SaaS Subscription Agreement (Nigeria)
SAAS SUBSCRIPTION AGREEMENT
Nigeria Data Protection Act 2023 | Cybercrimes (Prohibition, Prevention, etc.) Act 2015 | Federal Competition and Consumer Protection Act 2018
THIS SAAS SUBSCRIPTION AGREEMENT is made on [Agreement Date]
BETWEEN:
(1) [Provider Name] of [Provider Address], RC [Provider RC Number] (hereinafter referred to as the "Provider"); AND
(2) [Subscriber Name] of [Subscriber Address], RC [Subscriber RC Number] (hereinafter referred to as the "Subscriber").
1. SUBSCRIPTION AND LICENSE
1.1 The Provider grants the Subscriber a non-exclusive, non-transferable right to access and use [Software Name] (the "Service") — [Service Description] — via the internet for [Number of Users] during the Subscription Term.
1.2 The Subscriber shall not sublicense, resell, or make the Service available to any third party. All intellectual property rights in the Service remain vested in the Provider.
2. SERVICE LEVEL AGREEMENT (SLA)
2.1 The Provider undertakes to maintain the Service at an uptime of [Uptime Guarantee]. Downtime caused by force majeure, internet infrastructure disruptions, or maintenance windows scheduled with 48 hours' advance notice shall be excluded from SLA calculations.
2.2 Where the Provider fails to meet the uptime guarantee in any calendar month, the Subscriber shall be entitled to a service credit calculated as a percentage of the monthly subscription fee proportionate to the excess downtime duration.
3. SUBSCRIPTION FEES AND PAYMENT
3.1 The Subscriber shall pay the Provider a subscription fee of [Subscription Fee] for the Subscription Term of [Subscription Term]. Fees are exclusive of VAT at [VAT Rate], which the Subscriber shall pay in addition.
3.2 Invoices shall be issued on the schedule agreed and are due for payment [Payment Due Date]. Late payments shall accrue interest at the Central Bank of Nigeria (CBN) Monetary Policy Rate plus 5% per annum.
3.3 The Provider may suspend access to the Service upon 14 days' written notice if the Subscriber fails to pay overdue fees after a 14-day cure period.
4. DATA PROTECTION AND NDPA 2023 COMPLIANCE
4.1 Where the Provider processes personal data of the Subscriber's customers or employees, the Provider acts as a data processor and the Subscriber acts as the data controller under the Nigeria Data Protection Act 2023 (NDPA 2023). The parties shall enter into a Data Processing Agreement (DPA) under Section 43 of the NDPA 2023.
4.2 The Provider shall implement appropriate technical and organisational security measures under Section 39 of the NDPA 2023 and notify the Subscriber of any personal data breach within 72 hours of becoming aware.
4.3 The Subscriber's data shall remain the Subscriber's property at all times. Upon termination, the Provider shall make all Subscriber data available for export for 30 days, after which the Provider shall permanently delete all Subscriber data from its systems.
5. LIABILITY AND TERMINATION
5.1 The Provider's aggregate liability for all claims arising under this Agreement shall not exceed [Liability Cap]. Neither party shall be liable for indirect, consequential, or special losses.
5.2 Either party may terminate this Agreement on 30 days' written notice. Either party may terminate immediately for material breach unremedied within 14 days of written notice, or upon insolvency of the other party.
5.3 This Agreement is governed by the laws of the Federal Republic of Nigeria. Disputes shall be resolved by arbitration under the Arbitration and Conciliation Act (Cap A18, LFN 2004) in Lagos.
Service Provider
________________
Signature
Subscriber
________________
Signature
What Is a SaaS Subscription Agreement (Nigeria)?
A SaaS Subscription Agreement in Nigeria sets out the rights, duties and consideration binding the parties to it.
The Nigeria Data Protection Act 2023, signed into law on 14 June 2023, is the principal data protection statute in Nigeria and was enacted to harmonise Nigeria's data protection framework with the principles of the General Data Protection Regulation (GDPR) of the European Union and international standard practices. The NDPA 2023 established the Nigeria Data Protection Commission (NDPC) as the independent regulatory authority responsible for enforcement, licensing of Data Protection Compliance Organisations (DPCOs), and issuance of guidance. A SaaS provider who processes personal data of Nigerian subscribers on behalf of a customer (acting as a data processor) is subject to the NDPA 2023's Data Processing Agreement (DPA) requirements under Section 43 of the NDPA 2023.
