NINAuth and NITDA’s incoming digital public infrastructure standards answer a real problem: an identity system citizens cannot control is one they will not trust. But trust only gets people enrolled. Whether the system ever pays for itself depends on something else, and the evidence from 210 countries suggests Nigeria should be paying closer attention to it.
The argument made on these pages last week, that consent has become the new security perimeter of Nigeria’s digital identity system, is correct and overdue. NINAuth, the National Identity Management Commission’s app that lets citizens grant or revoke permission each time their National Identification Number is used, marks a genuine shift. So do NITDA’s forthcoming digital public infrastructure standards, which would require encryption, biometric verification and auditable logs on every identity check. The warning that came with that argument was also right: rules without enforcement are rules in name only.
There is a second constraint, though, and it gets far less airtime. Trust decides whether citizens enrol. What decides whether the whole apparatus generates a return is different: it is whether banks, telcos, hospitals and government agencies build the credential into how they operate every day. Nigeria is moving decisively on the first front. On the second, the picture is more mixed than the enrolment headlines suggest.
What actually separates the systems that work
A white paper published in May by IN Groupe, the secure identity group, went looking for the answer in a University College London dataset covering 210 countries and 17 variables of digital identity maturity. Only a third of countries worldwide have reached full maturity, it found. More interesting is what the mature ones have in common. It is not the most advanced biometrics, nor the most complete legal codes. It is daily, routine use of the system across the economy.
The gap in the data is stark. Among countries with strong governance frameworks but no ecosystem uptake, sectoral deployment sits at zero. Among the countries the study ranks as leaders, it is near universal. No other variable separates the two groups so cleanly. Nigeria, in the study’s own classification, sits in the top tier alongside Kenya, Ethiopia and South Africa, which the authors read as proof that governance choices matter more than national income.
How Nigeria earned that position
It is worth being precise about how Nigeria got there, because the answer was never the sophistication of the biometric stack. It was two decisions that pushed identity into the plumbing of the economy.
The first was the December 2020 directive making the NIN mandatory for SIM registration, which drove enrolments from 46.4 million in January 2021 to more than 94 million within two years. The second was the Central Bank’s requirement, enforced from April 2024, that bank accounts be linked to both the Bank Verification Number and the NIN. The BVN database reached 67.8 million by the end of 2025. NIN enrolments now stand at roughly 127 million, against a World Bank target of 180 million by end-2026 under the $430 million ID4D programme co-financed with the French Development Agency and the European Investment Bank.
The payoff shows up where it matters most. Digital payment fraud losses fell by 51 percent in a single year, from N52.26 billion in 2024 to N25.85 billion in 2025, according to the Nigeria Inter-Bank Settlement System. That result did not come from a communications campaign. It came from wiring a trusted identity layer into the institutions that move money.
Where the system still leaks
Nigeria’s own figures show how far usage still trails issuance. The country has more than 320 million active bank accounts and fewer than 70 million unique BVNs. Some of that gap is people holding several accounts, which is normal. The rest is a long tail of unlinked and dormant accounts that proper identity binding is supposed to eliminate, and it is precisely this fragmentation that keeps SIM swap fraud and synthetic identity onboarding viable. Consent architecture, however well designed, does not close that gap. Only universal, enforced integration does.
Coverage tells a similar story. Around 127 million NINs in a country of more than 200 million people, with men making up roughly 56 percent of registrations, leaves tens of millions of Nigerians, disproportionately women, outside the system. And NIMC would need to register some 3.3 million people a month to hit its 2026 target, a pace it has rarely sustained. None of this is an engineering problem. It is a problem of reach and of use.
Three priorities for the next phase
If the first phase of Nigeria’s identity agenda was about building and enrolling, and the current one is about consent and control, the next has to be about deepening use.
Make the credential worth carrying. Finance and telecoms are integrated; health and education are not. The multipurpose national ID card with payment capability, launched in 2024 under the AFRIGO scheme, only matters if institutions actually accept it. Every sector that builds the NIN into its workflow converts a cost (fraud, duplication, onboarding friction) into a saving.
Give consent teeth. The concern raised last week is the right one. Who monitors bulk lookups? Who sanctions an institution that fails to log consent? And when a citizen says “I did not authorise this transaction”, is there a redress channel they can actually reach? The international evidence suggests accessible redress is the strongest single predictor of whether people enrol at all.
Build for the region. As ECOWAS advances cross-border identity recognition, a credential that stops at Nigeria’s borders is worth less than one that travels. Designing for interoperability now costs far less than retrofitting it later.
The question worth asking
Nigeria is not where most of the continent is, wondering whether it can afford to build a digital identity system. It has built one, a capable one, and it is now adding the consent layer that makes it defensible. The question that should follow is less comfortable: why is so much of that infrastructure still running below its economic potential, and what would it take to change that? Consent protects the system. Adoption is what makes it worth protecting.
Sources: National Identity Management Commission (NIMC); NITDA draft DPI standards; Nigeria Inter-Bank Settlement System (NIBSS); Central Bank of Nigeria; World Bank ID4D programme; IN Groupe white paper “Digital Identity: Infrastructure that changes everything” (May 2026), based on University College London (IIPP) data. Maturity classifications are IN Groupe’s own analysis.
Join BusinessDay whatsapp Channel, to stay up to date
Open In Whatsapp
