Nigeria’s telecommunications regulator on Thursday, directed operators to report any cyber attack within four hours of detecting it, under a new framework designed to strengthen the country’s digital security.
The Nigerian Communications Commission (NCC) announced the directive in its Cyber Resilience Framework for the Nigeria Communication Sector (CRF-NCS) released in February 2026.
NCC stated that the policy is intended to improve national security oversight and protect subscriber data across Nigeria’s telecommunications infrastructure.
Under the framework, telecommunications companies must notify the NCC through a dedicated reporting portal within four hours of identifying a cyber threat.
Operators are also required to provide updates every four hours and submit a comprehensive incident report within 24 hours.
READ ALSO: Tinubu Orders Suspension of FAAN Cashless System at Airports
The regulator said the measure will help build real-time awareness of cyber threats across the sector, enabling authorities to contain risks before they disrupt services or affect the wider economy.
The new rules complement the Revised Internet Code of Practice 2026, which already allows operators to inform customers of data breaches within 48 hours.
In addition, all telecommunications providers, including MTN Nigeria, Airtel Nigeria, and Globacom, must establish dedicated Cyber Security Operations Centres (SOC) capable of continuously monitoring and detecting malicious activities on their networks.
“The framework aims to foster a unified and resilient cybersecurity stance while strengthening the protection of telecom infrastructure against cyberattacks… enabling service providers to effectively respond to, recover from, and also learn from cybersecurity events,” the NCC said.
Telecom operators have been given a 12-month grace period to integrate the new requirements into their internal systems, with implementation expected to begin from February 2027.