The Federal Competition and Consumer Protection Commission (FCCPC), established under the Federal Competition and Consumer Protection Act (FCCPA) 2018, regulates unfair commercial practices in SaaS transactions, including misleading advertising, unfair subscription terms, and obstacles to cancellation. SaaS agreements in Nigeria must also comply with the Electronic Transactions Act 2011 (applicable in some states) and the National Information Technology Development Agency (NITDA) framework for technology service providers.
Nigerian courts have begun to engage with SaaS and cloud computing disputes, particularly in Lagos, where the Technology and Intellectual Property Division of the Lagos State High Court has developed jurisprudence on software licensing, data breach liability, and service level agreement enforcement.
The legal framework governing the SaaS Subscription Agreement (Nigeria) in Nigeria draws on several key statutes and regulatory bodies. Under Nigerian law, the Companies and Allied Matters Act 2020 (CAMA) regulates corporate entities through the Corporate Affairs Commission (CAC). The Labour Act (Cap L1 LFN 2004) and the National Industrial Court of Nigeria (NICN) govern employment disputes. The Nigeria Data Protection Regulation (NDPR) 2019 and the Nigeria Data Protection Commission (NDPC) protect personal data. The Federal Inland Revenue Service (FIRS) administers tax obligations under the Companies Income Tax Act. The Federal High Court and state High Courts have jurisdiction over civil matters. Parties executing a SaaS Subscription Agreement (Nigeria) in Nigeria should confirm the document reflects current law, including any amendments enacted since the original drafting date. The Companies and Allied Matters Act (CAMA) 2020 sets the foundational requirements.
When Do You Need a SaaS Subscription Agreement (Nigeria)?
A SaaS Subscription Agreement in Nigeria is required whenever a technology vendor provides cloud-based software access to a Nigerian business or consumer.
A SaaS Subscription Agreement is needed when a Nigerian fintech company (such as Paystack, Flutterwave, or Kuda Bank) offers its payment processing or banking software as a service to merchant subscribers. The agreement governs access rights, API usage, data sharing between processor and subscriber, and liability for transaction errors under the Central Bank of Nigeria (CBN) Regulatory Framework for Electronic Payment Systems in Nigeria.
A SaaS Subscription Agreement is required when an enterprise resource planning (ERP) vendor — such as SAP Nigeria, Oracle Nigeria, or a local software company — provides cloud-hosted ERP software to a Nigerian manufacturing, retail, or service company. The agreement defines the service scope, uptime guarantees expressed as a Service Level Agreement (SLA), support response times, and data backup obligations.
A SaaS Subscription Agreement is needed when a healthtech startup provides a hospital management system or electronic health records (EHR) platform to Nigerian healthcare providers. The agreement must comply with the NDPA 2023 data processing requirements and the Nigerian Medical Council and Health Records Officers' professional guidelines on health data.
A SaaS Subscription Agreement is required when a foreign SaaS vendor (headquartered outside Nigeria) provides software to Nigerian corporate subscribers. Under the NDPA 2023, Section 43, cross-border data transfers to countries that do not have adequate data protection must be governed by standard contractual clauses or binding corporate rules approved by the Nigeria Data Protection Commission (NDPC).
A SaaS Subscription Agreement is needed when a government ministry, department, or agency (MDA) procures cloud software under the Public Procurement Act 2007 framework and the Federal Ministry of Communications, Innovation and Digital Economy's cloud computing policy.
Parties in Nigeria should prepare a SaaS Subscription Agreement (Nigeria) proactively rather than waiting for a dispute to arise. Courts interpret agreements based on the written terms rather than oral representations. Under Nigerian law, the Companies and Allied Matters Act 2020 (CAMA) regulates corporate entities through the Corporate Affairs Commission (CAC). The Labour Act (Cap L1 LFN 2004) and the National Industrial Court of Nigeria (NICN) govern employment disputes. The Nigeria Data Protection Regulation (NDPR) 2019 and the Nigeria Data Protection Commission (NDPC) protect personal data. The Federal Inland Revenue Service (FIRS) administers tax obligations under the Companies Income Tax Act. The Federal High Court and state High Courts have jurisdiction over civil matters. Where the transaction involves regulated activities, prior approval from the relevant authority may be required before execution.
What to Include in Your SaaS Subscription Agreement (Nigeria)
A valid Nigeria SaaS Subscription Agreement must contain the following essential elements.
Parties: Full legal names, registered addresses, and CAMA 2020 RC numbers of the service provider and subscriber. For foreign providers, include the country of incorporation and any Nigerian subsidiary or representative entity registration details.
