MOUs, Data & Compliance: Nigeria's Advanced Cargo Information System Agreement With Dalil UAE

On September 23rd, 2025, the Federal Ministry of Aviation and Aerospace Development announced the signing of a Memorandum of Understanding (MoU) with DALIL UAE, a globally recognised AI-driven technology company that specializes in the supply of aviation security and Advanced Cargo Information (ACI) solutions.¹

The agreement is positioned as a catalyst for enhancing cargo security, modernising aviation operations, and aligning Nigeria's systems with standards set by the International Civil Aviation Organization (ICAO) and the World Customs Organization (WCO).² The broader political framing suggests an ambition to position Nigeria as a competitive regional logistics hub. Yet the move also introduces complex legal considerations around data governance, sovereignty, compliance, and long-term technology dependence.

For stakeholders, understanding the legal implications of this MoU, especially as it relates to data compliance, is crucial to navigating the intricacies and complexities that will likely emerge when the ACI systems are rolled out nationwide from the third quarter of 2026.³

Legal and Strategic Significance of the Nigeria-UAE Agreement.

Like many MoUs in the public sector, the instrument does not create binding contractual obligations. Instead, it establishes the parties' intention to collaborate and provides a foundational roadmap for subsequent agreements that will create enforceable duties.⁴ and serves as a roadmap for ACI systems implementation.

The phased implementation timeline, which begins with feasibility studies in October 2025 and progresses to a nationwide rollout, allows for iterative compliance assessments, operational integration checks, stakeholder engagement, and the development of supporting regulatory instruments that will govern the system's operation once fully deployed.

The MoU agreement to align with ICAO and WCO standards aims to serve two primary purposes. First, it ensures the interoperability of the ACI system with other international cargo systems. Secondly, it provides a recognized compliance benchmark against which the system's performance can be measured.

In addition, the broader objective of the agreement is to position Nigeria as an attractive hub for regional logistics. Adopting the ACI system will enhance Nigeria's aviation security framework and streamline cargo processing. This level of productivity and efficiency will result in reduced transaction costs and increased economic activity.

These benefits, however, can only be fully realized if there is successful implementation of appropriate legal and regulatory measures.

Cross-Border Data Transfer and National Security Sensitivities

The core of the ACI framework is the collection, analysis, and transmission of cargo-related data. These datasets include manifests, shipper and consignee information, cargo descriptions, routing details, and security intelligence. When transferred across borders, the legal assessment goes beyond privacy and enters the territory of national security. Under the NDPA and the 2025 GAID framework, cross-border transfers are permissible only where adequate safeguards exist. Determining adequacy becomes more nuanced where data includes operational and security-sensitive information traditionally managed by customs, airport security, and national intelligence agencies.

Nigeria has no explicit data localisation requirement in the NDPA, but certain agencies apply de facto localisation for sensitive datasets. An ACI system that processes information on servers in the UAE may therefore raise concerns for regulators, who may seek assurances about hosting arrangements, encryption standards, audit access, and dispute resolution mechanisms.

This tension between cross-border efficiency and domestic security autonomy is one of the most consequential legal issues within the MoU's framework.

Data Privacy Risks and Compliance Concerns Arising from ACI Systems Adoption.

Every unprecedented infrastructure project carries inherent risks, and the deployment of the ACI system is no exception. Flagging these risks will better enable stakeholders to implement mitigatory measures and enhance compliance safeguards:

1. The potential risk of data breaches resulting from cross-border data transfers between the Nigerian and UAE-based systems stands as the most complex legal challenge within the MoU framework. The operation of the ACI system relies on the collection, processing, and transmission of large volumes of data.⁵ These datasets are likely to include cargo manifests, shipper details, consignee information, and other sensitive commercial intelligence.⁶ The possibility of such data breaches is sure to trigger legal and ethical concerns that relate to data sovereignty and jurisdictional compliance.⁷

• The breach of sensitive cargo data further intensifies these concerns. Commercial entities depend on the confidentiality of their shipping information for competitive advantage. A security incident affecting an ACI system could potentially expose sensitive cargo information, which may, in turn, lead to legal liability under data protection laws across multiple jurisdictions and involving various parties.

• Regulatory non-compliance also stands as an immediate risk. Airline and cargo operators stand to suffer operational disruptions, reputational damage, and even financial loss should they fail to strictly adhere to aviation security regulations, customs laws, data protection requirements, as well as international best standards.⁸ This risk becomes even more critical when stakeholders slowly transition to the new requirements while maintaining ongoing operations.

