Cybercrime Prosecution In Nigerian: Strengths and Gaps In The Cyercrimes Act 2015

Over the past decade, Nigeria has witnessed exponential growth in digital technology adoption. However, it has brought with it a significant rise in cyber-related offences. In response, the Cybercrimes (Prohibition, Prevention, etc.) Act 2015 was enacted as the country’s principal legislation to tackle cybercrime. Through doctrinal methodology, this paper critically evaluates the strengths and weaknesses of the Act in prosecuting cybercrime in Nigeria. It highlights notable provisions of the Act as well as its enforcement mechanisms and institutional roles. While addressing challenges, it is discovered that there are procedural issues such as enforcement limitations, jurisdictional conflicts, and technological gaps. The paper concludes with forward-looking recommendations that include legislative refinement, institutional strengthening, judicial specialization, public enlightenment and transnational cooperation.

Introduction

Nigeria’s digital economy has expanded rapidly over the past decade, bringing with it new threats and vulnerabilities in cyberspace. From financial fraud to identity theft, cybercrime has become a serious national concern. The Cybercrimes Act 2015 marked a milestone as Nigeria’s first comprehensive legislation to combat cyber offences. Nonetheless, despite its laudable objectives, the Act’s practical effectiveness in prosecuting cybercrime remains queried. This is because cybercriminals continue to manipulate legal and technological loopholes, while enforcement agencies often lack the capacity and tools necessary for effective action. It is therefore imperative to explore the current landscape of cybercrime prosecution in Nigeria, evaluate the key provisions of the Cybercrimes Act, and identify both the strengths and the gaps in the existing legal framework.

Overview of the Cyercrimes Act 2015

The Cybercrimes Act 2015 provides a legal framework for the prohibition, prevention, detection, prosecution, and punishment of cybercrimes in Nigeria. It aims to ensure the protection of vital national information infrastructure and secure transactions in cyberspace. The Act labels unlawful access to computers and data interference as constituting cybercrime. It also criminalises cyberstalking, including threats and bullying via electronic communication; and sending of offensive or false messages using electronic communication. It provides for the protection of key infrastructure and mandates service providers to preserve subscriber information for specific durations. The Act also establishes the Cybercrime Advisory Council to coordinate and oversee the implementation of the Act. In addition, it mandates institutions such as the Economic and Financial Crimes Commission (EFCC), the Nigerian Police Force, and the Office of the National Security Adviser (ONSA) to enforce its provisions.

Strengths of the Cybercrimes Act 2015

1. Comprehensive Coverage: The Act is Nigeria’s first holistic legislation addressing the full spectrum of cyber offences. It covers crimes such as identity theft, child pornography, cyberstalking, hacking, phishing, and cyberterrorism. Its widespread scope reflects a significant legislative effort to address contemporary cyber threats. By capturing both conventional and emerging cyber threats, the Act aligns with global best practices and provides a baseline for judicial enforcement.
2. Institutional Framework: The Act empowers multiple enforcement agencies and establishes the Cybercrime Advisory Council, comprising representatives from law enforcement, intelligence, and regulatory bodies. This multi-agency approach helps promote synergy across enforcement bodies and information sharing among stakeholders.
3. Jurisdictional Reach: Section 22 of the Cybercrimes Act increases the jurisdiction of Nigerian courts to cover offences committed outside Nigeria that affect Nigerian systems or citizens. This extraterritorial provision is definitely crucial in combating transnational cybercrimes.
4. Recognition of Electronic Evidence: In tandem with Section 84 of the Evidence Act 2011, the Cybercrimes Act recognises the admissibility of electronic evidence in court. This expedites prosecution by allowing digital records, emails, and metadata to be used as evidence.
5. Regulatory Obligations for Service Providers: Telecommunication and internet service providers are obligated to cooperate with law enforcement agencies, retain user data, and report suspicious activities. This enhances traceability and supports cybercrime investigations.

Gaps and Challenges In Prosecution

1. Ambiguity in Certain Provisions: One of the most contentious sections of the Cybercrimes Act is Section 24, which criminalises sending “grossly offensive” or “false” messages online. The provision is unclear, vague, and therefore vulnerable to abuse. It has also been used to arrest journalists and critics, raising serious anxieties over freedom of expression guaranteed in Section 39 of the 1999 Constitution of the Federal Republic of Nigeria (as amended).
2. Poor Technical Capacity: Law enforcement agencies often lack the forensic tools, technical expertise, and training required to investigate and prosecute cybercrimes efficiently. Many cases are compromised due to inappropriate handling of digital evidence or dependence on outdated investigation techniques. This will ultimately lead to failed prosecutions.
3. Jurisdictional Conflicts and Overlap: The roles of various enforcement agencies are not clearly defined and this may lead to duplication of efforts, inter-agency rivalry, and overall inefficiency. For instance, both the Economic and Financial Crimes Commission and the Police are empowered to investigate cybercrimes, which sometimes results in conflict. This reduces Nigeria’s speed in tracking and prosecuting cybercriminals.
4. Limited International Cooperation: Cybercrime is a universal problem that naturally demands cross-border collaboration. However, Nigeria’s current legal framework does not fully align with international standards such as the Budapest Convention on Cybercrime. Extradition, mutual legal assistance, and real-time data sharing remain significantly weak.
5. Lack of Specialized Courts: Cybercrime cases are often tried in regular courts that may not have judges with the much-needed expertise in cyber law or digital forensics. The limited judicial expertise may result in lengthy trials, misinterpretation of evidence and inconsistent judgments.
6. Inadequate Public Awareness: Many Nigerians remain uninformed of their rights and responsibilities under the Cybercrimes Act. Public education on cyber hygiene, legal remedies, and safe online practices is still inadequate. This leaves citizens susceptible to cyber threats, limits cyber-crime reporting and enforcement of the Act.

