The Code seeks to protect the public’s right to an open internet, provide clear guidelines for traffic management, and establish safeguards for personal data and the protection of minors. It applies to all licensed IASPs and governs the provision of internet services nationwide.
The Nigerian Communications Commission (NCC) issued the Internet Code of Practice on November 26, 2019, to define the rights and obligations of Internet Access Service Providers (IASPs) in Nigeria. The Code seeks to protect the public’s right to an open internet, provide clear guidelines for traffic management, and establish safeguards for personal data and the protection of minors. It applies to all licensed IASPs and governs the provision of internet services nationwide.
Under the Code’s core principles of open internet access, consumers have the right to access and distribute lawful content and to use the terminal equipment of their choice. IASPs are prohibited from discriminating against lawful traffic, blocking lawful content or non-harmful devices, and throttling internet traffic except for reasonable network management. Preferential data prioritization is strictly forbidden, while zero-rating programs may be allowed only with prior Commission approval to further universal access goals.
The Code also emphasizes traffic management and transparency. IASPs are required to disclose full information about service performance and commercial terms on their websites and in service agreements. Reasonable network management is permitted solely to preserve network security, prevent congestion, or comply with legal obligations, and must be based on globally accepted standards with legitimate technical justification that is fully disclosed to consumers.
In terms of privacy and data protection, IASPs must comply with existing consumer protection regulations regarding personal information. Providers are required to take reasonable measures to secure customer data according to its sensitivity and technical feasibility. In the event of a data breach, the IASP must notify affected customers and the Commission within 48 hours.
The Code mandates protection of minors and vulnerable groups, requiring IASPs to include child online protection policies in their terms of service. Providers must implement mechanisms for reporting child sexual abuse content to the Commission and block access within 24 hours of notification. They are also expected to provide or facilitate information on parental control measures and educate parents on risks such as online grooming, radicalization, and risky online behaviors.
Regarding unlawful content and enforcement, IASPs are not obligated to monitor all content proactively but must provide clear instructions for reporting unlawful content. Upon receiving a takedown notice from the Commission, providers are required to disable access to unlawful content within 24 hours. Compliance is monitored through the NCC consumer web portal, and providers may be requested to provide information on network traffic management. Any entity found in breach of the Code must remedy the issue and report back to the Commission within 14 days.
Overall, the Internet Code of Practice establishes a framework designed to protect consumers, ensure transparency and fairness in network management, safeguard privacy, and promote safe online experiences for minors while maintaining compliance and enforcement mechanisms for IASPs.
