Nigeria tells payment firms to store data at home by 2027

·

·

2 min read

Lagos skyline on a tech.africa graphic about Nigeria's payment-data localisation rule

Nigeria’s payment industry has been given until the start of 2027 to bring its data home. The Central Bank of Nigeria (CBN) wants payment records generated in the country stored on Nigerian soil, a shift that could force costly migrations for the many fintechs and banks that run on foreign cloud infrastructure.

In a circular from its Payments System Supervision Department, signed by its director, Rakiya Yusuf, the CBN has directed banks, fintechs, mobile money operators, and other payment service providers to store and manage locally generated payment transaction data within Nigeria. The deadline to comply is 1 January 2027.

More than data localisation

Data localisation, the requirement to keep data inside the country where it is generated, is the headline change, but the circular goes further. It also introduces market-structure requirements, obligations to disclose ultimate beneficial ownership, and broader systemic oversight measures for firms that move money through Nigeria’s payment system.

The CBN frames the rules as a way to improve regulatory visibility, strengthen consumer protection and reduce the operational risks of holding critical payment data offshore, where the regulator has limited reach if something goes wrong.

How it fits Nigeria’s data rules

The directive sits atop Nigeria’s broader data-protection regime. The Nigeria Data Protection Act of 2023, and the Nigeria Data Protection Commission’s General Application and Implementation Directive, which took effect in September 2025, already govern how personal data can leave the country, generally allowing cross-border transfers only where the destination offers adequate protection or approved safeguards are in place.

The CBN’s move is a firmer line for one sensitive category: the payment data at the heart of the financial system. Rather than permitting transfers under safeguards, it requires that this data be kept and managed in Nigeria outright.

A scramble, and an opportunity

The practical burden falls hardest on firms that host with global cloud providers or process cross-border payments. Reviewing where records are stored, processed and backed up, and moving them onshore, is neither quick nor cheap, and fintech operators have raised concerns about migration risk, cost and whether local data centres can reliably carry payment workloads.

It is also a potential windfall for local infrastructure. Mandating in-country storage strengthens the case for building more on-the-ground capacity, feeding into Nigeria’s data-centre build-out and the continent’s wider debate over cloud and data sovereignty. Whether the local capacity and the power to run it arrive fast enough to meet the January 2027 deadline is the open question now facing the sector.

Share

Oluniyi D. Ajao Avatar

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.


Related articles