Corporate Governance 2026

NIGERIA Law and Practice Contributed by: Yeye Nwidaa, Mariam Olayinka Akinyemi and Toluwalase Oliver-Jude, Jackson, Etti & Edu

controls and compliance as part of their fiduciary and governance responsibilities. Under CAMA, directors owe duties of care, skill and diligence, which extend to oversight of material risks arising from the deployment of AI systems. The Nige - ria Data Protection Act 2023 further strengthens this obligation where AI involves personal data, requiring appropriate governance, accountability and, where applicable, data protection impact assessments for high-risk processing, such as automated decision- making and profiling. Sector regulators (particularly in financial services and capital markets) also expect boards to oversee tech - nology-driven risks, including algorithmic decision- making, model risk, cybersecurity and compliance failures. These responsibilities are typically discharged through existing Audit, Risk or Compliance Commit - tees, rather than AI-specific structures. In addition, Nigeria’s National Artificial Intelligence Strategy (2024–2030) and proposed AI legislation indi - cate a policy shift towards more formalised AI gov - ernance, including clearer expectations around ethical use, risk management and senior-level accountability. Overall, while Nigeria does not yet impose explicit statutory requirements for AI-focused board struc - tures, boards are already expected to ensure robust oversight of AI-related risks within existing govern - ance, risk and compliance frameworks, with more prescriptive obligations likely to emerge as regulation evolves. 8.2 AI Use-Related Risks Nigeria does not yet have a dedicated AI statute, but AI-related risks including reputational, ethical, data protection and cybersecurity risks are addressed through a combination of existing governance frame - works, including internal policies. These frameworks require boards to oversee technology-driven risks, ensure adequate controls and protect stakeholder trust and corporate reputation. Key developments in 2025 include the implementa - tion phase of Nigeria’s National Artificial Intelligence Strategy (2024–2030), increased regulatory focus on

automated systems in regulated sectors (especially finance), and continued legislative activity around proposed AI-specific bills. These developments sig - nal a shift toward risk-based AI governance, greater accountability and clearer expectations for senior management and board oversight, even ahead of formal AI legislation. In practice, AI strategy and oversight sit with the board, as part of its overall responsibility for strategy and risk. Day-to-day AI risk management is typically handled by management, supported by compliance, legal, IT and data protection functions. Oversight and assurance are commonly exercised through existing Risk, Audit or Compliance Committees, rather than standalone AI committees. 8.3 Liability Exposures Arising From AI Use Although Nigeria does not yet have AI-specific liability legislation, boards and officers face significant poten - tial liability exposure arising from the use of AI under existing corporate, regulatory, data protection and criminal law frameworks. • Disclosure and governance failures: directors may be liable where AI materially affects business operations or risk profiles but is not adequately dis - closed or properly overseen. This may constitute a breach of fiduciary duties under CAMA, particularly where boards fail to exercise reasonable care, skill and diligence in supervising AI-related risks. • Unfair or discriminatory outcomes: AI-driven deci - sions (such as credit scoring, recruitment, pricing or profiling) may give rise to bias, unfairness or lack of transparency. This can trigger liability under the Nigeria Data Protection Act 2023, consumer protection principles, and directors’ general duties to act fairly and in good faith. • Data protection and cybersecurity breaches: AI systems often process large volumes of personal data, increasing exposure to breaches, unlawful profiling or excessive processing. Boards may face regulatory sanctions or civil liability for inadequate oversight of data protection, security controls and incident response mechanisms. • Operational and safety failures: where AI systems malfunction or are improperly deployed, particularly in regulated or safety-critical sectors, directors may

568 CHAMBERS.COM

Powered by