National Commission for the Regulation of AI in Healthcare in Nigeria: A Cybersecurity Perspective

Abstract

Artificial Intelligence (AI) is transforming healthcare delivery in Nigeria, offering innovations in diagnostics, predictive analytics, and patient management. However, the integration of AI introduces significant cybersecurity vulnerabilities, including data breaches, adversarial attacks, and privacy risks. Nigeria's National Artificial Intelligence Strategy (NAIS) provides a foundational framework, but lacks specificity for healthcare and cybersecurity. This article proposes the establishment of a National Commission for AI Regulation in Healthcare (NCAIRH) to address these gaps. Drawing on existing policies, ethical considerations, and global best practices, it outlines the commission's potential structure, functions, and benefits, emphasizing cybersecurity as a core pillar. Recommendations include multi-stakeholder collaboration, risk-based regulations, and capacity building to ensure safe, ethical AI deployment.

Introduction

Nigeria's healthcare sector faces persistent challenges, including limited infrastructure, workforce shortages, and high disease burdens. AI technologies promise to mitigate these issues by enabling efficient diagnostics, personalized treatments, and resource optimization. For instance, AI-driven tools are being used for predictive analytics in disease surveillance and telemedicine, potentially improving access in rural areas. However, the rapid adoption of AI amplifies cybersecurity risks, such as data breaches and algorithmic manipulations that could compromise patient safety and privacy.

From a cybersecurity viewpoint, AI systems in healthcare handle sensitive personal health information, making them prime targets for cyber threats. Reports indicate a surge in AI-powered attacks on healthcare systems, with Nigeria's sector increasingly vulnerable due to inadequate protections. The absence of a dedicated regulatory body exacerbates these risks, as current frameworks like the Nigeria Data Protection Regulation (NDPR) and NAIS are not tailored to healthcare-specific AI applications. This article argues for a National Commission to regulate AI in healthcare, focusing on cybersecurity to foster responsible innovation. (https://healthwise.punchng.com/ai-powered-cyber-threats-put-healthcare-systems-at-risk-report).

Current Landscape of AI in Nigerian Healthcare

Nigeria's AI ecosystem is evolving under the NAIS, launched in 2025, which emphasizes economic growth, ethics, and governance across sectors including healthcare. The strategy highlights the need for clinical AI standards to ensure accuracy and reduce biases, particularly in datasets underrepresented by African populations. Initiatives like the National Centre for Artificial Intelligence and Robotics (NCAIR) support AI research, while startups deploy AI for blood supply matching and preliminary consultations. (https://regulations.ai/regulations/nigeria-summary) (https://ncair.nitda.gov.ng/wp-content/uploads/2025/09/National-Artificial-Intelligence-Strategy-19092025.pdf). 

Despite progress, adoption faces barriers: infrastructure gaps, limited digital literacy, and weak regulatory frameworks. Existing laws, such as the NDPR and Cybercrimes Act, address data privacy and cyber threats but lack specificity for AI in healthcare. Ethics committee members in Nigerian hospitals have expressed concerns over AI integration, citing knowledge deficits, ethical dilemmas, and the need for multi-stakeholder regulation. Stakeholders advocate for stronger frameworks, drawing from global models like the EU's General Data Protection Regulation (GDPR). (https://ai.ageditor.ar/index.php/ai/article/view/210) (https://www.nigerianjournalsonline.com/index.php/JLCLE/article/download/5999/6155) (https://www.sciencedirect.com/science/article/pii/S1386505625003570) (https://guardian.ng/features/health/stakeholders-advocate-ai-adoption-regulation-in-primary-healthcare). 

In Africa, broader AI governance efforts, such as the African Union's Continental AI Strategy, emphasize data protection and ethical use, but national implementations vary. Nigeria's regulatory vacuum leaves room for biases, errors, and cyber vulnerabilities, underscoring the urgency for targeted oversight. (https://scienceforafrica.foundation/sites/default/files/2025-04/Governance%20of%20AI%20for%20Global%20Health%20in%20Africa%20v3.pdf).

