By Juliet Umeh
As Nigeria accelerates the digitisation of public services, experts are cautioning that the country’s planned digital tax reforms highlight a broader national challenge: how securely the state manages large-scale, sensitive data systems that underpin modern governance.
With the Nigeria Tax Act 2025 set to take effect from January 1, 2026, taxation is joining sectors such as healthcare, banking, and telecommunications as part of Nigeria’s expanding digital public infrastructure. According to cybersecurity and Governance, Risk Management and Compliance, GRC, expert Toluwani Akinniyi, this shift demands a fundamental rethink of how public digital systems are designed, governed, and protected.
“A modern tax system is no longer just a policy tool,” Akinniyi said. “It is critical national infrastructure. If it is not secured and governed with the same seriousness as banking or telecom networks, the risks go far beyond data breaches to national economic stability and public trust.”
Digital tax platforms, much like electronic health records and national health databases, consolidate highly sensitive information. In the case of taxation, this includes national identity data, financial records, payroll information, corporate disclosures, and cross-border transaction details. Akinniyi warned that such concentrated data pools are attractive targets for cybercriminals, organised fraud networks, and malicious insiders.
“A successful cyberattack on a tax system is not merely an IT failure,” he explained. “It can trigger revenue leakage, manipulation of records, fraudulent refunds, identity theft, and prolonged service disruptions.”
Institutionally, the reforms replace the Federal Inland Revenue Service with the Nigeria Revenue Service (NRS), granting it broader authority over tax collection. A central pillar of the reform is digital tax administration, with registration, filing, and payment processes increasingly linked to bank accounts and national identity systems.
While these integrations promise efficiency and real-time compliance, Akinniyi noted that they also increase systemic exposure. Poorly secured application programming interfaces (APIs), weak access controls, cloud misconfigurations, and inadequate vendor oversight can quickly become single points of failure.
“Each new system integration expands the attack surface,” he said. “Cyber risk must now be treated as a revenue and governance risk, not just a technical issue.”
The expert drew attention to a recurring problem across public-sector digital platforms: cybersecurity is often addressed late in implementation, rather than embedded from policy design through deployment and oversight.
“For systems of national importance, whether tax platforms or digital health infrastructure, that approach is insufficient,” Akinniyi said. “Cybersecurity must be built into system architecture, procurement decisions, vendor management, and audited with the same rigor as financial controls.”
He also warned that growing interdependence between tax systems, banks, fintech platforms, telecom networks, and cloud service providers increases the likelihood of cascading failures, where a breach in one sector rapidly escalates into a wider national disruption.
“At the core of all digital public services is trust,” Akinniyi said. “If citizens fear fraud or identity theft, compliance drops—whether it’s paying taxes or engaging with digital health systems. Once trust is lost, rebuilding it is slow and expensive.”
As Nigeria moves closer to full implementation of its digital tax reforms, Akinniyi stressed that success should not be measured by efficiency alone.
“A system that is digital but insecure is not modern,” he concluded. “It is vulnerable.”
