NIGERIA Law and Practice Contributed by: Yeye Nwidaa, Mariam Olayinka Akinyemi and Toluwalase Oliver-Jude, Jackson, Etti & Edu
8.4 Key Disclosure Requirements for AI Use Nigeria does not currently impose AI-specific man - datory disclosure requirements. However, existing corporate, securities and data protection frameworks create indirect disclosure obligations where AI use is material to a company’s operations, risks or financial position. Under CAMA, directors must ensure that annual reports fairly disclose material risks and governance matters, which may include AI-related risks and gov - ernance issues where relevant. For listed companies, SEC and NGX rules require disclosure of all material information relevant to investors, including AI-related risks, incidents or dependencies that could affect per - formance, compliance or reputation, even though AI is not explicitly referenced. The Nigeria Data Protection Act 2023 further drives disclosure expectations for AI systems involving auto - mated decision-making, profiling or high-risk data processing, particularly in the event of data breaches or significant incidents. In practice, AI disclosures in Nigeria are principles- based rather than prescriptive, and typically appear within risk factor disclosures, internal control and gov - ernance sections, ESG narratives or prospectus risk disclosures where AI is central to the business model.
be exposed for weak internal controls, inadequate risk management or failure of supervision. • Intellectual property and confidentiality risks: AI use may result in IP infringement, leakage of con - fidential information or misuse of proprietary data. Liability may arise where governance and control over AI tools and data inputs are insufficient. • Reputational harm: AI-related incidents (such as bias, misinformation or unethical deployment) can lead to significant reputational damage. Boards may face scrutiny or shareholder action where such risks were foreseeable but not properly man - aged. Liability may arise through multiple channels, includ - ing: • regulators (eg, NDPC, SEC, CBN and sector regulators) imposing administrative sanctions and compliance penalties; • shareholders, through derivative or direct actions for breach of directors’ duties; • affected individuals or counterparties, via civil claims such as negligence, misrepresentation or data protection breaches; and • law enforcement agencies, where AI use involves fraud, cybercrime or other criminal conduct. In Nigeria, while AI-specific liability rules are not yet codified, existing legal frameworks already create meaningful exposure for boards and officers. Liability primarily arises from failures in governance, oversight, disclosure and compliance rather than from AI use itself, making strong board-level supervision essential.
569 CHAMBERS.COM
Powered by FlippingBook