President Bola Tinubu has signed the National Identity Management Commission Act 2026 (NIMC Act) into law, repealing the outdated 2007 legislation and establishing a modernised legal framework for digital identity management and cybersecurity across Nigeria.
A Legal Overhaul Nearly Two Decades Overdue
The previous NIMC Act had governed Nigeria’s identity system since 2007, a period before the National Identification Number became mandatory for SIM registration, banking, and voter enrolment. NIMC said the old framework could no longer support the country’s rapid growth in electronic commerce, digital banking, and increasingly sophisticated cyber threats. The new Act addresses that gap by giving the commission expanded authority over digital identity, authentication, data protection, and cybersecurity enforcement.
NIMC Becomes Nigeria’s Root Certification Authority
A central provision of the law designates NIMC as Nigeria’s Root Certification Authority for the National Public Key Infrastructure and Digital Public Infrastructure. This positions the commission at the centre of the country’s digital trust architecture, responsible for secure authentication, encryption, digital signatures, and electronic trust services across public and private institutions.
Minister of Interior Olubunmi Tunji-Ojo said the legislation empowers NIMC to provide secure digital identity and authentication services while enabling seamless data exchange between government agencies and private companies. This interoperability is expected to reduce the fragmented, disconnected identity records that have historically enabled fraud and duplicate registrations.
Stronger Penalties For Identity Theft
The Act introduces stricter legal consequences for identity-related crimes. Unauthorised access to citizen identity records now carries a minimum sentence of five years in prison, while corporate bodies that mishandle or breach personal data face fines of up to twenty million naira. Identity fraud and duplicate registration also attract mandatory minimum jail terms under the updated framework.
The legislation aligns closely with the Nigeria Data Protection Act, reinforcing that personal information cannot be accessed or reused without an individual’s direct consent. This alignment is intended to give citizens stronger legal recourse if their biometric or identity data is mishandled.
One Person, One Identity
The Act reinforces the National Identification Number as Nigeria’s foundational identity credential under a “One Person, One Identity” principle, recognising both physical and digital forms for authentication. Government ministries, financial institutions, and telecom operators will be able to securely synchronise identity records through NIMC, reducing the need for citizens to repeatedly register biometric data across different platforms.
The law also expands access to identity registration for underserved populations, including people without permanent residential addresses, a move aimed at closing the gap between Nigeria’s NIN enrolment figures and its broader population.
Implications For Nigeria’s Digital Economy
Beyond identity management, the reforms are expected to strengthen Nigeria’s investment climate by providing trusted digital infrastructure for fintech expansion, digital lending, and cross-sector innovation. Analysts have noted that reliable identity verification supports financial inclusion, since lenders are more willing to extend credit when they can confidently verify a customer’s identity and assess risk.
Senate President Godswill Akpabio, who attended the signing ceremony alongside NIMC Director-General Abisoye Coker-Odusote and other senior officials, described the legislation as a reform that would improve national planning, border management, and security. He noted that integrating identity databases with security platforms had already strengthened law enforcement capabilities.