Cybersecurity Challenges in AI-Driven Healthcare

AI in healthcare introduces unique cybersecurity risks, amplified in low-resource settings like Nigeria. Key threats include:

1. Data Breaches and Privacy Violations: Healthcare data is highly sensitive, and AI systems reliant on large datasets are susceptible to breaches. In Nigeria, attacks on private healthcare providers have risen, with ransomware disrupting operations. The NDPR provides a foundation, but lacks provisions for AI-specific risks like re-identification in anonymized data. (https://healthwise.punchng.com/ai-powered-cyber-threats-put-healthcare-systems-at-risk-report).

2. Adversarial Attacks: Malicious inputs can manipulate AI outputs, leading to misdiagnoses. For example, AI models trained on non-representative data may fail for Nigerian populations, exacerbating biases and vulnerabilities. INTERPOL reports highlight ransomware and insider threats in African healthcare, including Nigeria. (https://aibase.ng/ai-opportunity/ai-in-nigerias-health-sector) (https://ng.andersen.com/cybersecurity-risks-in-healthcare-addressing-africas-digital-health-vulnerabilities). 

3. Infrastructure Vulnerabilities: Connected devices like infusion pumps and MRI scanners are hackable, posing life-threatening risks. Nigeria's digital health systems lack robust cybersecurity, with limited training leaving workers prone to phishing. (https://www.mdpi.com/2079-8954/13/6/439) (https://ng.andersen.com/cybersecurity-risks-in-healthcare-addressing-africas-digital-health-vulnerabilities). 

4. AI-Powered Threats: Cybercriminals use AI for sophisticated attacks, such as automated phishing or deepfakes, targeting healthcare's high-stakes environment. Without regulation, these risks could erode public trust and hinder AI adoption. (https://www.deloitte.com/ng/en/services/consulting-risk/perspectives/Nigerias-cybersecurity-landscape-in-2025.html). 

African perspectives emphasize proactive risk management, including cybersecurity in ethical frameworks. Nigeria's 2025 cybersecurity outlook warns of AI-amplified threats, necessitating integrated defenses.(https://pmc.ncbi.nlm.nih.gov/articles/PMC11966719) (https://www.deloitte.com/ng/en/services/consulting-risk/perspectives/Nigerias-cybersecurity-landscape-in-2025.html). 

The Need for a National Commission

The fragmented regulatory landscape—spanning NITDA, the Ministry of Health, and NCAIR—creates overlaps and gaps. A dedicated National Commission for AI Regulation in Healthcare (NCAIRH) would centralize oversight, focusing on cybersecurity to protect patients and systems. (https://www.pwc.com/ng/en/publications/ai-in-nigeria.html). 

Proposals for AI regulatory bodies exist, including bills for a National AI Council and Institute. Extending this to healthcare aligns with NAIS calls for sector-specific policies. Such a commission could enforce standards for AI validation, bias mitigation, and cyber resilience, drawing from African and global models. (https://digitalpolicyalert.org/event/27431-bill-on-establishment-of-the-national-institute-for-artificial-intelligence-and-robotic-studies-sciences-regulation-commission) (https://www.linkedin.com/pulse/strengthening-ai-governance-nigerias-health-sector-case-nonso-nwaeze-zrh1e) (https://www.frontiersin.org/journals/pharmacology/articles/10.3389/fphar.2023.1214422/epub).

Benefits include enhanced data governance, reduced cyber risks, and innovation promotion through ethical guidelines. Without it, Nigeria risks regulatory ambiguity, stifling AI's potential while exposing vulnerabilities. (https://scienceforafrica.foundation/sites/default/files/2025-04/Leveraging%20AI%20to%20Strengthen%20Health%20Systems%20in%20Nigeria%20v3.pdf).

