|
Getting your Trinity Audio player ready...
|
On June 26, 2025, Nigeria enacted four sweeping tax laws: the Nigeria Tax Act (NTA), Nigeria Tax Administration Act (NTAA), Nigeria Revenue Service Act (NRSA), and Joint Revenue Board Act (JRBA). Designed to modernise the tax system, broaden the tax base, and encourage compliance, these reforms represent a bold step toward fiscal consolidation.
For the ICT and cybersecurity sector, a pillar of Nigeria’s digital economy, which is projected to contribute between 16 percent and 21 percent to Nigeria’s GDP, per the Minister of Communications and Digital Economy, Bosun Tijani, this reform presents a mix of opportunities, challenges, and grey areas. While some measures are welcome, others raise concerns that may shape the future trajectory of innovation, business sustainability, and digital resilience.
Positive Implications: Tax Relief, Incentives & Growth Enablers
1. Relief for low-income tech workers: The reforms exempt individuals earning ₦800,000 or less annually from income tax. While this threshold is low for senior tech professionals, it benefits entry-level ICT staff, interns, call centre agents, junior developers, and support technicians, who often earn below this mark. This also supports efforts to close Nigeria’s looming digital skills gap, projected to reach 9 million by 2030, by making entry into the workforce less financially burdensome. For small cybersecurity firms and IT support vendors hiring early-career talent, this provides a cost-effective way to expand workforce capacity without extra tax burden on staff salaries.
2. Small business incentives: Under the revised definition, small companies with annual revenue under ₦100 million and fixed assets under ₦250 million are exempt from Companies Income Tax (CIT), Capital Gains Tax (CGT), and the new Development Levy. This could significantly benefit cybersecurity startups, freelance consultants, managed service providers (MSPs), and boutique software firms, especially those bootstrapping their way through Nigeria’s volatile funding landscape. Given that over 80 percent of Nigeria’s 20,000+ tech startups fall within this bracket, this reform could boost survivability and formalisation across the sector.
3. Input VAT recovery and zero-rated essentials: The move to allow recovery of input VAT on all expenses, including services and fixed assets, is a major win. ICT companies that invest heavily in hardware, software licenses, training, and infrastructure will now recover VAT that was previously unrecoverable, effectively lowering operational costs. Also, the zero-rating of educational, medical, and utility services may indirectly benefit edtech and healthtech platforms, whose service inputs are now cheaper. Additionally, under NTA s.151(2), cloud-based and Software-as-a-Service (SaaS) solutions are deemed taxable supplies in Nigeria if consumed locally, regardless of where the provider is based. Nigerian ICT and cybersecurity companies procuring services like virtual infrastructure, email security, or endpoint monitoring from foreign providers must now self-account for VAT at 7.5 percent, ensuring the government captures revenue from cross-border digital consumption.
4. Economic Development Incentive (EDI): The new EDI allows a 5 percent annual tax credit on qualifying capital expenditure for five years, a valuable incentive for cloud infrastructure firms, cybersecurity firms, or telcos investing in hardware, data centres, or edge computing. For companies building local capacity or expanding to underserved regions, this incentive could fuel deeper investment.
Negative implications: Compliance burdens, sector exclusions & grey zones
1. Exclusion of professional services from SME reliefs: While small businesses enjoy broad exemptions, companies offering “professional services,” including IT consulting, cybersecurity advisory, and software development, are excluded from these incentives. This exclusion limits the relief available to local experts, independent contractors, and small firms, despite their critical role in national cyber defence and digital inclusion.
2. New compliance overhead for SMEs: The reforms introduce strict new filing and documentation standards, including mandatory Tax Identification Numbers (TINs), e-invoicing, and fiscalisation tools. For small ICT firms or sole proprietors without dedicated tax departments, the cost of compliance may outweigh the intended benefits, especially as penalties for default have skyrocketed. Similarly, while income earners of ₦800,000 and below are now exempt from personal income tax, employers are still required to file monthly PAYE returns for all staff, including those who owe zero tax, as mandated in NTAA s.14. This also introduces a compliance nuance: failure to file PAYE returns for tax-exempt employees could trigger penalties, despite no tax being owed.
3. Development levy: A Double-Edged Sword: The 4 percent Development Levy replaces fragmented levies like the IT Tax, NASENI Levy, and others. While consolidation is good in theory, the blanket application of this levy to all but the smallest firms may hurt mid-tier players in cybersecurity and software who are not yet profitable (Note: the levy is charged at 4 percent of “assessable profits,” not gross profit or revenue). It could also disincentivise early expansion, especially for firms just graduating beyond ₦100 million in annual turnover.
4. Cybersecurity gaps in tax digitisation push: The reforms emphasise digital compliance, VAT e-invoicing, central reporting systems, and ERP integrations. However, there are no parallel cybersecurity mandates, even as sensitive taxpayer and business data are funnelled into central systems. This creates a potential national attack surface, without clear guidance on data protection, encryption, or breach response. This is especially concerning given Nigeria’s position among the top 11 most targeted countries for cyberattacks globally in 2025, according to Check Point Software. As we digitise taxes, we must digitally secure the process, too.
Sector-wide indirect impacts
- Increased tax clarity for multinationals: Foreign cloud, fintech, or cybersecurity vendors operating in Nigeria will now face clearer rules under “force of attraction” and Controlled Foreign Corporation (CFC) provisions. While this helps level the playing field for local competitors, it could increase service costs if multinationals pass the burden on to Nigerian customers.
- NGOs and cyber capacity building: NGOs working on cybersecurity awareness or digital literacy must now file CIT and VAT returns, maintain TINs, and comply with new procurement tax rules. This may reduce the flexibility of donor-funded tech training and divert resources from program delivery to tax compliance.
- Tax residency rules may affect foreign ICT talent mobility: The updated definition of “resident individual” now includes those with substantial economic or family ties in Nigeria, even if they spend limited time in-country. This has positive implications for fairness and global tax alignment but may create tax exposure risks for foreign cybersecurity consultants, remote cloud engineers, or short-term project staff supporting Nigerian firms. For local companies sourcing global talent via remote work or secondments, extra caution must be taken to assess if such individuals now have tax liabilities in Nigeria or if Nigerian clients are expected to withhold tax from payments. The absence of digital work-specific guidance here may increase compliance confusion in cross-border tech engagements.
- Upside for employment and talent export: As businesses adjust for cost-saving via tax credits and exemptions, they may reinvest in hiring, especially junior and mid-level ICT talent. This could stimulate job growth in cybersecurity, cloud administration, and support roles, with downstream benefits for digital exports.
Conclusion
Nigeria’s tax reform is ambitious, necessary, and long overdue. It offers real wins, especially for small product-based businesses, low-income earners, and companies that invest in growth. But for the ICT and cybersecurity sector, the full picture is more complex.
The reforms risk leaving behind the very firms we need to secure our future. Without targeted adjustments and strategic tax policy design, we may end up taxing innovation, punishing compliance, and undermining digital resilience.
The government’s next task should not only be fiscal; it must be digital, secure, and inclusive.
Thanks to Kene Abraham, a tax consultant, and Emmanuel Raimi, an accounting professional for their technical expertise and contribution.
Jonathan is a Senior Cybersecurity Consultant with years of experience helping organisations strengthen their digital defences and navigate the complex world of cyber risks. He writes in his personal capacity, and can be reached at ayodelejona@gmail.com
