Open Mon-Fri : 08:30am to 04:30pm

I Have a Question About

IT Project Clearance
Data Protection
IICP Registration
NITDA Academy
Domain Name Registration
Why does a Federal Public Institution need to submit its projects to NITDA for Clearance?

The reasons for IT Projects Clearance are to ensure:

  • i. That IT projects are not replicated;
  • ii. Integration of systems and services by Federal Public Institution to save costs, promote shared services, interoperability and improve efficiency;
  • iii. That there is an indigenous capacity for after-sales-service to sustain the project beyond the initial deployment; and
  • iv. That the project promotes indigenous content and that preference shall be given to indigenous companies where capacity or the product or service exists.
  • For more information, kindly read Guidelines for Clearance of Information Technology (IT) Projects by Ministries, Departments and Agencies (MDAs)

    What type of projects should a Federal Public Institution submit for Clearance?

    Only IT related projects should be submitted to NITDA for Clearance

    How does a Federal Public Institution submit its IT projects for Clearance?

    All projects are expected to be submitted via the visit IT Projects Clearance portal

    For more information, please see Requirements for Registration on the IT Projects Clearance portal.
    At what stage is a Federal Public Institution expected to submit its IT projects to NITDA for Clearance?

    All proposed IT projects are expected to be submitted to NITDA for Clearance at their Conceptualization stage.

    What is the minimum estimated amount for a Federal Public Institution’s proposed IT project requires submission for Clearance by NITDA?

    Currently, there is no minimum estimated amount. All proposed IT projects are expected to be submitted to NITDA for Clearance.

    How long does it take to obtain clearance?

    The IT Projects Clearance team will communicate within 21 working days

    Can a Federal Public Institution proceed with implementation of its IT project with a Conditional Clearance?

    NO. The Conditional Clearance cannot be used by Federal Public Institution for implementation of its IT project.

    What specific objectives is the Regulation meant to achieve?

    The objectives of the NDPR are: data privacy protection; secure exchange of data; improve business environment and create sustainable jobs.

    What is the scope of the NDPR. Who does it apply to?

    The NDPR applies to all residents of Nigeria; all Nigerians within and outside Nigeria.

    Has the Regulation come into effect and when does the 6-months grace period expire?

    The Regulation came into effect on 25th January, 2019. A major advertorial was carried in four major national dailies between 14th and 15th of February, 2019 to sensitize people on this. The grace period elapsed by 25th of July, 2019 and extended till 25th October, 2019.

    What is data processing?

    Processing is defined in Article 1.3(r) as follows: “Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction; …

    What is the legislative competence of NITDA to issue data regulation?

    NITDA is empowered to regulate electronic data use in Nigeria. Section 6(a and c) of the NITDA Act 2007 makes this clear. This provision makes it clear that NITDA has the authority to regulate data from any electronic or digital platform. A breach of NITDA regulation is a breach of the NITDA Act as provided by Section 17 and 18 of the Act. Therefore, a breach of this Regulation is enforceable in the Nigerian court.

    Our business operates an international model, wherein customer’s data are transferred across borders often, how does the NDPR impact on this model?

    The NDPR recognizes the need for cross-border transfer of data in an era of globalized and high-speed business transactions. Article 2.11 of the Regulation, which relates to Transfer to a Foreign Country, addresses this concern. To comply with the provision and other aspects of the Regulation, the Data Controller would provide the following:

  • i. The List of Countries where personally identifiable information of Nigerian citizens are transferred in the regular course of business.
  • ii. The Data Protection laws and contact of National Data Protection Office/Administration of such countries listed in i) above.
  • iii. The privacy policy of the Data Controller, compliant with the provisions of the NDPR.
  • iv. Overview of encryption method and data security standard
  • v. Any other detail that assures the privacy of personal data is adequately protected in the target country.
  • These information may be captured in the annual data audit report where the transfer is done in the regular course of business

    Does the NDPR mandate businesses to host data only on local servers?