Proposed Structure and Functions of the Commission

The NCAIRH should be an independent body under the Federal Ministry of Health, with NITDA and WULLAPP - L8Signal Cybersecurity collaboration for cybersecurity expertise. 

Structure

1. Governing Board: Multi-stakeholder representation from government, academia, industry, and civil society.

2. Technical Committees: Focused on ethics, cybersecurity, and innovation.

3. Secretariat: For administration, research, and enforcement.

Functions

• Regulatory Development: Draft healthcare-specific AI standards, including cybersecurity protocols (e.g., encryption, vulnerability assessments). (aibase.ng).

• Certification and Auditing: Mandate pre-deployment testing for AI tools, ensuring compliance with NDPR and international benchmarks.

• Risk Management: Implement risk-based classifications for AI systems, prioritizing high-risk applications like diagnostics.

• Capacity Building: Train healthcare professionals on AI and cybersecurity. (https://www.sciencedirect.com/science/article/pii/S1386505625003570).

• Monitoring and Enforcement: Oversee incidents, impose penalties, and foster international cooperation. (https://papers.ssrn.com/sol3/Delivery.cfm/5117653.pdf?abstractid=5117653&mirid=1).

• Research Funding: Allocate resources for cybersecurity R&D in AI healthcare. 

This aligns with proposals for balanced, proactive regulation in Africa. (https://www.frontiersin.org/journals/pharmacology/articles/10.3389/fphar.2023.1214422/epub). 

Recommendations

1. Adopt a Risk-Based Approach: Classify AI applications by risk levels, mandating stricter cybersecurity for high-impact uses. (https://ecdpm.org/download_file/47f0bc29-d91b-4def-8220-744f772aedce/4199)

2. Enhance Data Governance: Strengthen NDPR with AI-specific provisions, emphasizing African data sovereignty. (https://fpf.org/blog/the-african-unions-continental-ai-strategy-data-protection-and-governance-laws-set-to-play-a-key-role-in-ai-regulation)

3. Build Human Capacity: Partner with institutions for AI-cybersecurity training programs. (https://www.pwc.com/ng/en/publications/ai-in-nigeria.html)

4. Foster Collaboration: Engage stakeholders and align with AU strategies for harmonized regulations.(https://scienceforafrica.foundation/sites/default/files/2025-04/Governance%20of%20AI%20for%20Global%20Health%20in%20Africa%20v3.pdf) 

5. Monitor and Adapt: Regularly review frameworks to address emerging threats like AI-driven cyberattacks. (https://www.deloitte.com/ng/en/services/consulting-risk/perspectives/Nigerias-cybersecurity-landscape-in-2025.html)

Conclusion

Establishing a National Commission for AI Regulation in Healthcare is essential for Nigeria to harness AI's benefits while mitigating cybersecurity risks. By prioritizing ethical, secure deployment, the commission can build public trust, drive innovation, and position Nigeria as a leader in African AI governance. Policymakers must act swiftly to bridge regulatory gaps, ensuring AI serves as a tool for equitable healthcare advancement.

Declaration of Generative AI

The author used Grok AI (xAI) for research assistance, reference compilation, content organization, and language enhancement during manuscript preparation. All material was reviewed, edited, and finalized by the author, who takes full responsibility for the work.

References

1. National Artificial Intelligence Strategy (NAIS)

   • Publisher/Author: National Information Technology Development Agency (NITDA) / National Centre for Artificial Intelligence and Robotics (NCAIR)

   • Date: September 19, 2025 (final version)

   • Link: https://ncair.nitda.gov.ng/wp-content/uploads/2025/09/National-Artificial-Intelligence-Strategy-19092025.pdf

   • Description: Core national policy document outlining Nigeria's AI governance, ethics, adoption, and sector-specific applications, including healthcare.

