The National Identity Management Commission (NIMC) has ordered an audit of all licensed vendors and technical partners operating in its identity sector, warning that any lapse that exposes Nigerians’ personal data will attract strict sanctions.

Earlier, the commission also announced a major partnership with the Nigeria Data Protection Commission (NDPC) to train and certify nearly 4,000 staff on data protection compliance and best practices.

The directive was issued yesterday in Abuja during a high-level engagement with representatives of the Office of the National Security Adviser (ONSA), security agencies, and Front-End Enrolment Partners (FEPs), focusing on software compliance, cybersecurity, and operational standards across the national identity framework.

The development comes amid rising public concerns over insecurity, cybercrime, and identity-related fraud across the country, with increasing scrutiny of the effectiveness of the National Identification Number (NIN) system as a national security and service-delivery tool.

Addressing stakeholders, NIMC Director-General and Chief Executive Officer, Dr Abisoye Coker-Odusote, said the commission would no longer tolerate any vulnerability within its partner network, stressing that identity data protection remains central to national security.

“The protection of citizens relies on the NIN. It relies on identity,” she said, adding that the NIN serves as a gateway to essential services, including healthcare, education, financial inclusion, telecommunications, and government programmes.

She disclosed that the commission has identified a growing wave of fraudulent websites, visa scams, and phishing platforms targeting unsuspecting Nigerians, warning that such threats underscore the need for tighter control of the identity ecosystem.

“There are a lot of illegal sites that have popped up in Nigeria around visa scams, illegal sites around NIN and a lot of data-phishing happening across borders,” she said.

Dr Coker-Odusote directed that all vendors linked to NIMC infrastructure must undergo rigorous compliance audits to ensure full adherence to security and operational standards.

“We must ensure that your systems are audited for compliance to guarantee that you are delivering robust services to citizens on behalf of NIMC. Your systems must not allow room for manipulation, data-phishing or compromise,” she warned.

She further stressed that the Commission would enforce strict penalties for non-compliant partners, noting that NIMC is both the custodian and enforcer of identity standards in Nigeria.