GUIDELINES FOR THE PROVISION OF INTERNET SERVICE

PUBLISHED BY THE NIGERIAN COMMUNICATIONS COMMISSION

These Guidelines apply to all Licensees providing Internet access services or any other Internet
Protocol based telecommunications services (hereinafter, “ISPs”).

These Guidelines are published pursuant to Section 70(2) of the Nigerian Communications Act
2003, and are dated [insert date of issue].

PART I: COMPLIANCE WITH GENERAL CONSUMER CODE OF PRACTICE

1. All ISPs shall comply with the Consumer Code of Practice Regulations, 2006.

2. For greater certainty, in the event that any ISP, including by participation in an
association of ISPs, does not submit an individual consumer code pursuant to Regulation
10 of those Regulations, the provision of services and consumer practices applicable to
that ISP shall be governed by the General Code attached as Schedule 1 to the
Regulations.

3. In addition to the information disclosure requirements described in Part II of the General

Code, ISPs shall ensure that they disclose the following information regarding their
provision of Internet access services:

(a) ISPs must make full and fair disclosure of information regarding bandwidth
(including whether bandwidth is shared or dedicated to the user) and bit transfer
rates to Consumers before the process of subscription is concluded;

(b) ISPs must give their subscribers notice of any planned upgrade of ISP equipment,
which could have any material effect on continuing use of the services, at least six
(6) months before making the change;

(c) ISPs must give their subscribers notice of any winding- up or other discontinuation
of the services at least six (6) months before such discontinuation; and

(d) ISPs must maintain an up-to-date list of their subscribers, particularly commercial
subscribers such as cybercafés or other resellers to which they provide service.

4. In complying with the Consumer complaints provisions of Part VII of the General Code,
ISPs shall ensure:

(a) that they maintain one or more customer care centers dedicated to handling
complaints aris ing from the use of their services; and
 (b) that efficient procedures for lodging complaints are clearly described, including
the timing for the ISP’s initial response and anticipated timeline for complaint
resolution.

PART II: INVESTIGATION AND ENFORCEMENT

5. Response to Inappropriate or Illegal Use

ISPs must ensure that users are informed of any statements of cybercrime prevention or
acceptable Internet use published by the Commission or any other authority, and that
failure to comply with these acceptable use requirements may lead to criminal
prosecution, including with respect to:

(a) unlawful access or fraudulent use of a computer;

(b) identity theft, impersonation or unauthorized disclosure of access codes;

(c) unlawful interception, or any form of system interference;

(d) violation of intellectual property rights;

(e) any other use for unlawful purposes, including terrorism, promoting racial,
religious or other hatred or any unlawful sexual purposes.

6. Cooperation with Enforcement Agencies

(a) ISPs must generally cooperate with all law enforcement and regulatory agencies
investigating cybercrime or other illegal activity.

(b) ISPs must provide contact details for the ISP representative(s) responsible for
addressing cybercrime issues. The contact information must include one or more
means of contacting the identified individual(s) outside of normal business hours.

(c) ISPs must provide any service related information requested by the Commission
or other legal authority, including information regarding particular users and the
content of their communications, subject to any other applicable laws of Nigeria.

(d) ISPs must contact the Commission, and any other legal or regulatory authority
identified by the Commission from time to time, in the event they become aware
of any complaint or activity indicating Internet use for the commission of an
offence.

7. Termination of Service Agreements

ISPs must include a provision in their service agreements that permits the immediate
disconnection or suspension of a user’s account, and the termination of their service

Internet Service Guidelines page 2

 agreement, when the ISP becomes aware that any of its services are being used by the
user contrary to the requirements of these Guidelines or other applicable laws or
regulation.

8. Records and Data Retention

ISPs must retain Internet service related information, including user identification, the
content of user messages and traffic or routing data, for a minimum period of twelve (12)
months or as otherwise directed by the Commission from time to time.

PART III: CONTENT RELATED ACTIVITIES

9. Protection of End Users

ISPs shall prominently display instructions regarding online safety on their home pages,
including:

(a) describing methods of controlling access to content, particularly any filters

available for persons who wish to control access to content;

(b) notifying users of their rights and obligations under applicable laws with respect
to placing content on the Internet; and

(c) informing end users of the procedures to follow for making a complaint regarding
content.

10. Additional Protection of Minors

ISPs must take reasonable steps to ensure that Internet service accounts are not provided
to minors without the consent of a parent or guardian. Reasonable steps include:

(a) requiring that accounts only be opened on presentation of valid identification,

such as a driver’s licence, passport or national identity card;

(b) ensuring that a prominent notice is displayed on marketing materials for the
service stating that, prior to using the service, minors must obtain the consent of a
parent or guardian; and

(c) providing filters suitable for parents or guardians who wish to control access to
certain types of content.

If an ISP is notified in writing by a parent or guardian that an account holder is a minor,

and that the account holder does not have adult consent for maintaining the account, the
ISP must disable the account without delay.

