The Central Bank of Nigeria has issued a directive requiring all financial technology companies operating in the country to store their customer data on local servers by the end of 2027, setting off a strategic reassessment across the sector. The mandate, which includes transaction data, personally identifiable information, and Know-Your-Customer details, aims to enhance data sovereignty and security but presents significant operational and financial challenges for firms, particularly those with regional or global footprints that rely on international cloud infrastructure.
According to analysis by TechMoonshot, the policy will force fintechs to audit their current data architecture and make substantial investments in local data centres or certified cloud services. For startups and smaller players, the capital expenditure required to establish compliant infrastructure could strain resources, while larger, cross-border operators face the complexity of segmenting Nigerian data from their broader regional systems. The directive is part of a broader trend in Africa where governments are increasingly seeking to keep sensitive financial data within national borders, citing security and economic control.
While Nigeria grapples with this new regulatory landscape, other African nations are pursuing different models for digital finance governance. In Rwanda, the government has taken a centralised approach by unifying all interoperable digital payments under a single, state-backed platform called eKash. Operated by the Rwanda Information Society Authority and the National Bank of Rwanda, eKash has become the mandatory clearing and settlement layer for all transactions between different mobile money wallets, banks, and microfinance institutions.
The Rwandan system, which went live in July 2026, processes transfers instantly and at low cost, aiming to drive financial inclusion by reducing friction between previously siloed networks. This stands in contrast to Nigeria's more prescriptive regulatory model, which sets rules for data storage but leaves the operational architecture to individual companies. Rwanda's eKash initiative represents a state-led push for integration, whereas Nigeria's mandate focuses on the location of data rather than the mechanics of payment flows.
Industry observers note that the Nigerian directive's 2027 deadline provides a multi-year runway for compliance, but the path is not without hurdles. Beyond infrastructure costs, companies must navigate issues of data redundancy, disaster recovery, and potential impacts on service speed if international connectivity is reduced. The Central Bank of Nigeria has stated that the move is necessary to safeguard the integrity of the financial system and protect citizen data from foreign jurisdiction risks, a position echoed by several other central banks on the continent.
The coming years will likely see increased activity from local data centre providers and cloud service operators seeking to meet the anticipated demand from the financial sector. The success of the policy will depend on the availability of secure, scalable, and cost-effective local infrastructure, as well as clear technical guidelines from regulators. As the deadline approaches, the strategic choices made by Nigeria's fintechs will not only determine their compliance but could also reshape the operational foundations of one of Africa's most dynamic digital economies.