CBN Data Rule Triggers Digital Infrastructure Race in Nigeria

The Central Bank of Nigeria issued a directive requiring all payment transaction data generated within the country to be stored on local servers by January 1, 2027. The rule, signed by the Director of the Payments System Supervision Department, Rakiya O. Yusuf, aims to improve regulatory oversight and strengthen data security in Nigeria’s digital payments ecosystem, officials said.

This requirement applies to banks, fintech firms, mobile money operators, payment service providers, switching companies, and other participants in the country’s digital payments ecosystem, according to official circulars reviewed by regional industry sources.

The directive, issued in mid-2026 and signed by Rakiya O. Yusuf, Director of the Payments System Supervision Department at the Central Bank of Nigeria (CBN), mandates that all payment transaction data generated within Nigeria must be stored and managed on local servers by January 1, 2027.

The CBN stated that the rule is designed to enhance regulatory oversight of Nigeria’s rapidly expanding digital payments sector by ensuring that critical transaction data is accessible within Nigerian jurisdiction. The policy aims to strengthen data security and cybersecurity by requiring sensitive financial information to be held domestically rather than in foreign locations, officials said. The directive also seeks to improve operational and systemic risk management by reducing exposure to cross-border data access issues and enhancing the resilience of payment infrastructure, the central bank added.

The new data localisation rule links compliance explicitly to Nigerian data protection laws and regulations, underscoring the government’s intent to consolidate control over financial data within its legal framework. Institutions affected by the directive are given roughly six months to migrate payment data from foreign hosting environments to Nigerian data centers, with full compliance required by the start of 2027, records show. The circular repeals prior guidelines on payment system oversight, making this directive the primary regulatory framework governing data storage and transaction processing for payment operators.

Industry reports indicate that the mandate has triggered one of Nigeria’s largest cloud and data migrations to date. Financial institutions are now moving payment data from global hyperscale cloud providers to domestic data centers, placing significant demand on Nigeria’s existing digital infrastructure. Data center operators say their capacity is being tested as they work to demonstrate the reliability, security, and scalability needed to support large-scale migration projects, according to interviews with sector insiders. These operators anticipate increased investment flows as banks and fintech companies seek colocation, private cloud, and compliant hosting solutions within Nigeria’s borders.

The directive allows continued use of international cloud service providers, provided that Nigerian payment data is physically stored within the country. This condition effectively mandates local data residency even for global platforms operating in Nigeria’s payments market. Analysts note that this requirement is reshaping infrastructure decisions, with regulatory compliance becoming as important as cost and performance considerations for digital payment systems.

The CBN’s directive is part of a broader regulatory push that includes new market structure rules aimed at reducing concentration risks in the payment sector. Payment operators designated as systemically important—those whose failure could destabilize the financial system—will be subject to deeper and more intrusive supervision, the central bank confirmed. This regulatory tightening introduces fresh compliance challenges for fintechs and banks, which must now manage the costs and operational complexities of migrating data, upgrading infrastructure, conducting security audits, and maintaining governance for locally hosted data.

Sources familiar with the transition process warn of potential migration and operational risks, including system downtime, data integrity issues, and difficulties in maintaining performance standards during and after the move. These risks are particularly acute for high-volume, real-time payment platforms, which require continuous availability and low latency.

Strategically, the directive is expected to increase demand for local data centers and compliant hosting services significantly. Nigeria’s data center operators are positioning themselves as key partners to the financial sector by offering services tailored to meet the CBN’s localisation and oversight requirements. Analysts suggest that this regulatory shift could reposition Nigeria as a regional digital hub by attracting investments that build capacity to serve both local and potentially regional financial data needs.

Experts interviewed by regional technology publications describe the policy as a step toward a data-sovereign digital economy, where critical financial data is treated as a strategic national asset. Supporters argue the move will bring benefits such as stronger cybersecurity, improved regulatory oversight, and increased local investment in digital infrastructure. However, some industry participants express concerns about rising compliance costs, particularly for smaller fintech firms that may face financial and technical hurdles in meeting the localisation mandate.

The CBN’s circular, which took effect in mid-2026, forms part of a comprehensive regulatory framework addressing payment system oversight, market structure, and ownership transparency. It replaces earlier guidelines and sets a firm deadline for compliance, signaling the central bank’s intent to enforce data localisation rigorously. The directive’s implementation over the coming months will be closely watched by stakeholders across Nigeria’s financial and technology sectors as they adapt to the new regulatory environment.

.

Comments are closed.