Subscription and License Grant: A clear description of the software, the scope of access (number of users, modules, data storage limits), and the nature of the license — a non-exclusive, non-transferable right to access and use the software via the internet. Specify whether source code access is included or whether the software is provided on a hosted (black box) basis.
Subscription Fees and Payment: The monthly or annual subscription fee in NGN (or foreign currency with a mechanism for exchange rate adjustments), due dates, payment method, late payment interest (typically the CBN Monetary Policy Rate plus a margin), and the vendor's right to suspend access for non-payment after a cure period.
Service Level Agreement (SLA): Uptime guarantee (typically 99.5% or 99.9% for enterprise SaaS), response times for critical vs. Non-critical incidents, planned maintenance windows, and service credit or refund mechanism for SLA breaches.
Data Processing and NDPA 2023 Compliance: Where the vendor processes personal data on the subscriber's behalf, a Data Processing Agreement (DPA) under Section 43 of the Nigeria Data Protection Act 2023 must be included or attached. The DPA must address processing purpose, data categories, retention periods, sub-processor obligations, security measures, and breach notification obligations.
Intellectual Property: Confirmation that the vendor retains all intellectual property rights in the software, and that the subscriber's data remains the subscriber's property. Include obligations on the vendor to return or delete subscriber data on termination.
Confidentiality: Reciprocal confidentiality obligations covering the vendor's technical information and the subscriber's business data.
Security: The vendor's obligations to maintain appropriate technical and organisational security measures under Section 39 of the NDPA 2023, including encryption, access controls, and annual security audits.
Termination: Grounds for termination by either party (material breach, insolvency, convenience with notice), notice periods, and post-termination data retrieval obligations — typically 30 days for the subscriber to download data before the vendor deletes it.
Limitation of Liability: Cap on the vendor's liability (typically subscription fees paid in the preceding 12 months) and exclusion of consequential losses. Subject to mandatory Nigerian consumer protection provisions under the FCCPA 2018.
Additional compliance elements for a SaaS Subscription Agreement (Nigeria) used in Nigeria include: Under Nigerian law, the Companies and Allied Matters Act 2020 (CAMA) regulates corporate entities through the Corporate Affairs Commission (CAC). The Labour Act (Cap L1 LFN 2004) and the National Industrial Court of Nigeria (NICN) govern employment disputes. The Nigeria Data Protection Regulation (NDPR) 2019 and the Nigeria Data Protection Commission (NDPC) protect personal data. The Federal Inland Revenue Service (FIRS) administers tax obligations under the Companies Income Tax Act. The Federal High Court and state High Courts have jurisdiction over civil matters. Forms-legal.com provides this template as a starting point for Nigeria-compliant documentation.
Cite this page
Reference this free template in an article, syllabus, or research note:
Forms Legal. (2026). SaaS Subscription Agreement (Nigeria) (Nigeria) [Legal document template]. Forms Legal. https://forms-legal.com/nigeria/business/intellectual-property/saas-subscription-agreement-nigeria
"SaaS Subscription Agreement (Nigeria) (Nigeria)." Forms Legal, 2026, https://forms-legal.com/nigeria/business/intellectual-property/saas-subscription-agreement-nigeria.
@misc{formslegal-saas-subscription-agreement-nigeria,
author = {{Forms Legal}},
title = {SaaS Subscription Agreement (Nigeria) (Nigeria)},
year = {2026},
howpublished = {\url{https://forms-legal.com/nigeria/business/intellectual-property/saas-subscription-agreement-nigeria}},
note = {Free legal document template. Based on Companies and Allied Matters Act (CAMA) 2020}
}Frequently Asked Questions
A SaaS agreement in Nigeria must comply with the Nigeria Data Protection Act 2023 (NDPA 2023) where the vendor processes personal data of Nigerian individuals on behalf of the subscriber. Under Section 43 of the NDPA 2023, where a data controller engages a data processor (such as a SaaS vendor who stores or processes subscriber customer data), there must be a written Data Processing Agreement (DPA) that sets out the nature and purpose of the processing, the types of personal data processed, the data subject categories, the vendor's security obligations, and the obligation to assist the subscriber in responding to data subject requests under Part IV of the NDPA 2023. The Nigeria Data Protection Commission (NDPC), established under the NDPA 2023, has power to investigate violations and impose administrative fines of up to 2% of annual gross revenue for data processing violations, making NDPA 2023 compliance a material commercial consideration for Nigerian SaaS providers.