These aforementioned data and privacy concerns associated with the adoption of ACI systems thus necessitate strict compliance with Nigeria's data protection legislation, particularly the Nigeria Data Protection Act (NDPA) 2023 and the General Application and Implementation Directive (GAID) 2025 framework, as issued by the Nigeria Data Protection Commission (NDPC).

Data Compliance Measures for Industry Participants and Corporate Stakeholders.

The following practical data protection and compliance measures should be considered and adopted by stakeholders to effectively address data and compliance risks:

1. Stakeholders should update their internal privacy processes to match ACI's requirements and conduct Data Protection Impact Assessments ahead of system onboarding. Contractual agreements with service providers must clearly define data ownership, processing obligations, security responsibilities, and liability for breaches.⁹

• Establishing robust contractual protections in agreements with logistics partners, online vendors, and service providers will help allocate risks appropriately and ensure that proper recourse mechanisms are in place should issues arise.¹⁰

• Cargo and logistics businesses should establish clear incident response procedures for potential data breaches. Doing so will prove essential in mitigating legal and reputational risks.

• Regulators will need to establish audit trails, transparency protocols, and a clear legal basis for each category of data collected. This includes defining retention periods, cross-border transfer safeguards, and accountability structures for processors and sub-processors.

• Conducting comprehensive data audits and other compliance measures¹¹ prior to ACI system integration will help airline operators identify privacy gaps and provide insights for necessary remedial actions.
• Technology Transfer, IP Rights and Long-Term System Dependence

The shift from MoU to a binding agreement will raise significant contractual questions. Nigeria will need clarity on issues such as source-code access, rights to system modifications, data ownership allocation, encryption governance, and long-term system portability.

If these questions are not resolved early, Nigeria risks becoming dependent on a proprietary foreign system it cannot effectively audit, supervise, or adapt. The absence of IP safeguards is a common weakness in technology deployment arrangements and represents one of the most understated risks in the ACI discussions so far.

The MoU between Nigeria and DALIL UAE for the adoption of Advanced Cargo Information systems establishes a legal framework with significant implications for data protection, regulatory compliance, and Nigeria's integration into global trade networks. The 2026 rollout target presents unique opportunities for corporate stakeholders and industry participants to thoroughly understand data protection frameworks, deepen their relationships with regulatory authorities, enhance their business operations in line with international best practices, and further maximize the benefits that the ACI systems will provide.

Footnotes

1 Ifeoma Okeke-Korieocha, 'Nigeria, DALIL UAE Partner for Advanced Air Cargo Information Systems' Business Day (23 September 2025) https://businessday.ng/aviation/article/nigeria-dalil-uae-partner-for-advanced-air-cargo-information-systems/.

2 ibid.

3 Samuel Anyanwu, 'FG, UAE Sign Landmark MoU for Advanced Cargo Information Systems' Federal Ministry of Information and National Orientation (23 September 2025) https://fmino.gov.ng/fg-uae-sign-landmark-mou-for-advanced-cargo-information-systems/.

4 Lawpavilion, 'The Legal Status of a Memorandum of Understanding' (20 July 2022) https://lawpavilion.com/blog/the-legal-status-of-a-memorandum-of-understanding/.

5 Igor Jakomin, Ph. D., 'What is Advance Cargo Information (ACI) and how does it benefit companies and customs agencies?' CargoX (6 December 2021) https://cargox.io/content-hub/what-advance-cargo-information-aci-and-how-does-it-benefit-companies-and-customs-agencies.

6 ibid.

7 CoreSite, 'Understanding Data Sovereignty' https://www.coresite.com/blog/understanding-data-sovereignty.

8 World Customs Organization, 'Advance Cargo Information (ACI) Implementation Guidance' (June 2018) https://www.wcoomd.org/-/media/wco/public/global/pdf/topics/facilitation/instruments-and-tools/tools/safe-package/advance-cargo-information-aci-implementation-guidanceen-web.pdf?la=en.

9 International Air Transport Association (IATA), 'IATA Guidance on Compliance with Electronic Advance Cargo Information requirements' https://www.iata.org/contentassets/2c4495c8abb64352acaef69b73d0b783/guidance-on-compliance-with-electronic-aci-requirement.pdf.

10 ibid.

11 Article 7, Nigeria Data Protection Act; General Application and Implementation Directive (GAID) 2025.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.