The 0.5% cybersecurity levy does not affect you. Here are 6 answers to questions about the levy
After the news of a 0.5% cybersecurity levy on all electronic transactions, broke it has been trending on X with analyses of how much will be charged for sending different amounts amounts of money.
This post below assumes that individuals transferring ₦10 million will pay a cybersecurity levy of ₦50,000.
However, the circular released by the Central Bank of Nigeria (CBN) did not state that individuals will be paying this levy. Here are six questions about why the levy was created and its target.
Who pays the 0.5% cybersecurity levy?
According to the circular, a “levy of 0.5% (0.005) equivalent to a half percent of all electronic transaction value by all the business specified in the second schedule of the Act [Cybercrime Act 2024].”
This means that the levy is only for businesses that have been specified in the Act.
Which businesses does this levy apply to?
According to the second schedule of the Act, as stated in the circular, the businesses that will pay this levy are:
- Telecommunication companies
- Internet service providers
- Banks and other financial institutions
- Insurance companies
- Nigerian Stock Exchange
How will these businesses pay the cybersecurity levy?
According to the Act, the levy will be paid directly by the affected businesses into the fund “that will be domiciled by the Central Bank within a period of 30 days.”
From the CBN circular, however, the levy, which is to be paid into the National Cybersecurity Fund, will be paid by financial institutions through which these businesses perform transactions.
It gave a little insight into how the levy will be deducted.
“All banks and other financial institutions and payment service providers are hereby required to implement the above provision of the Act as follows:
Be the smartest in the room
Join 30,000 subscribers who receive Techpoint Digest, a fun week-daily 5-minute roundup of happenings in African and global tech, directly in your inbox, hours before everyone else.
The levy shall be applied to at the point of electronic transfer origination then deducted and remitted by the financial institution.
The deducted amount shall be reflected in the customer’s account with the narration, Cybersecurity levy.”
Why was the National Cybersecurity Fund created?
The National Cybersecurity Fund (NCF) was created in 2015 as a part of the Cybersecurity Act of 2015.
The Act was a framework to prevent and prosecute cybercrime perpetrators in Nigeria. The CBN circular is a way of implementing the NCF bit of the nine-year-old Act.
Similarly, the Nigeria Inter-Bank Settlement System (NIBSS) also released a circular directing banks to remove non-deposit-taking financial institutions from their transfer lists.
While banks were never allowed to do this, the circular reimplemented NIBSS’ stance.
What will the NCF be used for?
While the Act did not clearly state what the NCF will be used for, it said “an amount not exceeding 40% of the Fund may be allocated for programs relating to countering violent extremism.”
But the use of the fund will be ultimately be decided by the Office of the National Security Adviser (ONSA).
Will the cybersecurity levy be charged on all electronic transactions?
Not all financial transactions by the listed businesses will be charged the cybersecurity levy. According to the CBN, the following transactions will be exempted:
- Salary payments
- Loan disbursements and repayments
- Intra-bank transfers between customers of the same bank
- Intra-account transfers within the same bank or between different banks but for the same customer
- Letters of credit
- Treasury bills and bonds
- Commercial papers
- Government social welfare programmes
- Charitable donations and tuition payment
- Transactions involving educational institutions