Tinubu signs NIMC Act 2026 into law

The enactment of the National Identity Management Commission (NIMC) Act 2026 marks a pivotal shift in Nigeria’s digital identity infrastructure, centralizing the regulatory framework governing the collection, storage, and verification of biometric data. By formalizing the NIMC’s mandate through this new legislation, the federal government aims to harmonize disparate identity databases across various ministries and agencies, thereby streamlining public service delivery and enhancing national security. Minister of Interior Olubunmi Tunji-Ojo has framed this development as a cornerstone of the administration’s digital transformation agenda, signaling a move toward a more integrated and legally robust identity management ecosystem that aligns with global best practices in data protection and digital governance.

For legal practitioners and corporate entities, the significance of this Act lies in its potential to redefine compliance requirements regarding Know Your Customer (KYC) protocols and data privacy obligations. The Act likely introduces stricter standards for data processing and cross-agency information sharing, which will necessitate a review of internal data management policies for financial institutions, telecommunications companies, and other regulated sectors. Practitioners should anticipate new subsidiary regulations that will clarify the scope of the NIMC’s authority, particularly concerning the mandatory use of the National Identification Number (NIN) for commercial transactions and the legal liabilities associated with data breaches or unauthorized access to the centralized registry.

This legislative development operates within the broader context of the Nigeria Data Protection Act 2023, creating a dual-layered regulatory environment where identity management and data privacy intersect. Attorneys must monitor the specific provisions of the 2026 Act to ensure that their clients’ operational frameworks remain compliant with both the NIMC’s updated mandates and the oversight of the Nigeria Data Protection Commission. As the government moves to enforce these new standards, businesses should proactively audit their data collection workflows and prepare for potential enforcement actions or audits by the NIMC, ensuring that their legal departments are equipped to navigate the evolving intersection of identity verification and constitutional privacy rights.