By Juliet Umeh

Nigeria’s digital footprint is growing rapidly. Systems such as the National Identity Number, NIN, Bank Verification Number, BVN, and digital payment platforms are expanding across the country.

However, experts warn that a critical component of Digital Public Infrastructure, DPI, remains underutilised. This component is Nigeria’s national internet domain, .ng, dot ng.

Public discussions on DPI in Nigeria often centre on identity systems, financial infrastructure, and data exchange platforms. Yet, little attention is paid to the domain name system. This system determines how institutions are identified, governed, and trusted online. Despite its importance, it remains largely overlooked, even though it is central to Nigeria’s digital sovereignty.

Established in 2005, and managed by the Nigeria Internet Registration Association, NiRA, the .ng domain country-code to-level domain, ccTLD underpins how Nigerian institutions are identified online, which legal jurisdiction governs their digital assets, and how trust is established across government, commerce, and public services. Yet over 20 years after its creation, Nigeria has recorded approximately 237,266 active .ng domain registrations according to NiRA data as of December 2025. For Africa’s most populous country and one of the largest economies with a fast-growing digital market, cybersecurity experts describe this figure critically low.

By comparison, Brazil’s .br domain has over five million active registrations, India’s .in exceeds four million, and South Africa’s .za has over one million. Even Kenya’s .ke, operating within a much smaller economy, maintains well over 100,000 active registrations through sustained policy support and enforcement. The contrast highlights not a market failure, but a governance gap.

NiRA President, Mr. Adesola Akinsanya, has consistently warned that the national domain must be treated as a strategic national asset rather than a technical afterthought.

According to him, .ng should be prioritised as part of a broader “Nigeria First” digital agenda.

“By choosing .ng, Nigerians keep economic value within the country and assert control over their digital narrative,” Akinsanya said.

He argued that managing the national domain goes far beyond technical administration and should be viewed as a nation-building effort critical to Nigeria’s future digital ecosystem.

“Over the last two decades, the .ng domain has evolved into a powerful platform for trust, local content development, and digital commerce,” he said. “However, its full potential is yet to be realised.”

Analysts warn that the consequence of this neglect is a digital ecosystem where institutional identity is fragmented, enforcement capacity is weakened, and national cyber resilience is quietly undermined.

A growing digital economy, anchored elsewhere

Across government portals, financial platforms, universities, startups, businesses, many Nigerian digital services operate on foreign-controlled domains, particularly .com. To most users, this appears harmless. But cybersecurity professionals insist it masks a deeper identity problem with broader implications.

“A domain name is not just an address; it is a declaration of jurisdiction,” said a senior cybersecurity analyst familiar with Nigeria’s internet governance architecture who prefers to be anonymous.

According to him, when Nigerian institutions operate on foreign registered domains, authority, accountability, and enforcement become far more complex during cyber incidents, disputes, or data breaches. In cybersecurity, speed and jurisdictional clarity are critical. Investigations involving foreign-registered domains often require cooperation from overseas registrars and legal systems, a process that can significantly delay responses to cyberattacks, fraud, impersonation, or large-scale data compromise.

As cybercrime targeting Nigerian institutions becomes more sophisticated, weak domain anchoring has emerged as a largely invisible but exploitable vulnerability.

In the view of the Chief Operating Officer of NiRA, Mr Seyi Onasanya, “When a government official uses a generic foreign email (like gmail.com); they are inadvertently placing sensitive national data under foreign jurisdiction. The ‘Nigeria First’ policy ends those risks.”

Domains as institutional identity

Experts argue that domains play a role in institutional identity like what NIN and BVN provide for individuals as a foundational ID and bank ID respectively. While NIN and BVN establish who is operating within the system, domains establish where institutions are legally and digitally anchored. It also helps identify government services.

Managing Partner at Nubia Capital, Mr. Davison Oturu, explained that the risk often goes unnoticed precisely because domain infrastructure operates invisibly, which in Nigeria is code .gov.ng

“NIN and BVN are visible to citizens because they affect daily life,” Oturu said. “A domain operates in the background. Whether a website ends in .com or .ng does not obviously change user experience, so people don’t instinctively see it as identity infrastructure.”

However, he stressed that the difference is profound at the institutional level.

“The .ng domain clarifies which laws apply to a digital service and which authorities have the power to intervene when cyber incidents occur. Without that clarity, governance becomes slower, weaker, and dependent on external cooperation.

“When major Nigerian institutions operate on foreign domains, enforcement can become more complex. It is not impossible but it may be slower, more expensive, and often dependent on cooperation from foreign entities.

“That is the point when domain choice stops being merely cosmetic and starts affecting governance,” Oturu said.

Echoing this view, Head of Resources at Technation Logistics Ltd, Mr. Wonders Akpeki, described .ng as sovereign digital infrastructure rather than a branding choice.

“.ng is not just a URL choice; it is a sovereign digital infrastructure,” Akpeki said. “Like NIN or BVN, it anchors trust, jurisdiction, data governance, and national attribution in cyberspace.

“Whoever controls the namespace controls identity, data routing, and economic value online. Treating .ng as ‘branding’ grossly undersells its strategic role in digital sovereignty.”

