in Nigeria. It is a cybersecurity service aimed at identifying and addressing vulnerabilities in information systems and networks.
    What is the purpose of NITDA VAPT Service?
    The primary purpose of NITDA VAPT Service is to enhance the cybersecurity posture of organizations by identifying weaknesses and vulnerabilities in their IT infrastructure, applications, and networks. It helps organizations proactively detect and mitigate security risks before they can be exploited by malicious actors.
    What does the NITDA VAPT Service entail?
    NITDA VAPT Service typically involves two main components: Vulnerability Assessment (VA) and Penetration Testing (PT). Vulnerability Assessment identifies and assesses potential vulnerabilities in an organization's IT systems, while Penetration Testing simulates real-world cyber attacks to evaluate the effectiveness of security controls and defenses.
    How does NITDA conduct Vulnerability Assessment and Penetration Testing?
    NITDA employs a team of skilled cybersecurity professionals who use automated tools, manual techniques, and ethical hacking methodologies to conduct Vulnerability Assessment and Penetration Testing. They identify security weaknesses, prioritize risks, and provide recommendations for remediation.
    What are the benefits of NITDA VAPT Service?
    The benefits of NITDA VAPT Service include: Improved cybersecurity posture Enhanced protection of sensitive data and assets Identification and mitigation of security vulnerabilities Compliance with regulatory requirements and industry standards Increased confidence and trust from stakeholders and customers
    Is NITDA VAPT Service available for all types of organizations?
    The benefits of NITDA VAPT Service include: Improved cybersecurity posture Enhanced protection of sensitive data and assets Identification and mitigation of security vulnerabilities Compliance with regulatory requirements and industry standards Yes, NITDA VAPT Service is available to only government agencies and educational institutions to strengthen their cybersecurity defenses and protect against cyber threats.
    How can organizations request NITDA VAPT Service?
    Organizations interested in NITDA VAPT Service can contact the National Information Technology Development Agency (NITDA) through their official website or by hardcopy. They can submit a request for VAPT assessment, and NITDA will guide them through the process. Improved cybersecurity posture Enhanced protection of sensitive data and assets Identification and mitigation of security vulnerabilities Compliance with regulatory requirements and industry standards Yes, NITDA VAPT Service is available to only government agencies and educational institutions to strengthen their cybersecurity defenses and protect against cyber threats.
    Is NITDA VAPT Service free of charge?
    Yes, it is free for Government Agencies and Educational institutions. Enhanced protection of sensitive data and assets Identification and mitigation of security vulnerabilities Compliance with regulatory requirements and industry standards Yes, NITDA VAPT Service is available to only government agencies and educational institutions to strengthen their cybersecurity defenses and protect against cyber threats.
    What is the Nigeria Public Key Infrastructure (NPKI)?
    The Nigeria Public Key Infrastructure is a framework established by the Nigerian government to provide standardized Certification Authority (CA) services to facilitate the secure transmission and exchange of information electronically.
    What is a National CA?
    The Nigeria National CA is a Certificate Authority charged with the responsibility of issuing digital certificates to Subordinate CAs and ensuring the highest level of trust in the NPKI. The Nigeria National CA is operated and governed by the National Information Technology Development Agency (NITDA).
    How does a National CA work?
    Upon verifying the identities and authenticity of prospective Sub-CAs, the Nigeria National CA issues digital certificates to Sub-CAs. The self-signed certificate of the Nigeria National CA is pre-installed in browsers which allows them to trust certificates issued by the Nigeria National CA
    How does an end-user benefit from a National CA and its Sub-CAs?
    End-users leverage on the National CA’s trust to affirm the authenticity of websites and software applications. End user browsers employ the CA certificate to verify a website’s identity and subsequently create a secure, encrypted connection with the website's server.
    Can an end-user directly interact with a National CA?
    The National CA does not directly deal with end-users. End-users typically interact with Sub-CAs licensed by the National CA, through applications for digital certificates.
    How can I apply for a digital certificate under the Nigeria PKI?
    To apply for a digital certificate under the Nigeria PKI, you must approach one of the NITDA-licensed Subordinate Certification Authorities (Sub-CAs). The application process involves providing identity verification documents and satisfying security requirements set by NITDA.