Data and Information Management Companies shall:
● Register their products, capabilities and organization on the NITDA portal.
● Host all sovereign data locally within the country and shall not for any reason host any sovereign data outside the country without an express approval from NITDA. Approval shall only be granted taken into consideration any of the following:
▪Compliance with the Nigeria Data Protection Regulation, where personal data is in consideration;
▪A consideration on the implication of the Nigeria Cloud Policy;
▪A guarantee that the Nigerian Government has unfettered right to access and retrieve its data wherever it is located;
▪An undertaking of non-disclosure of Nigeria’s government data to any third party without the express consent of the government;
▪A guarantee of adequate and appropriate data security process; security process shall be reviewed and accepted by NITDA before approval is giving;
▪The Nigerian Government shall have a choice of the jurisdiction where data will be hosted;
▪An undertaken for periodic submission of Third-Party Audit reports for review by NITDA;
▪Where service to be offered to government is Software as a Service (SaaS) to improve the efficiency or performance of government;
▪Where SMEs offers service to government from a public cloud environment, such service must be registered and verified on the National Digital Marketplace, furthermore client MDA shall be responsible for backing up data from the service provisioning in public cloud.
● Comply with and compel corporate and personal clients to strictly adhere to various data protection provisions in Nigeria and Guidelines on Data Protection by NITDA when hosting personal identifiable data.
● Hold and maintain relevant locally and internationally acceptable standards.
● Proactively sell and market the .ng TLD inline with provisions of Nigeria Internet Registration Association (NiRA) policies.