Experts have said the Central Bank of Nigeria’s directive requiring all payment transaction data generated within the country to be stored locally from January 1, 2027, will transform Nigeria’s digital financial services infrastructure, strengthen data sovereignty, and attract new investment into local data centres and cloud services.
The directive effectively ends years of dependence on foreign infrastructure for hosting sensitive payment data. It also aligns Nigeria with countries such as India, Kenya, and South Africa, which already enforce data residency requirements.
Estimates show that Nigeria spends about $850 million annually on offshore data hosting and cloud services, while nearly 90% of regulated businesses still rely on global providers including Amazon Web Services (AWS) and Google Cloud.
Experts say the move shows the growing maturity of Nigeria’s digital payments ecosystem, while also responding to concerns around regulatory oversight, cybersecurity, national security, and economic value retention.
Strengthening data sovereignty and resilience
Speaking on the directive, Obinna Adumike, head of Converged Digital Infrastructure Africa at Open Access Data Centre (OADC), said local hosting of payment data would strengthen data sovereignty, cybersecurity, and national resilience.
He noted that it would also reduce exposure to external disruptions, including submarine cable cuts experienced in 2024.
“This directive reflects a recognition that Nigeria’s digital payments market has grown to a scale where the absence of data residency requirements creates genuine regulatory risk,” Adumike said.
He added that the policy would likely boost investment in data centres, connectivity infrastructure, and the digital ecosystem at large.
“The policy will accelerate investment in local data centres, connectivity, infrastructure, and the broader digital ecosystem,” he said.
Adumike also said he was confident that operators were largely prepared for compliance.
“Many institutions have already invested significantly in local infrastructure and continue to scale their capabilities. Given the regulatory direction over the years, it was widely expected that similar requirements would extend across the wider financial services sector. Overall, I believe the industry is well-positioned to comply.”
Regulatory control and infrastructure expansion
Thelma Oshone Okorie, group data protection officer and privacy counsel at Yellow Card West Africa, described the directive as a structural shift in Nigeria’s digital economy.
She referenced the Nigeria Data Protection Act (NDPA) 2023 and the General Application and Implementation Directive (GAID) 2025, noting that cross-border data transfer rules are harder to enforce when primary data is hosted outside the country.
According to her, payment data stored in jurisdictions such as Ireland, the United States, or Singapore remains subject to foreign legal and disclosure frameworks.
“Local hosting resolves that vulnerability at the structural level, not merely through contractual arrangements,” she said.
Okorie added that the directive sends a strong demand signal to Nigeria’s data centre and cloud industry, potentially accelerating private investment.
“The combination of regulatory mandate and market scale has the potential to accelerate private investment in local infrastructure in ways that voluntary market forces alone have not produced at sufficient speed,” she said.
She described the policy as a “structural realignment” of Nigeria’s digital payments data architecture, but warned of a timing gap between ambition and capacity.
As of mid-2026, Nigeria has about 21 operational data centres, with five additional high-capacity facilities nearing completion, largely concentrated in the Lagos-Lekki corridor.
Capacity debate splits experts
While some stakeholders believe existing infrastructure can support the transition, others argue that capacity constraints remain a concern.
Adumike maintained that Nigeria’s current infrastructure is sufficient to absorb increased demand.
“Modern servers and storage platforms can process and store vast amounts of data while occupying relatively small physical space and consuming relatively modest power. Existing facilities, alongside ongoing and planned investments, provide ample room for continued growth,” he said.
Supporting the policy’s economic impact, Bobola Ojo-Ami, co-founder of Recital Finance, said the directive would help retain more value within Nigeria’s digital economy.
He noted that major players including MTN, PipeOps, Huawei, CWG, MainOne, Layer3, Rack Centre, Liquid Intelligent Technologies, and Medallion have already invested heavily in data infrastructure.
Ojo-Ami also said the growing dollar-denominated cloud costs and global AI-driven data demand would push more companies toward local hosting.
Faster transactions and improved efficiency
Experts also agree that local hosting could improve transaction speed and system efficiency.
Okorie explained that before the deployment of infrastructure such as Google’s Equiano subsea cable and Meta’s 2Africa system, payment traffic often routed through Europe or the Middle East.
“Before these upgrades, Nigerian payment traffic was routed through foreign nodes, adding latency to transaction authorisation and settlement cycles,” she said.
She added that local processing would reduce round-trip times and improve both authorisation speed and user experience.
Deadline concerns and compliance costs
Despite broad industry support, stakeholders have noted concerns about the January 2027 compliance timeline.
Okorie argued that the six-month implementation window is uneven for operators of different sizes and capacities.
“The directive makes no distinction between a deposit money bank processing billions daily and a smaller payment provider operating at a fraction of that scale,” she said.
She noted that while tier-one banks and large fintechs may be able to comply through significant investment, smaller operators face disproportionate financial pressure.
“Local hosting in Nigeria costs more than equivalent offshore capacity due to power costs, import duties, and a thinner competitive market,” she said.
Okorie also warned that infrastructure bottlenecks, including power supply limitations and geographic concentration in Lagos, could further strain the rollout.
“Nigeria’s national grid supplies roughly 6,000 megawatts against an estimated demand of 100,000 megawatts, while data centres rely heavily on diesel backup,” she said.
She added that simultaneous migration by all operators could push up prices and create supply-side pressure.
Okorie further criticised the absence of detailed implementation guidelines, calling for supplementary regulatory clarity before the deadline.
To ease compliance pressure, she proposed a phased rollout based on operator size and system importance.
However, Adumike maintained that the deadline remains realistic, citing existing infrastructure and industry readiness.
“This is not a greenfield environment; the foundational infrastructure and expertise already exist across the sector,” he said.
He added that regulators should remain flexible where genuine challenges arise.
Meanwhile, fintech stakeholders say continued engagement with the CBN may still influence adjustments to the implementation framework before 2027.