    The NDPR does not mandate private businesses to host data only on local servers, although this is highly encouraged. Government data as well as critical national data in the custody of private organisations must however be hosted in-country. Where hosted abroad, the Data Controller, should however, provide NITDA with the countries where such servers are located and their data protection policies.

    Would data privacy audits conducted by private auditors be compliant to the NDPR?

    NITDA does not accept audit report by non-licensed third-party auditors. The Data Controller may encourage its auditors to obtain the Data Protection Compliance Organisation (DPCO) license or alternatively deal with NITDA licensed DPCOs. Every audit report required under the Regulation must be accompanied by a Verification Statement by a licensed DPCO.

    When are Data Controllers expected to file data protection audit report?

    Except for other specified purposes or request by NITDA, Data Controllers are expected to file their data audit report annually before the 15th of March of the following year.

    What is the role of a Data Protection Compliance Organisation (DPCO)

    A “Data Protection Compliance Organization (DPCO)” means any entity duly licensed by NITDA for the purpose of training, auditing, consulting and rendering services and products for the purpose of compliance with the NDPR or any foreign Data Protection Law or Regulation having effect in Nigeria. In essence any organization that wishes to provide any form of data privacy protection service to Nigerian companies must acquire this license. Submission of annual audit report by Data Controllers must be accompanied by a verification statement by a licensed DPCO.

    Do Data Controllers wishing to transfer data abroad, obtain permission of the Attorney-General of the Federation before doing so?

    Article 2.11 of the NDPR provides: Any transfer of Personal Data which is undergoing processing or is intended for processing after transfer to a foreign country or to an international organisation shall take place subject to the other provisions of this Regulation and the supervision of the Honourable Attorney General of the Federation (HAGF).

    Data Controllers do not require permission of the Attorney-General for every transfer of Data outside Nigeria. In transferring data abroad, Data Controllers shall provide the following information to NITDA through their annual audit report or where specifically requested by NITDA.

  • i. The List of Countries where Nigerian citizens personally identifiable information of Nigerian citizens are transferred in the regular course of business.
  • ii. The Data Protection laws and contact of National Data Protection Office/Administration of such countries listed in i) above.
  • iii. The privacy policy of the Data Controller, compliant with the provisions of the NDPR.
  • iv. General overview of the data protection mechanism to protect Nigerian citizens’ data.
  • NITDA shall relate with the Office of the Attorney General of the Federation to seek guidance on Nigerian legal position on any aspect of the Regulation or where there is a breach of private data in a foreign jurisdiction.

    We have engaged a Data Protection Compliance Organisation (DPCO) but our audit process is not concluded, what should we do?

    The Controller may through its appointed DPCO file a request for extension, stating the processes already initiated and other information to show commitment to compliance.

    We process less than 2000 data subjects, do we need to file data Audit Report?

    NO! there is no need to file audit report, however it is essential to conduct the audit for future reference.

    How do we submit the audit report?

    The report, accompanied with requisite payment, is to be submitted through a DPCO to NITDA.

    If we file the Initial Data Audit Report (IDAR), would we be obligated to file another report before 15th March, 2020?

    NO! Organisations who implement demonstrable corrective measures after filing IDAR are exempt from filing 2019 Annual Audit Report which expires on 30th June, 2020

    How much are we to pay for audit filing.
  • Filing of Report of less than 5,000 Data Subjects N10,000
  • Filing of Report of more than 5,000 Data Subjects N20,000
  • How do we pay the Audit Filing fee?

    Pay into NITDA TSA account. In the Description, write- XXXXXX LTD AUDIT FILING. (Note that the GIFMIS number is not a mandatory field)

    Can Data Controllers and Processors file Audit Reports directly?

    NO! filing of audit report must be done through a DPCO

    Our sector regulator has issued a data protection regulation for my sector, are we still expected to still comply with the NDPR?

    Yes, the NDPR applies to all sector and every data controller and processor.