Recommendations

1. Legislative Review and Reform: The Act should be amended to clarify vague provisions and ensure compliance with constitutional rights. Section 24, in particular, which criminalises sending grossly offensive or false messages online needs to be revised. Such amendments will prevent misuse of the law, enhance legal clarity and align Nigeria’s cybercrime laws with democratic norms and international best practices.
2. Capacity Building: Continuous training for law enforcement officers, prosecutors, and judges on digital forensics, cyber investigation, and legal developments in cyber law is indispensable. Enhanced technical competence will lead to more efficient investigations, better evidence handling, and improved conviction rates in cybercrime cases.
3. Technological Investment: The government must finance modern forensic tools, secure databases, and cybersecurity infrastructure to support enforcement agencies. Advanced technologies are essential for tracking digital footprints, decrypting encrypted data, and maintaining digital evidence chains.
4. Establishment of Cybercrime Courts: Specialised cybercrime courts or dedicated divisions within existing courts should be created to accelerate cybercrime cases and ensure informed adjudication. Judicial specialization will improve the consistency and speed of rulings, and promote an in-depth understanding of complex legal issues.
5. Multi-Stakeholder Engagement: Collaborative partnerships among government, private sector, academia, and international bodies should be fostered to develop resilient cybercrime prevention and response strategies. This will ensure diverse expertise, shared responsibilities, and a more adaptive and sustainable national cybersecurity posture.
6. International Cooperation: Nigeria should ratify international treaties such as the Budapest Convention and establish frameworks for mutual legal assistance and cross-border investigations. Stronger international collaboration will help track cybercriminals operating across borders and facilitate data exchange, extradition, and coordinated enforcement.
7. Public Awareness Campaigns: Government and civil society organisations should join forces to educate the public on cybercrime risks, legal safeguards, and reporting mechanisms. An informed citizenry is less likely to fall victim to cyber threats and will be prone to report cyber incidents promptly.

Conclusion

The Cybercrimes Act 2015 is undoubtedly a landmark legislative effort in Nigeria’s journey towards an accountable and a secure digital environment. The provisions of the Act are ambitious, reflecting a keen awareness of global cyber threats. However, the Act’s effectiveness in facilitating prosecution is limited by several persistent challenges. These include vague statutory language, insufficient technical capacity, jurisdictional overlaps, lack of specialized adjudicatory mechanisms, as well as other institutional, legal, and technological constraints. These gaps not only delay justice but also weakens public confidence in the government’s ability to combat cyber threats. To build a robust and future-proof cybercrime prosecution framework, Nigeria must pursue a multi-dimensional approach which includes legislative reforms, investments in digital infrastructure, continuous capacity building, creation of specialized cybercrime courts, public-private partnerships, public engagement, and international cooperation. The effective prosecution of cybercrime in Nigeria demands a coordinated commitment to clear and consistent pathways. With concerted efforts and political will, Nigeria can safeguard its digital future and uphold rule of law in an increasingly interconnected world. 

References

Cybercrimes (Prohibition, Prevention, etc.) Act 2015.

Evidence Act 2011, Federal Republic of Nigeria.

The 1999 Constitution of the Federal Republic of Nigeria (as amended).

Obidimma E.O.C & Ishiguzo, R. O. “Legal and Institutional Framework for Cybercrime Investigation and Prosecution in Nigeria.” (2023) International Journal of Comparative Law and Legal Philosophy, 5(1)

Ndukwe, U. “Cybercrime and the Nigerian Legal Framework: An Overview. The Nigeria Lawyer.” (2022) accessed at here on May 28, 2025.

Nwafor, I. E. “Cybercrime Investigation and Prosecution in Nigeria: Bridging the Gaps.” (2024) African Journal of Legal Studies, 16(3), 249-270.
Oyewole, O. “A Review of the Cybercrimes Act 2015: Legal and Human Rights Implications.” (2021) Journal of Law and Digital Economy, 3(1).

About Author

Adewuyi Stella Jesuloluwa is a legal researcher and writer with a keen interest in corporate law, environmental law, arbitration, energy and emerging technologies. With a growing portfolio of scholarly articles published on various reputable platforms, she has contributed to conversations on regulatory frameworks, climate finance, artificial intelligence, and space law. A detail-oriented analyst, her aim is to bring critical insight to Nigeria’s evolving legal and policy landscape.