1. Ethical Oversight of AI in Nigerian Healthcare: A Qualitative Analysis of Ethics Committee Members' Perspectives on Integration and Regulation

• Publisher/Author: Published in International Journal of Medical Informatics (via ScienceDirect)

• Date: 2025 (Epub October 9, 2025)

• Link: https://www.sciencedirect.com/science/article/pii/S1386505625003570

• Alternative/PubMed: https://pubmed.ncbi.nlm.nih.gov/41092592

• Description: Qualitative study on ethics committee views, knowledge gaps, ethical concerns, and the need for multi-stakeholder AI regulation in Nigerian hospitals.

1. Leveraging Artificial Intelligence (AI) to Strengthen Health Systems in Nigeria

• Publisher/Author: Science for Africa Foundation (SFA Foundation), in collaboration with mDoc and Nigeria Health Watch

• Date: April 2025 (policy brief based on March 2024 convening)

• Link: https://scienceforafrica.foundation/sites/default/files/2025-04/Leveraging%20AI%20to%20Strengthen%20Health%20Systems%20in%20Nigeria%20v3.pdf

• Description: Policy brief on AI opportunities, challenges (including data governance and infrastructure), and recommendations for ethical AI in Nigerian healthcare.

1. Nigeria Data Protection Act (NDPA) 2023 (superseding the Nigeria Data Protection Regulation - NDPR 2019)

• Publisher/Author: Federal Government of Nigeria / Nigeria Data Protection Commission

• Date: Enacted June 12, 2023 (relevant for 2025–2026 AI contexts)

• Link: Official details and compliance guides available via sources such as https://secureprivacy.ai/blog/nigeria-data-protection-law (2025 update)

• Description: Primary data protection law addressing privacy in AI systems, including healthcare data; foundational for cybersecurity and re-identification risks.

1. Nigeria Cybersecurity Outlook 2026

• Publisher/Author: Deloitte Nigeria

• Date: 2026 (forward-looking report building on 2025 edition)

• Link: https://www.deloitte.com/ng/en/services/consulting/perspectives/nigeria-cybersecurity-outlook-2026.html

• Description: Analysis of AI-amplified cyber threats, ransomware in healthcare, zero-trust needs, and governance gaps in sectors like healthcare.

1. AI-Powered Cyber Threats Put Healthcare Systems at Risk — Report

• Publisher/Author: Punch Healthwise (citing industry and security reports)

• Date: September 17, 2025

• Link: https://healthwise.punchng.com/ai-powered-cyber-threats-put-healthcare-systems-at-risk-report

• Description: Highlights surge in AI-enhanced attacks on Nigerian healthcare, including ransomware and operational disruptions.

1. Digital Health Services Bill, 2025 (proposed/reviewed)

• Publisher/Author: TechHive Advisory (review)

• Date: October 6, 2025 (Bill introduced March 2025)

• Link: https://www.techhiveadvisory.africa/insights/review-of-nigerias-digital-health-services-bill-2025

• Description: Proposed framework for regulating telemedicine, AI platforms, and cybersecurity in digital health services.

1. Nigeria Moves Toward Formal AI Regulation With New National Oversight Bill (and related bills, e.g., National Digital Economy and E-Governance Bill)

• Publisher/Author: Various (e.g., iAfrica.com, Bloomberg reports)

• Date: November 28, 2025 – January 2026

• Link: https://iafrica.com/nigeria-moves-toward-formal-ai-regulation-with-new-national-oversight-bill

• Description: Covers proposals for a National Artificial Intelligence Council and risk-based AI regulation, including healthcare applications.

Additional supporting sources frequently referenced in related literature include:

• Reports from NITDA and FMCIDE on AI strategy implementation (2025 updates).

• INTERPOL and African Union documents on cybersecurity in African healthcare (contextual for continental risks).

• Academic papers on AI bias, adversarial attacks, and data sovereignty in low-resource settings (e.g., via ResearchGate and SSRN, 2025 publications).