A Service Level Agreement (SLA) is a contractual commitment by the SaaS vendor defining the minimum levels of service — particularly system uptime, response time, and support quality — that the vendor undertakes to provide. In a Nigerian SaaS agreement, SLA provisions are particularly important given the potential impact of internet infrastructure variability on cloud service availability, including issues with MTN Nigeria, Airtel Nigeria, or MainOne/Equinix submarine cable disruptions. A well-drafted SLA specifies the uptime percentage guarantee (typically 99.5% or 99.9% measured monthly, excluding planned maintenance), the procedure for reporting incidents, the vendor's response times for different severity levels, and the remedies available to the subscriber where the SLA is not met — typically service credits calculated as a percentage of the monthly subscription fee proportionate to the downtime duration. Without an SLA, the subscriber has no contractual basis to claim relief for service outages beyond general breach of contract damages under Nigerian contract law.
A foreign SaaS provider can contract with a Nigerian subscriber without establishing a local legal presence in Nigeria, and cross-border SaaS transactions are common in the Nigerian technology market. However, foreign providers operating in Nigeria at scale face several regulatory considerations. Under the NDPA 2023, a foreign entity that processes the personal data of Nigerian residents is subject to the Act regardless of where the entity is incorporated — the NDPC's jurisdiction extends to any data processing that relates to Nigerian data subjects. Foreign providers must comply with Section 42 of the NDPA 2023 on cross-border data transfers and may need to appoint a Nigerian representative. For tax purposes, a foreign SaaS provider without a Nigerian fixed place of business is not automatically subject to Nigerian Company Income Tax (CIT), but may be subject to the digital service tax provisions introduced by the Finance Act 2021, which imposes a 6% tax on digital services income derived from Nigeria.
The treatment of subscriber data on termination of a SaaS agreement in Nigeria should be expressly addressed in the contract. Under Section 44 of the Nigeria Data Protection Act 2023, a data processor (SaaS vendor) must, at the choice of the data controller (subscriber), delete or return all personal data to the controller at the end of the processing engagement, unless Nigerian law requires retention. Best practice in Nigerian SaaS agreements provides the subscriber with a post-termination data retrieval period — typically 30 to 90 days after termination — during which the subscriber can export all data in a portable format (CSV, JSON, XML). After the retrieval period, the vendor should confirm in writing that all subscriber data has been permanently deleted from all production and backup systems. Vendors who retain subscriber data beyond the agreed period without legal justification face potential liability under the NDPA 2023 and the Cybercrimes (Prohibition, Prevention, etc.) Act 2015.
SaaS subscriptions in Nigeria are subject to Value Added Tax (VAT) at the standard rate of 7.5% under the Value Added Tax Act (Cap V1, LFN 2004) as amended by the Finance Act 2020. The Finance Act 2019 extended VAT to digital and electronic services supplied by non-resident vendors to Nigerian customers — meaning both Nigerian and foreign SaaS providers must charge and remit VAT on subscriptions delivered to Nigerian subscribers. Nigerian SaaS vendors registered with the Federal Inland Revenue Service (FIRS) for VAT are required to issue VAT invoices, collect VAT at 7.5% of the subscription fee, and remit monthly. Business subscribers who are registered for VAT can claim input VAT credits against their own VAT output liability. Foreign vendors supplying digital services to Nigerian consumers must register with FIRS for VAT under the non-resident vendor VAT registration regime introduced by the Finance Act 2019 and expanded by the Finance Act 2021.
This template is provided for informational purposes only and does not constitute legal advice. Laws vary by jurisdiction and change over time. Consult a qualified attorney for advice specific to your situation.Full disclaimer
Found an error? Let us knowRelated Documents
You may also find these documents useful:
API Licensing Agreement (Nigeria)
An API (Application Programming Interface) licensing agreement for Nigerian technology companies. Governed by the Copyright Act 2022 (as amended), the Nigeria Data Protection Act 2023 (NDPA), and the Nigerian Communications Commission (NCC) regulations. Covers API access rights, rate limits, data handling, licence fees in NGN, prohibited uses, and IP ownership.
Data Processing Agreement (Nigeria)
A Data Processing Agreement (DPA) for Nigeria compliant with the Nigeria Data Protection Act (NDPA) 2023 and NDPC requirements. Governs the relationship between data controllers and data processors, covering processing instructions, security obligations, sub-processor controls, data breach notification, and data subject rights support.
Cybersecurity Policy (Nigeria)
A corporate cybersecurity policy for Nigerian organisations compliant with the Cybercrimes (Prohibition, Prevention, Etc.) Act 2015, CBN Cybersecurity Framework 2021, NDPC Nigeria Data Protection Act 2023, and the NCC Cybersecurity Regulations. Covers access controls, incident response, data protection, and staff obligations.