A man smiling holding a table talking to another man


Nigeria is undergoing a digital transformation. Digital transformation is about reimagining how you bring together people, data, and processes to create value for your customers and maintain a competitive advantage in a digital-first world. Digital transformation is the next industrial revolution and every company, from large multi-national corporations to the small and medium sized businesses who have become the backbone of the local economy, will need to start thinking and operating like a digital company. Powered by improving connectivity, a rise in smartphone use and the global connection of devices, businesses, and institutions across various sectors are reassessing their technology strategies to better engage their customers, empower their employees, optimize their operations, and transform their products and services.

The Nigerian government has over the years initiated and adopted several policies and regulations aimed at guiding the development of the ICT sector and harnessing its huge potential for national development and capacity building in a manner which gives effect to the rights to privacy enshrined in the Nigerian Constitution.1

At Microsoft, we believe that hyper-scale cloud services, in particular, can play a pivotal role in helping Nigeria unlock its key socio-economic objectives while ensuring a safer, more secure and more effective environment which adheres to accepted international technical standards.

Many have already realised the obvious benefits of cloud services, including efficiencies, cost savings, cyber-resilience and secure access. Increasingly, those looking to future-proof their business are also recognising that to fully harness the potential of technologies like artificial intelligence, machine learning, Internet of Things, and augmented or virtual reality, they will likely need to rely on the hyper-scale cloud and the scalability it can offer. Use of cloud services can also provide a competitive edge.

All clouds are not created equal. As more Nigerians recognise the power and importance of cloud driven technologies, the selection of a trusted cloud service provider with a long history of delivering on privacy and security commitments in a compliant and transparent manner, now more than ever, is a critical part of the cloud journey for any customer. In a time when technology is changing almost every aspect of our lives, and the change is also causing disruption and uncertainty, Microsoft continues to draw from its past as we seek the right answers to questions about how best to realize opportunities ahead and create a trusted, responsible, and inclusive cloud.

Microsoft has led the cloud technology revolution in Nigeria and provides its customers with state of the art cloud services. Its solutions such as Microsoft Azure, Office 365, and Microsoft Dynamics 365 power many different customers across the MEA region, including SMEs, large global corporates, public sector, and non-profit organizations. These are just some of the Microsoft cloud services driving the digital transformation across the globe as we seek to empower every individual and every organization on the planet to achieve more in a safe, secure, and legally compliant manner.


  • Cloud adoption in Nigeria has, as in many other countries, been accompanied by concerns about regulatory compliance. These concerns focused, in particular, on the ability of cloud service providers to ensure a high level of security and privacy compliance. That is changing as organizations understand they can move to the cloud in a way that meets and often exceeds all their security and privacy requirements. Indeed, cloud solutions from leading providers such as Microsoft are now being recognised for their ability to offer levels of security and privacy compliance that can exceed those available via in-house solutions of even the most sophisticated organizations.

    At Microsoft, we welcome these positive developments. We are pleased to have already participated in a large number of compliance conversations with customers and regulators across sectors. Through these conversations, we have developed a broad range of materials to help our customers in Nigeria move to the cloud in a way that meets their regulatory requirements and stay at the forefront of compliance, so that our customers can be confident that their use of Microsoft cloud services meets the necessary requirements.

  • The laws governing the adoption of cloud computing in Nigeria fall into two categories – general laws and regulations that apply broadly to all organizations; and laws and regulations that only apply to organizations within specific sectors. There is presently no specific regulation for cloud services in Nigeria.

    Microsoft is proud to confirm that it meets regulatory and compliance requirements for use of the cloud in some of the most highly regulated industries across the globe and can help you to achieve compliance with the regulatory and compliance requirements applicable in your sector.

    • Currently in Nigeria, data privacy laws are primarily governed by Nigeria's Constitution2 and the common law. The right to privacy is recognised as a fundamental right. In Nigeria, there is currently an absence of cohesive data protection law that regulate privacy and the protection of data. The Constitution of the Federal Republic of Nigeria provides that: "the privacy of citizens, their homes, correspondence, telephone conversations, and telegraphic communications is hereby guaranteed and protected". Other than this constitutional provision, there is no other comprehensive law that sets out detailed provisions on the protection of privacy in Nigeria. There are however, a few industry-specific and targeted laws and regulations that provide some additional privacy-related protections.

      The Data Protection Bill 2015, currently awaiting presidential assent, will regulate personal data3 for the purpose of providing information relating to individuals, including the obtaining, holding, use, or disclosure of such information across different industry sectors.

      The National Information Technology Development Agency (NITDA) which is the national authority that is responsible for planning, developing, and promoting the use of information technology in Nigeria, has also issued draft guidelines on data protection (the Draft NITDA Guidelines). The Draft NITDA Guidelines prescribe the minimum data protection requirements for the collection, storage, processing, management, operation, and technical controls for information and is currently the only robust set of regulations that contains specific and detailed provisions on the protection, storage, transfer or treatment of personal data. The Draft NITDA Guidelines will apply to federal, state, and local government agencies and institutions as well as private sector organizations that own, use, or deploy information systems in the Federal Republic of Nigeria, and also purport to apply to organizations based outside Nigeria if such organizations process personal data of Nigerian residents. The Draft NITDA Guidelines define "personal data" as: "any information relating to an identified or identifiable natural person (data subject); information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, address, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address".

      The Freedom of Information Act, 2011 (FOI Act) which seeks to protect personal privacy provides that a public institution is obliged to deny an application for disclosure of information that contains personal information unless the individual involved consents to the disclosure, or where such information is publicly available. Also, the FOI Act provides that a public institution may deny an application for disclosure of information that is subject to various forms of professional privilege conferred by law (such as lawyer-client privilege and health workers-client privilege).

      The Child Rights Act which regulates the protection of children (persons under the age of 18 years) limits access to information relating to children in certain circumstances.

    • The Cybercrime Act (Prohibition, Prevention), etc 2015 (a) provides for the prohibition, prevention, detection, prosecution and punishment of cybercrimes in Nigeria, (b) ensure the protection of critical national information infrastructure, and (c) promote cyber security and the protection of computer systems, networks, electronic communications, data and computer programs, intellectual property and privacy rights.

  • This checklist provides a detailed look into the legal obligations that may affect your usage of Microsoft Cloud Services.

    Click here to download the checklist.

  • 1 Federal Republic of Nigeria National Information and Communication Technology (ICT) Policy
    2 Part II of the Constitution of the Federal Republic of Nigeria, 1999 (as amended)
    3 Section 37 of the Constitution of the Federal Republic of Nigeria, 1999
    4Means “data which relate to a living individual who can be identified from those data…".



We build our services from the ground up to help safeguard your data


Our policies and processes help keep your data private and in your control


We provide industry-verified conformity with global standards


We make our policies and practices clear and accessible to everyone


*EXPLANATORY NOTE AND DISCLAIMER: This website is intended to provide a summary of key legal obligations that may affect customers using Microsoft cloud services. It indicates Microsoft’s view of how its cloud services may facilitate a customer's compliance with such obligations. This website/document is intended for informational purposes only and does not constitute legal advice nor any assessment of a customer's specific legal obligations. You remain responsible for ensuring compliance with the law. As far as the law allows, use of this website/document is at your own risk and Microsoft disclaims all representations and warranties, implied or otherwise.