11. Liability of ISPs as Content Intermediaries

Internet Service Guidelines page 3

(a) Acting as Mere Conduit

ISPs shall not be liable for the content of any Internet service transmission by a user of
the service or for providing access to such content by other users if the ISP:

(i) has not initiated the transmission;

(ii) has not selected the recipient(s) of the transmission;

(iii) has not selected or modified the content contained in the transmission; and

(iv) acts without delay to remove or disable access to the information on

receipt of any takedown notice (see paragraph 12 following), or on
becoming aware that the information at the initial source of the
transmission has been removed or disabled.

(b) Caching

ISPs shall not be liable for the transmission in a communicatio n system of automatic,
intermediate and temporarily stored information provided by a user of the service if the
ISP:

(i) does not modify the information;

(ii) does not interfere with any conditions of access applicable to the
information;

(iii) complies with any rules regarding the updating of the information;

(iv) does not interfere with the lawful use of technology to obtain data on the
use of the information; and

(v) acts without delay to remove or disable access to the information on

receipt of any takedown notice (see paragraph 12 following), or on
becoming aware that the information at the initial source of the
transmission has been removed or disabled.

(c) Hosting

ISPs shall not be liable for the storage of information at the request of any user of the
service if the ISP:

(i) does not modify the information;

(ii) does not interfere with any conditions of access applicable to the
information;

(iii) does not interfere with the lawful use of technology to obtain data on the
use of the information;

Internet Service Guidelines page 4

 (iv) does not have knowledge of illegal activity related to the information; and

(v) acts without delay to remove or disable access to the information on

receipt of any takedown notice (see paragraph 12 following).

12. Takedown Notices

ISPs must have in place a procedure for receiving and promptly responding to content
related complaints, including any notice to withdraw or disable access to identified
content issued by the Commission or other legal authority (“takedown notices”).

PART IV: UNSOLICITED COMMERCIAL COMMUNICATIONS (“SPAM”)

13. Provision of Information

ISPs must take reasonable steps to:

(a) inform users regarding proper email practices, including the requirements
identified in these Guidelines;

(b) ensure that users are updated regarding any changes to applicable laws or
regulation;

(c) inform users of the consequences of acting contrary to proper email practices; and

(d) inform users of methods of reducing unsolicited email, including the availability
of SPAM filters or similar services and the ISP’s SPAM reporting and complaints
procedures.

14. Commercial Communications

ISPs must take reasonable steps to promote compliance with the following requirements
for commercial email or other commercial communications transmitted using the ISP’s
services:

(a) the communication must be clearly identified as a commercial communication;

(b) the person or entity on whose behalf the communication is being sent must be
clearly identified;

(c) the conditions to be fulfilled in order to qualify for any promotional offers,
including discounts, rebates or gifts, must be clearly stated;

(d) promotional contests or games must be identified as such, and the rules and
conditions to participate must be clearly stated; and

Internet Service Guidelines page 5

 (e) persons transmitting unsolicited commercial communications must take account
of any written request from recipients to be removed from mailing lists, including
by means of public “opt-out registers” in which people who wish to avoid
unsolicited commercial communications are identified.

15. Further Restrictions

(a) ISPs must maintain appropriate restrictions on inbound and outbound connections
for any service they manage that allows email forwarding on behalf of third
parties.

(b) If an ISP receives notification that any of its services have been used for the
transmission of unsolicited communications contrary to these Guidelines,
including the transmission of SPAM email, the ISP shall take reasonable steps to
notify the responsible user and describe the prohibited activity. If the prohibited
activity is ongoing or serious, the ISP shall suspend or terminate the user’s
account (as provided for in paragraph 7 above); and shall report the activity to any
responsible regulatory or law enforcement agency.

PART V: SUPPLY OF INTERNET ACCESS SERVICES FOR RESALE

16. ISPs that supply Internet access services to other ISPs for resale shall ensure that their
supply agreements include the following provisions:

(a) the right to suspend or terminate service supply in the event of any direction,
decision or order from the Commission identifying the recipient of the services as
being in breach of its licence or any other legal requirement;

(b) the obligation for the recipient of the services to retain Internet service related
information, including user identification, the content of user messages and traffic
or routing data, for a minimum period of twelve (12) months (or such other period
as is directed by the Commission from time to time);

(c) requirements that the recipient of the services provide any service related
information that the supplier of the services requires to comply with any direction,
decision or order from the Commission, or any licence condition or other legal
requirement; and

(d) the right to provide copies of any service supply agreement and any service
related information to the Commission or other legal authority.

PART VI: MISCELLANEOUS PROVISIONS

17. ISPs may seek clarification of the application of these Guidelines, and acceptable
compliance practices, from the Commission.

Internet Service Guidelines page 6

18. The Commission may from time to time issue additional directions, decisions or orders
on any aspect of these Guidelines, and either of general application or specific to an ISP.

19. The Commission may also revise these Guidelines, or part thereof, at any time by
publishing replacement Guidelines.

Internet Service Guidelines page 7