    What are the possible consequences of non-compliance with the NDPR
  • i. Breach of personal data by a non-compliant Controller or Processor would attract criminal and administrative sanctions
  • ii. Data Subjects have the right to take civil actions against the Controller on the basis of the NDPR
  • iii. Business implication of non-compliance include brand image damage, loss of customers, restriction from international market opportunity; lack of support from national Supervisory Authority against foreign investigation of breach by an international authority.
  • Does the NDPR limit my right as a professional to advise clients on Data Protection?

    NO! Professionals are not restricted from performing their professional duties; however, only licensed DPCOs can provide verification statement on an audit report. Also, request for recognition of data protection training, services or products is predicated on licensing as a DPCO except management deems otherwise.

    We are an indigenous IT company service Providers how do we obtained IICP licence/ certificate?

    You can obtain this licence/certificate by visiting Indigenous ICT Company Registration Portal to register your company and upload all the necessary documents listed out by the Agency and submit.

    How much does it cost to register?
    Registration is free.
    Can I register my company without a government domain name?

    No, your company must have a government domain name for you to register

    How do I obtain a government domain name?

    You can visit NiRA to get list of accredited registrars and chose one that can register a domain for you.

    How much time do the license/ certificate take to be obtained?

    Upon successful registration and upload of all necessary documents, verification will be done. When NITDA is satisfied with all the documents submitted, a provisional license that will last for six (6) months will be provided to you within a period of 10 working days.

    What are the necessary documents needed to obtain this license/ certificate?

    All necessary documents needed to obtain the registration certificate are listed on the online registration portal Indigenous ICT Company Registration Portal

    Can a company which started functioning and does not meet all requirements outlined by the Agency be given this certificate?

    No, It is mandatory to submit verifiable documents before registration certificate can be issued.

    What is the validity period of the certificate?

    The Provisional license last for Six (6) months, while the original Certificate last for Two (2) years.

    How do I renew the certificate?

    Renewal at the moment is automatic and is done by returning the expired one and upon citing updated necessary documents submitted at the initial application stage. However this can be change at the discretion of NITDA management.

    Do you have a support mail where I can register my complaints please?

    All complaints concerning the registration process can be sent to the Agency mail that is managed by the Servicom Unit or to the registration desk officer.

    If i have difficulties in submitting my registration what should I do?
    When such issues arise and since we are yet to establish first contact with you, the best option is to send a message to the Agency mail stating your challenges and how to reach you.
    What are my chances of getting a scholarship?
    This will depend on your performance at the scholarship examination and interview. Every applicant has equal opportunity.
    How do I know if I am eligible to apply?
    Can I choose the University I intend to study?
    You cannot, NITDA will provide a list of universities that it has collaboration with, which you can choose from depending on your area of study.
    How do I know when to apply for the scholarship?
    Adverts will be placed in national dallies and on the NITDA website and Scholarship portal
    What is NITDEF scholarship?
    NITDEF is the National Information Technology Development Fund Scholarship which is meant for Nigerian graduates, who have made a First Class or Second Class Upper in any IT related course. The scholarship covers only Msc and PhD.
    How are candidates selected?
    After application, shortlisted candidates will be required to write an aptitude test, upon which the scholarship will be awarded to two candidates with the highest scores, one person selected from each state for MSc and one person per geopolitical zone for PhD. Note: that the PhD scholarship is only for lecturers in Higher Institutions
    Does the scholarship cover local Universities?
    Yes, the Scholarship cover local Universities.
    Does NITDA offer employment after completion of scholarship?
    No NITDA does not offer employment
    Who is the NITDA Academy training programs meant for?

    NITDA Academy training programs are meant for staff who are in the Ministries, Departments and Agencies (MDAs), Students, special interest groups, Researchers and the General Public.

    What type of courses are offered by NITDA Academy?

    A wide variety of courses are offered ranging from digital literacy, networking, cybersecurity, programming, Internet of Things (IoT) , Big Data, Artificial Intelligence (AI), Embedded Systems Designs and digital entrepreneurship among others.

