By Lemmy Ughegbe, Ph.D
Nigeria is witnessing an intense wave of legislative activity in the digital space, and at its centre sits the proposed National Digital Economy and E-Governance Bill.
On the surface, the bill presents itself as a modern framework to strengthen public service delivery and drive digital transformation. But beneath this polished exterior lies a quiet coup against the country’s identity system.
A closer reading shows that several provisions, if passed as they are, could dangerously erode the statutory mandate of the National Identity Management Commission (NIMC), the only institution legally entrusted with managing Nigeria’s foundational identity architecture.
The encroachment is not speculative. It is deliberately woven into the structure and spirit of the draft legislation, signalling a shift in institutional power that would dramatically reshape identity governance in ways that are neither transparent nor necessary.
The bill assigns to the Federal Ministry of Communications, Innovation and Digital Economy, as well as to the National Information Technology Development Agency (NITDA), the authority to prescribe standards, architecture, and a trust framework for digital identity systems. This sits in Section 29, and while it reads like a technical clause designed to support digital governance, it strikes directly at the heart of NIMC’s legal responsibility.
Under the NIMC Act 2007, the Commission is the primary legal, administrative, and institutional custodian of identity management in Nigeria. It was intentionally created to shield national identity from fragmented control and to place it under a specialised institution with competence, stability, and security safeguards.
Once the Ministry and NITDA are empowered to prescribe standards for digital identity systems, an alternate centre of authority emerges, and the clarity that identity management demands is lost, it opens the door to conflicting directives, shifting policy interpretations, and potential politicisation of identity standards.
Section 35 deepens this concern by granting the Ministry and NITDA authority to define interoperability standards for government digital systems. These areas include identity verification, authentication mechanisms, and citizen data architecture.
These functions are not auxiliary to NIMC’s work. They form the operational backbone of the National Identity Database. Identity verification and authentication determine how sensitive data is moved, accessed, and protected from fraud. Once another body supervises these processes, the integrity and autonomy of the national identity system are compromised.
Identity management cannot be fractured or subjected to parallel oversight without risking data breaches, institutional confusion, and operational paralysis.
More worrying still is Section 62, which states that on matters related to the digital economy, where provisions of any other law conflict with this bill, the bill will prevail. This places the Digital Economy Bill above the NIMC Act wherever an argument can be made that the issue touches the digital economy. Because identity systems are framed in the bill as part of the digital economy, NIMC’s statutory powers could quietly be displaced by directives from the Ministry or NITDA.
This is no minor reordering. It amounts to rewriting Nigeria’s identity governance hierarchy without openly acknowledging the shift or subjecting it to public debate. It also creates the impression that identity management is merely an enabler of digital services rather than the critical national security asset it is.
A similar omission appears in Section 41, which introduces the concept of national digital public infrastructure, including identity layers, authentication rails, and data exchange systems. These are foundational elements of a modern identity ecosystem.
Yet the bill assigns their coordination and supervision to the Ministry and NITDA, with no mention of NIMC. Identity is the first layer of any such infrastructure. The Commission’s omission reads like a deliberate repositioning of control. It suggests that identity will be treated as a subcomponent of a broader digital policy agenda rather than a core national asset requiring specialised management and legal insulation.
Identity management is not merely a technical function. It is a national security function. The national identity database supports counterterrorism, intelligence, SIM registration integrity, financial crime prevention, border management, welfare targeting, national planning, and service delivery.
Countries with strong identity systems protect them from political fluctuation and overlapping mandates, entrusting them to independent institutions with enduring capacity and institutional memory.
Once identity systems become exposed to fragmented oversight or unclear lines of authority, they become vulnerable to abuse, exploitation, misconfiguration, or even foreign intrusion. A country is only as secure as its identity infrastructure.
Global lessons abound, and they carry warnings Nigeria must not ignore. India’s Aadhaar system faced legal challenges and public mistrust when multiple ministries assumed overlapping roles in identity-linked service delivery.
Kenya’s Huduma Namba faced constitutional and operational crises due to blurred lines between the ICT and identity authorities.
The United Kingdom’s experiments with digital identity stalled for years due to institutional conflict and the absence of a singular authority.
These countries paid heavy prices in litigation, public mistrust, wasted funds, and technical reversals before restoring clarity. Nigeria does not need to travel that road.
The NIMC Act remains one of the clearest statutes in Nigeria’s governance framework. It makes NIMC the undisputed authority for identity. It empowers the Commission to maintain the National Identity Database, oversee enrolment, verification, and authentication, harmonise identity systems, and protect biometric and demographic data.
No ministry or agency was assigned these roles. Foundational identity is not solely digital. It involves demographic capture, biometric standards, national security screening, long-term data integrity, and continuity.
These require expertise and stability, not shifting control through a broad sectoral bill. Any legislation that reorders these functions, even subtly, destabilises the foundation upon which countless national systems depend.
This is why Nigeria must proceed with extreme caution. Our lawmakers need to invite top subject-matter experts from the outset of the legislative process.
Legislating without deep technical grounding risks building laws on shaky assumptions and causing unintended damage to the robust identity management framework established under the dynamic leadership of Abisoye Coker Odusote.
Identity management is too sensitive to be reshaped through guesswork. It requires precision, institutional respect, and an appreciation of the enormous national security implications embedded within every biometric record.
Identity is the front door of national security. You do not appoint two custodians for one front door. You do not weaken the institution that protects the country’s most sensitive data. And you certainly do not create a digital governance framework that overlaps mandates in areas where absolute clarity is required.
A nation that loses control of its identity system loses control of everything built upon it, from financial regulation to policing to social protection.
The Digital Economy Bill is not inherently flawed. Many of its provisions are forward-looking and capable of advancing Nigeria’s digital aspirations. But for it to succeed without destabilising the identity ecosystem, the National Assembly must set clear boundaries.
The bill must align with the NIMC Act rather than supersede it. Any clause that suggests dual authority over identity matters must be removed or clarified. Any provision granting the Ministry or NITDA control over identity layers or authentication processes must explicitly recognise NIMC’s exclusive mandate. Reform must not become erosion. Coordination must not become subordination.
To weaken NIMC’s mandate, even inadvertently, is to create a vulnerability Nigeria cannot afford. Once compromised, identity systems are almost impossible to repair fully.
The Digital Economy Bill should help Nigeria modernise, not expose its most sensitive infrastructure to uncertainty. Protecting NIMC’s mandate is not a bureaucratic argument.
It is a national duty. It is about safeguarding the future of digital Nigeria by ensuring that the institution responsible for identity retains the authority, clarity, and independence the law confers on it.
The path to a secure digital nation begins with protecting identity. And that protection starts with guarding the gate.
Dr Lemmy Ughegbe, FIMC, CMC
Email: lemmyughegbeofficial@gmail.com
WhatsApp ONLY: +2348069716645
