The Legal Framework for Classified Information in Nigeria: Key Considerations

The recent and repeated leakage of sensitive government information raises important questions about the adequacy of Nigeria's legal framework for the protection and regulation of classified information.

At present, the principal statutory framework is the Official Secrets Act, Cap. O3, Laws of the Federation of Nigeria 2004 (originally enacted in 1962). The Act defines "classified matter" as "any information or thing which, under any system of security classification, from time to time in use by or by any branch of the Government, is not to be disclosed to the public and of which the disclosure to the public would be prejudicial to the security of Nigeria."

While the Act creates criminal offences relating to the unauthorised obtaining, retention, reproduction and disclosure of classified matter, the Official Secrets Act  does not establish the security classification system to which it refers. In particular, Official Secrets Act does not prescribe the categories of classification, identify the authorities empowered to classify or declassify information, establish criteria for classification, or regulate the handling, storage and eventual declassification of classified information. We assume that these matters are presently governed by internal administrative policies, military manuals or security protocols that are not publicly available.

However, the security landscape has changed significantly since 1962. The digitisation of government records, widespread use of mobile communications, cloud storage systems, encrypted messaging platforms and the instantaneous transmission of information have fundamentally altered both the risks associated with classified information and the ease with which it can be compromised. Recent incidents involving the unauthorised disclosure of sensitive government information further underscore the need to modernise Nigeria's legal and institutional framework.

Although the extant Cybercrimes (Prohibition, Prevention, etc.) Act is often relied on as an additional legal response mechanism, the Cybercrimes Act primarily addresses unlawful access, interception and related digital offences and is not a complete or adequate framework for classified information management. The Cybercrimes (Prohibition, Prevention, etc.) tends to characterise breaches primarily as cyber offences, without fully capturing the nature, context, and likely severity of disclosures involving national security information. More importantly, Cybercrimes (Prohibition, Prevention, etc.) is largely reactive in nature, focusing on investigation and prosecution after a breach has occurred.

By contrast, the Official Secrets Act operates as both a preventive and punitive framework. Its preventive value lies in its ability to impose legal consequences for unauthorised handling of classified matter within the public service, thereby reinforcing discipline and caution among officials who routinely engage with sensitive information. However, this preventive function is weakened in practice by the absence of a clearly articulated, publicly recognised classification system and accompanying operational guidance that would enable officials to fully understand the rationale, gravity, and implications of handling different categories of classified information.

Accordingly, strengthening the preventive dimension of Nigeria’s national security information regime requires more than reliance on post-incident enforcement mechanisms. It requires clarity of classification, clear dissemination rules, and consistent institutional understanding of what constitutes sensitive information and why.

On the foregoing basis, it would be prudent for the Federal Government undertake a comprehensive review of the Official Secrets Act to ensure that it reflects contemporary national security, technological and governance realities. In the short term, the President should consider issuing a National Security Classification Executive Order establishing a single, government-wide classification framework.

Deploying an Executive Order in the short term, borrows a lead from the United States[1]. Such an Executive Order would complement the Official Secrets Act and its purpose would be to establish uniform classification levels applicable across all Ministries, Departments and Agencies of Government, the Armed Forces and the intelligence community; identify officials authorised to classify and declassify information; prescribe standards for the marking, handling, transmission, storage and destruction of classified information, including electronic records; provide procedures for periodic review and declassification; and establish oversight mechanisms to promote consistency, accountability and the appropriate balance between national security and transparency.

A modernised statutory framework, supported by a comprehensive executive classification policy, would significantly strengthen Nigeria's ability to protect sensitive information while promoting legal certainty, institutional coherence and alignment with international best practice in national security governance.

[1] https://www.govinfo.gov/content/pkg/CFR-2010-title3-vol1/pdf/CFR-2010-title3-vol1-eo13526.pdf