Are U.S. Foreign SaaS Corporations Regulated by Nigeria?

We think that the African SaaS market is already significantly larger than commonly cited figures suggest. While some sources estimate it at around $3.5 billion in 2023, we believe this substantially understates actual consumption. As U.S.-based SaaS companies expand globally, Nigeria, with its large, tech-savvy population and growing digital economy, is an increasingly attractive market. But engaging Nigerian users comes with legal and regulatory questions, especially for foreign SaaS corporations with no physical presence in the country. In this legal update,  we provide information around some of the key questions we often field from clients.

 1. Are U.S. Foreign SaaS Corporations Required to Register a Separate Company in Nigeria?

Generally, registration is not mandatory for every foreign SaaS provider. However, the answer may also depend on the mode of operation. Registration is typically not required if the SaaS platform is fully remote, hosted offshore, with no local employees, agents, or office. Registration may be required where a U.S. Foreign Corporation has SaaS customers in Nigeria, employs Nigerian staff or contractors, opens a local office or appoints a dependent agent, bids for government contracts or regulated industry work.

2. Are U.S. Foreign SaaS Corporations Liable to Pay Tax in Nigeria?

Yes, foreign SaaS companies may be liable to certain Nigerian taxes even without physical presence, under Nigeria’s Significant Economic Presence (SEP) regime. A U.S. Foreign Corporation with SaaS customers in Nigeria may be liable to corporate taxes if the U.S. Foreign corporation has significant economic presence in Nigeria. A U.S. Foreign Corporation with SaaS customers in Nigeria may also be liable to charge VAT if a SaaS service is used by Nigerian customers.

3. Are U.S. Foreign SaaS Corporations Subject to Nigeria’s Data Protection Laws?

Yes. Nigeria’s Data Protection Act, 2023 generally applies extraterritorially to foreign companies processing the Personal Data of Nigerians, regardless of where the processor or controller is based. As a general rule, a U.S. Foreign Corporation with SaaS customers in Nigeria will be required to comply with lawful basis requirements, cross-border transfer rules, data security measures and reporting obligations.

Conclusion: One Size Does Not Fit All

While Nigeria has taken clear steps to assert regulatory and tax jurisdiction over foreign digital service providers, the precise scope and extent of the legal obligations of a U.S. Foreign Corporation with SaaS customers in Nigeria is highly fact-specific. As with many cross-border legal issues, there is no universal rule. Each SaaS company must assess its operational footprint, tax exposure, and data practices through the lens of Nigerian law.

How We Can Help?

We support foreign corporations with a number of services including regulatory risk assessments, local incorporations, data privacy audits and compliance, tax structuring, contract reviews and localization, and representation before Nigerian regulators.

Balogun Harold insights are shared for general informational purposes only and does not constitute legal advice. For tailored guidance, please contact our Technology and Market Entry Lawyers at bhlegalsupport@balogunharold.com