From policy statements to cyber adoption

As Nigeria advances its digital transformation agenda, cybersecurity analysts argue that domain policy must move beyond guidance into enforcement, particularly for institutions handling public data, financial transactions, and critical services.

Discussions have increasingly focused on mandating .ng usage for ministries, departments and agencies, MDAs, as well as regulated digital platforms, while linking domain compliance to cybersecurity certification, licensing, and procurement standards.

Oturu, however, stresses the need for coordinated enforcement among the National Information Technology Development Agency, NITDA, the federal agency responsible for IT policy, digital infrastructure, and standards, and NiRA, alongside sustained public awareness campaigns that frame .ng not as branding, but as a security and identity tool.

“The internet has become a battleground for trust,” said a cybersecurity policy expert who prefers anonymity. “If Nigeria does not properly anchor its digital identity, it will always be reacting instead of controlling.”

A seasoned cybersecurity analyst, Adote Rock Cyber, said the .ng domain, if well embraced, significantly enhances Nigeria’s standing in the global cyberspace.

According to him, the country-code top-level domain reflects Nigeria’s commitment to digital sovereignty and compliance with global best practices.

“It shows that we are deliberate and compliant when it comes to our digital sovereignty. The .ng domain signals ownership, structure and national control in the digital space,” he said.

He further noted that the adoption of the .ng domain aligns with regulatory requirements, stressing that it is one of the compliance conditions set by the National Information Technology Development Agency, NITDA, for accreditation as an information technology service provider in Nigeria.

“NITDA encourages the use of the .ng domain to promote home-grown digital infrastructure. The more companies adopt it, the stronger Nigeria’s visibility and credibility in the global information technology ecosystem,” he added.

Rock said increased local domain adoption would not only strengthen trust in Nigeria’s digital economy but also position the country as an active contributor to global technology development.

Anambra’s digital reset and the power of political will

At the sub-national level, Anambra State offers an example of what deliberate digital sovereignty can achieve when backed by political will.

Under the leadership of Mr. Chukwuemeka Fred Agbata, Managing Director and Chief Executive Officer of the Anambra State ICT Agency, the state embarked on a comprehensive standardisation of its digital identity, migrating about 95 percent of its MDAs to official .gov.ng domains.

“When I assumed office, government websites were scattered across all kinds of domains,” Agbata said. “That inconsistency undermined trust and security.”

With approval from the State Executive Council, Anambra mandated the migration of government digital assets to official national domains and local cloud infrastructure.

“I cannot justify taking government data to Azure when we have capable local infrastructure that still needs patronage,” he said.

According to him, the state now operates nearly 60 locally developed digital services, with over N3 billion worth of work executed without foreign developers. Sub-domains have also been extended to local governments for services such as birth registration and certificates of origin.

For policy analysts, the Anambra experience demonstrates that adoption is driven less by market forces and more by clear standards and political commitment.

Policy exists, adoption lags

Nigeria has a clear policy framework on digital sovereignty, but implementation remains weak. On February 16, 2022, the Federal Executive Council, FEC, approved the National Policy on the Government Second-Level Domain, following longstanding concerns over MDAs hosting official platforms on foreign domains and using private email services, with attendant data and cybersecurity risks.

The policy, enforced by NITDA, mandates all government websites and official email communications to migrate to .gov.ng and other approved .ng sub-domains, replacing generic foreign domains. It warns that continued reliance on foreign platforms undermines Nigeria’s digital identity, weakens data control, heightens cybersecurity exposure, and diminishes the credibility of official government communications.

However, enforcement has been uneven, particularly in state and local government levels.

At the Tech Convergence 2.0 Conference, held on October 14, 2025, in Abuja, senior government officials reaffirmed Nigeria’s commitment to digital sovereignty. Representing Senate President Godswill Akpabio, Senator Diket Plang described ownership of Nigeria’s digital identity as a shared national responsibility, while Chairman of the Senate Committee on ICT and Cybersecurity, Senator Shuaib Afolabi, called for the full integration of the national domain into the country’s digital sovereignty framework.

Despite these commitments, adoption remains uneven, particularly at state and local government levels, where many public digital assets still operate outside Nigerian jurisdiction.

A national security question, not a branding choice

Experts argue that Nigeria’s slow adoption of .ng has broader economic and security consequences. According to Akpeki, low domain adoption exports value offshore, drives foreign exchange leakage, weakens demands for local data centres, and limits growths in local cybersecurity. DNS management, and digital jobs.

“In effect, Nigeria is consuming digital infrastructure it could be producing,” Akpeki said.

As Nigeria continues to invest heavily in digital identity, fintech, and e-government, experts insist the question is no longer whether .ng matters, but whether neglecting it has already become a national cyber security risk.

For them, digital sovereignty cannot be achieved through policy statements alone. The .ng domain, they argue, must move from being optional to being treated as essential national infrastructure if Nigeria is to securely assert itself in the global digital order.

Meanwhile, requests for detailed compliance data, enforcement actions, and current adoption statistics were sent to NITDA. However, as of the time of reporting, the agency had not issued an official response, despite multiple follow-up calls and messages, and available public information does not provide comprehensive sector-wide statistics.

This report is supported by the DPI Africa Journalism Fellowship Programme of the Media Foundation for West Africa and Co-Develop