Nigeria’s drive to secure its Critical National Information Infrastructure (CNII) is coming under renewed scrutiny, as industry and policy stakeholders warn that weak enforcement, limited legal backing, and low public awareness are undermining efforts to protect the country’s digital backbone.

At a communications infrastructure summit convened on Thursday in Lagos by Advocaat Law Practice, experts say that while Nigeria has made policy advances in safeguarding telecoms and digital assets, implementation remains inconsistent and, in some cases, ineffective.

“For anyone to access a base station and remove components, that individual must have a good understanding of the environment and equipment. That points to a failure in awareness and protection systems,” he says.

Enforcement gaps threaten CNII gains

Benito Eze, Assistant Commandant General of the Nigeria Security and Civil Defence Corps (NSCDC), says infrastructure protection efforts must extend beyond policy pronouncements to operational execution.

“The assignment of infrastructure protection should be all-encompassing. There is lack of collaboration and issues around training—training to meet modern threats and the challenges in protecting digital infrastructure,” he says.

His remarks highlight systemic gaps, including weak inter-agency coordination, evolving threat vectors, and insufficient capacity building among enforcement personnel.

Stakeholders at the summit identify vandalism and sabotage of telecoms infrastructure as persistent risks, often enabled by insider knowledge and low public awareness of the consequences.

Eze calls for grassroots advocacy to bridge this gap.

“What I will suggest is grassroots advocacy to enable Nigerian citizens to understand the impact of damaging this infrastructure,” he says.

He adds that the technical nature of telecoms infrastructure attacks suggests that perpetrators often possess operational knowledge of network environments.

“For anyone to access a base station and remove components, that individual must have a good understanding of the environment and equipment. That points to a failure in awareness and protection systems,” he says.

Legal experts are also questioning the robustness of Nigeria’s current CNII framework. Rotimi Akapo, Partner and Head of the Telecommunications, Media and Technology (TMT) practice at Advocaat Law Practice, argues that enforcement remains the weakest link.

He raises concerns over whether vandals are being effectively prosecuted and whether existing penalties are strong enough to deter future attacks.

“What we’re looking at here is an executive order. In the hierarchy of laws, an executive order is not on the same level as a statutory instrument—it is a subsidiary instrument,” Akapo says. “We can definitely do a lot better to meet global standards.”

According to him, Nigeria’s reliance on executive directives to drive CNII protection leaves critical gaps when compared to jurisdictions with stronger statutory frameworks.

Akapo also points to fragmented institutional coordination as a structural weakness. Despite the involvement of multiple agencies, ranging from regulators to security bodies, collaboration remains limited and often siloed.

“Are these institutions working effectively together? Do they need a unified framework to ensure implementation and enforcement are no longer fragmented?” he queries.

The lack of a harmonised operational model, stakeholders say, continues to dilute the impact of existing policies.

CNII framework: progress and limitations

The summit, themed “Operationalising the Critical National Information Infrastructure Framework: Lessons, Achievements, Gaps and Next Steps,” reviews Nigeria’s progress in protecting critical digital assets while identifying persistent implementation challenges.

Nigeria’s CNII framework is designed to identify and secure systems, networks, and infrastructure whose disruption could significantly impact national security, economic stability, and public safety.

Momentum for the framework increased following the Federal Government’s 2024 executive order designating telecommunications infrastructure as critical national infrastructure. The move builds on provisions of the Cybercrimes (Prohibition, Prevention, etc.) Act, which criminalises attacks, vandalism, and unauthorised access to digital systems.

Under the CNII designation, it is illegal to damage or interfere with telecoms infrastructure, with penalties including fines and imprisonment. The framework also mandates collaboration among government agencies, operators, and security institutions.

High stakes for Nigeria’s digital economy

Stakeholders say that while the CNII designation marks a significant policy milestone, its effectiveness will depend on enforcement, legal strengthening, and coordinated execution.

Telecoms infrastructure vandalism has long disrupted service delivery, increased operating costs for network providers, and degraded connectivity for millions of Nigerians.

As Nigeria deepens its digital transformation agenda, experts warn that failure to close enforcement and coordination gaps could expose critical systems to continued risk—undermining both national security and the growth of the digital economy.