    Can I enroll myself for any course?

    Many of the courses can be self-enrolled or instructor can enroll students, however, you need to simply register first on the website. To register simply navigate to NITDA Academy’s home page, click “REGISTER” on the top right corner of the page and you will be brought to the registration page. Fill in your details and click on “SUBMIT” to create an account.

    Where can I find my login details?

    You create your login details during registration. Your username is always your email address and you can create a password of your choice. To log in simply go to NITDA Academy’s home page, click “LOGIN” on the top right hand corner of the page and you will be brought to the login page. Enter your username and password. You will then be brought to your Member’s area.

    What happens if I forget my password?

    - If you forget your password, don’t worry. Click on “login” on the homepage and this will take you to the login page. You will see a “forgot password” link under where you enter your login details. Click on “forgot password” and an email will be sent to your email address in order to reset your password.

    Are NITDA Academy programs free?

    NITDA Academy provides free access to self-enroll courses and free access and training for instructor led courses offered by our top industry partners such as Cisco and Huawei etc. However, industry certification exam vouchers are not free.

    What is the training duration?

    Different courses have different durations based on content and difficulty level.

    Do I get a certificate after the training?

    Yes. However, other conditions may apply such as assessment and examinations

    What happens next after completing a training?

    The choice is yours whether to enroll for another course or an advance component of the course.

    Who do I contact with other questions?

    You can contact us by email at or

    I have submitted but not received a confirmation

    •Check junk or spam mail for the link or otherwise

    •Send email to

    How do I apply for a Government Domain?

    There are two ways to register a .GOV.NG domain name as provided for on NITDA website You can either send a written application to National Information Technology Development Agency (NITDA) or Nigeria internet Registration Association (NiRA) through any of the accredited registrars. See for the list of accredited registrars and you may contact them.

    What is the criterion for government domain?

    All websites/portal of government constituents at all levels (Federal, State and Local governments) or specialized projects of government that would last for 18 months or more are required to register on .GOV.NG zone.

    How much does it cost to register a domain?

    Currently, NITDA charges no fee for .GOV.NG domain name registration and update. However, if a .GOV.NG domain name is registered through a NiRA accredited registrar, it is expected that the registrar would charge a consultancy fee. The charged fee varies from one registrar to another.

    Can I register a domain without name server as well as Admin and Technical Contacts?

    No. This is not possible. The information is needed to populate the registry at the time of creating the domain.

    What is the criterion for Administrative and Technical Contact?

    The admin contact must be a member of staff of the institution/MDA while the technical contact can either be a member of staff of the MDA or a consultant to the institution/MDA where a technical staff is not available.

    Who should the request for a be addressed to?

    The letter must be addressed to the Director General of NITDA and a scanned/Advance copy can be submitted to while the hard copy is sent to NITDA.

    How do I update my domain information and name server?

    To update registration information through NITDA, an authorization letter containing the information to be updated should be communicated to NITDA through the email The letter should be signed by the most senior officer and must include the contact phone number for verification.

    What are the modes of communication with NITDA?

    NITDA uses and phone numbers 08140504418, 08119131085 and 08119130085 for domain management related issues.

    How do I know if my requested domain will be approved?

    Domains are in levels. For example is a third label domain while is a fourth level domain. While Federal MDAs only, are allowed to be on third level domain, agencies of state government and local government must be on the forth level and the zone of their states. Available zones are

    How can I verify if a particular domain is available?

    You will need to visit to check the availability of any domain of your choice before you make your request.

    How long does it take to get a domain?

    If all requirements are provided in the authorization letter and NITDA is able to verify the authenticity of the contents of the letter, the approval, registration and/or update is carried out within 24 hours.

    How long can I have my domain active before it expires? domain names do not expire.

    Can NITDA help to host my domain?

    NITDA does not host domains. However, all government domains and websites are expected to be hosted locally and any violation of this will attract sanctions as stipulated in the Nigeria Data Protection Regulation.