Infrastructure is Ready for CBN’s Data Localisation Order, OADC CEO Tells Banks and Fintechs

The message from Dr. Ayotunde Coker, chief executive officer of Open Access Data Centre, to Nigeria’s financial institutions and payment operators was direct and unambiguous: the infrastructure argument is over. The only thing left is execution.

The Central Bank of Nigeria, in a circular dated June 15, 2026, directed all financial institutions and payment operators to store and manage payment transaction data generated within Nigeria on local servers, giving the industry until January 1, 2027 to achieve full compliance.

The directive, addressed to deposit money banks, microfinance banks, mobile money operators, switching and processing companies, payment terminal service providers, payment solution service providers, super agents, and other licensed payment operators, has since triggered a wave of institutional anxiety, centred primarily on whether Nigeria’s data centre ecosystem can absorb the compliance load.

Speaking at an interactive session with ICT news editors, Coker pushed back on that anxiety with the precision of someone who has spent a decade building the infrastructure at the centre of the debate.

“There is no capacity problem in the high quality data centres with expansion plans in place,” he said. “I would really advise people to just get on with the process of figuring out what you need to do. Don’t make excuses.”

His point was buttressed by the numbers. Nigeria’s data centre market is currently backed by over $2 billion in anticipated investments by 2027, with OADC alone committed to a $240 million, 24-megawatt hyperscale facility in Lekki.

OADC Lekki Campus

The major players like Equinix, OADC, and Rack Centre, anchor a market estimated at 136.7 megawatts in 2025 and projected to reach 279.4 megawatts by 2030, growing at a compound annual growth rate of over 15 per cent.

For institutions asking whether there is physical space to move into, Coker’s answer was layered.

“What you have is, first of all, the land is there. Typically you build out what’s efficient deployment of capital, and then you have what is actually used and what is immediately available for sale. Data centres have capacity immediately available for sale, as quickly as a client wants to come in.”

He described a three-tier expansion model: capacity immediately available for racking and powering; shell space ready for rapid fit-out; and land with planning approvals in place for new builds, a model he said applied to OADC, Rack Centre, and Digital Realty, among others.

Airtel’s Nxtra 38-megawatt build in Eko Atlantic and Equinix’s ongoing expansion in Lagos further widen the available capacity pool.

On the compliance timeline, the most frequently contested aspect of the directive, Coker offered an assessment closer to a regulated industry veteran than a sympathetic peer.

“If your regulator tells you to do something by January one in six months, you get your head down and you work out what you need to do,” he said. “And then if there are issues or questions, you give very authentic analysis of what it is. You need to present your case.”

For institutions currently relying on offshore cloud infrastructure through global hyperscalers like AWS, Google Cloud, or Microsoft Azure, compliance will mean either migrating workloads to local data centres or negotiating local availability zones with those same providers, neither of which is straightforward or inexpensive. Coker acknowledged the complexity but argued it was manageable.

“Do you lift and shift? Do you need to buy new equipment? Do you have equipment lead time issues? What do you need to do to maintain service? You need to lay it out.”

On the security concerns raised by some fintech operators, specifically fears about data vulnerability in locally hosted environments, Coker was equally direct.

“I think it’s a lot of rubbish talking about issues with security. The data centre security is strong, physical security as you would get elsewhere. The top-end data centres, I can speak for OADC anywhere, physical security protocols are very, very high indeed and meet global standards,” he said.

He drew a clear line, however, between physical infrastructure security, which he said was the data centre’s responsibility, and cybersecurity, which he described as an application-layer issue that falls squarely on the financial institutions themselves.

The CBN has warned that compliance will be closely monitored and that supervisory sanctions will be imposed on defaulting institutions.

Whether that enforcement posture holds through the December 2026 and January 2027 deadlines will be, as Coker and most industry observers acknowledge the real test of the directive’s teeth.

For now, OADC’s CEO has delivered his verdict: the infrastructure exists, the capacity is expanding, and the window is six months.

“In the absence of tangible, validated reasons for delay,” he said, “follow the regulator directive.”

The post Infrastructure is Ready for CBN’s Data Localisation Order, OADC CEO Tells Banks and Fintechs appeared first on Tech | Business | Economy.