When President Bola Ahmed Tinubu launched the NINAuth platform on October 30, 2025, he described identity as “the backbone of governance, national security, and service delivery.” As Head of Software and Biometrics at the National Identity Management Commission, I have had the privilege of working with our technical team on the systems underpinning Nigeria’s digital identity infrastructure. Achieving this vision required making fundamental choices about how technology serves citizens rather than surveilling them. Today, with 126.7 million Nigerians enrolled in the National Identity Management System and NINAuth processing 1.3 million verification requests daily, Nigeria operates Africa’s most extensive digital identity infrastructure. The system is built on a foundation in which citizens control their own data through consent-based verification and tokenisation.
The Architecture of Consent. The technical foundation of NINAuth rests on a principle that should be obvious but is rarely implemented: citizens, not institutions, should control access to their personal data. Traditional identity verification systems operated as black boxes. You provided your identification number to a bank or telecommunications company, they verified it against a database, and you had no visibility into who accessed your information, when, or for what purpose.
NINAuth reverses this model by integrating technical components that work in concert. The authentication layer requires explicit user consent for every verification request. When a bank wants to verify your identity, you receive a notification through the NINAuth mobile application showing exactly what data they are requesting and why. You make an active decision to approve or deny that request, creating a transparent audit trail accessible to every citizen.
The tokenisation engine generates temporary virtual identification numbers for each approved verification request. Your actual 11-digit National Identification Number never leaves our secure infrastructure. This means that even if an organisation’s database is compromised, the information it contains is temporary and of limited value to identity thieves.
The verification engine connects in real time to our Automated Biometric Identification System, which stores biometric data for over 122 million Nigerians. This infrastructure, recently upgraded through our partnership with IDEMIA, performs fingerprint matching, facial recognition, and demographic verification with the capacity to handle one million daily searches.
Privacy by design
Many countries have implemented digital identity systems and later added privacy protections, often after public backlash or court interventions. India’s Aadhaar system, for example, introduced consent mechanisms only after Supreme Court rulings raised privacy concerns. Pakistan’s NADRA faced criticism about data access controls. Kenya’s Huduma Namba encountered constitutional challenges that delayed implementation.
Nigeria’s approach has been to embed privacy protections from the design phase. The tokenisation architecture means citizens’ actual NINs are not proliferating across commercial databases. The consent mechanism gives citizens visibility and control. The separation of biometric and demographic data limits what can be reconstructed if any single database is compromised. These are not theoretical protections added to satisfy regulatory requirements. They are foundational to how the system operates at the software architecture level.
From infrastructure to impact
Technical infrastructure must ultimately be judged by its practical impact on citizens’ lives. For financial inclusion, NINAuth enables remote customer verification, reducing banks’ onboarding costs. A woman in Maiduguri or a trader in Aba can now open a bank account through mobile verification without travelling to a physical branch. This is particularly relevant for the approximately 60 million adult Nigerians who currently lack access to formal financial services. For government service delivery, digital identity verification helps ensure that agricultural subsidies reach actual farmers, student loans go to verified students, and social support programmes serve genuine beneficiaries.
The upcoming General Multipurpose Card will integrate identity verification with payment functionality through the Central Bank’s AfriGo domestic payment scheme, creating a unified platform for citizen services. In telecommunications, integrating all major operators with NINAuth creates a standardised, secure process for SIM registration. With 153 million SIM cards now linked to National Identification Numbers, the platform provides the verification infrastructure supporting Nigeria’s mobile telecommunications sector. The 126.7 million Nigerians enrolled in our system, and the 1.3 million daily verifications processed through NINAuth, represent not just statistics but lives affected by secure, citizen-controlled digital identity. As we work toward 180 million enrollments by December 2026, we remain focused on the principle that guided our technical architecture from inception: technology should empower citizens, not surveil them.
Amurawaiye is head of Software and Biometrics at the National Identity Management Commission (NIMC).
