Despite the landmark Designation and Protection of Critical National Information Infrastructure (CNII) Order 2024, Nigeria’s digital backbone is currently facing what experts describe as its most severe test since the framework’s inception. As of April 2026, the gap between policy and practice has become a chasm, marked by a surge in infrastructure damage and a complex web of legal ambiguities.
Recent data from Q1 2026 has sent shockwaves through the telecommunications and financial sectors. Legal analysts and infrastructure monitors, including Advocaat Law Practice, reported a staggering 900% surge in disruptions in January 2026 alone compared to the previous month.
• Fibre Under Fire: Nigeria’s 30,000km fibre optic network currently suffers roughly 50,000 cuts annually.
• The Scaling Trap: Experts from Equinix warn that if Nigeria reaches its goal of 120,000km of fibre without fixing enforcement, the nation could see over 125,000 cuts per year, effectively crippling the digital economy.
While the CNII Order criminalizes tampering with data centers, subsea cables, and telecom towers, three specific gaps continue to undermine its effectiveness. The majority of fibre cuts—over 19,000 recorded in early 2025—are not caused by traditional “criminals” but by uncoordinated road construction. The legal framework currently struggles to hold government contractors and state agencies to the same standard as vandals. Experts are calling for the immediate adoption of a National Dig-Once Policy to legally mandate coordination before any ground is broken.
There remains a critical lack of a publicly accessible registry for CNII. Without a clear list of what qualifies as “Critical Infrastructure,” private businesses and local authorities are often unaware of their heightened legal obligations, leading to what some call “politicized or arbitrary enforcement.”
Although the Nigeria Security and Civil Defence Corps (NSCDC) has increased arrests, the judicial system has been slow to follow. Experts argue that “tampering” and “unauthorized access” remain loosely defined in court, allowing many offenders to exploit technicalities or face disproportionately light penalties that do not act as a deterrent.
To prevent a systemic breakdown, industry leaders are pushing for a transition from “guidelines-based compliance” to a mandatory, enforcement-driven regime.
Key Priorities for 2026 include:
• Sector-Specific Enforcement: A move by the NDPC and NCC to focus on high-risk industries like Fintech and Healthcare, where data breaches can have catastrophic ripple effects.
• Inter-Agency Sync: Bridging the rivalry between the Office of the National Security Advisor (ONSA) and other regulators to ensure a unified response to infrastructure threats.
• Board-Level Accountability: A shift where cybersecurity and infrastructure protection are no longer “IT issues” but standing governance issues for corporate boards.
Infrastructure Gap in Focus as Analysts Review 2026 Appropriation Act
This video features analysts discussing the critical challenges of executing infrastructure policy in Nigeria and the need for accountability to translate budgetary plans into tangible protection for national assets.
