Nigeria has one of Africa's most promising commercial drone markets and one of its most frustrating drone permit systems. As of mid-2026, an operator wanting to fly a Remotely Piloted Aircraft System (RPAS) for agricultural spraying in Kaduna, a logistics pilot in Lagos, or a news shoot in Abuja must satisfy two separate regulators: the Nigerian Civil Aviation Authority (NCAA), under the Nigeria Civil Aviation Regulations (Nig.CARs) Part 21, and the Office of the National Security Adviser (ONSA), under a 2023 directive that layered a parallel security-clearance requirement on top of the existing aviation regime.
The result is the kind of dual-window bottleneck that looks reasonable on paper — aviation safety plus national security — and behaves, in practice, like a tax on legitimate operators while doing very little to deter the unauthorised flights both agencies say they are worried about.
How the dual regime works
Nigeria's RPAS framework sits inside Nig.CARs, the rulebook the NCAA issues under the Civil Aviation Act 2022. Part 21 governs the type-certification, registration, and operational approval of RPAS, with operators required to obtain a Remotely Piloted Aircraft System Operator Certificate (RPAS-OC) and aircraft registration before commercial use. This is broadly aligned with how civil aviation authorities globally — the FAA, EASA, the UK CAA — approach drones: a single technical regulator handles airworthiness, pilot competency, and operational risk.
What makes Nigeria unusual is the second door. ONSA's 2023 directive, framed around the security risks of unregulated drones, requires operators to obtain a separate security permit on top of the NCAA's aviation approval. The directive applies broadly — covering imports, possession, and operation — and is enforced in coordination with customs and the security services. Industry associations and operator groups in the agritech and logistics sectors have spent much of 2025 and into 2026 pressing for consolidation or, at minimum, a memorandum of understanding that prevents duplicative documentation and unpredictable timelines.
Why this matters more than it sounds
Drones are not a luxury vertical for Nigeria. The use cases that drove the global commercial RPAS market past an estimated US$30 billion in 2025 — precision agriculture, last-mile medical logistics, infrastructure inspection, surveying, broadcast — map directly onto Nigeria's most pressing development priorities. The country imports more than US$10 billion in food annually; precision-agriculture drones materially improve yields on the kind of medium-sized farms that dominate Nigerian agribusiness. Zipline, which began medical-drone deliveries in Cross River State in 2022, is one of several operators whose growth depends on predictable airspace access.
A dual-permit regime taxes every one of these use cases. Operators report approval timelines that stretch into months, with no statutory clock on the security review. Smaller operators — exactly the ones a developing drone economy needs — bear the heaviest cost: paperwork, legal fees, and the opportunity cost of capital tied up in idle aircraft. Larger foreign operators can absorb this; Nigerian startups often cannot.
The security argument, examined
ONSA's underlying concern is real. Drones have been used for smuggling, surveillance of sensitive sites, and — in the Sahel — for armed attacks. Nigeria's security environment, particularly in the north-east and parts of the north-west, justifies a thicker regulatory posture than, say, the UK's.
But the question is not whether to regulate drones for security purposes; it is whether a parallel permit administered separately from the aviation regulator is the right tool. The actors ONSA is worried about — armed groups, smugglers, hostile-state operators — are precisely the actors least likely to apply for a permit at all. The dual regime's binding constraint falls almost entirely on compliant commercial operators, whose flight plans, aircraft serial numbers, and pilot identities are already known to the NCAA.
A better-designed framework would route security review through the aviation regulator, not around it. The NCAA already collects operator and aircraft data at registration; ONSA's legitimate interest could be served by an interagency review embedded in the existing RPAS-OC workflow, with statutory timelines and a single point of contact for operators. This is broadly the model the UK CAA uses with the Home Office for sensitive-site flights, and the model EASA uses with national security services under the EU's U-space framework.
What proportionate reform looks like
A pro-innovation fix does not mean ignoring security. It means three concrete things:
- One door, one file: Consolidate RPAS approvals at the NCAA, with ONSA participating as a statutory consultee on a fixed clock. Operators submit once; agencies coordinate behind the wall.
- Risk-tiered approval: Adopt a category-based model — open, specific, certified — comparable to EASA's, so a 2 kg agricultural drone in a rural area does not face the same approval burden as a beyond-visual-line-of-sight (BVLOS) cargo flight near critical infrastructure.
- Published timelines and appeals: Statutory decision windows, a published rejection register, and an administrative appeal route. Without these, regulatory delay becomes a de facto ban.
Nigeria's drone sector is one of the rare areas of its tech economy where regulation, not capital or talent, is the binding constraint. The country has the operators, the use cases, and a competent civil aviation authority. What it lacks is the political decision to consolidate. The longer that decision waits, the more of the African commercial drone market consolidates in Kigali, Nairobi, and Accra — jurisdictions that have made single-window RPAS regulation a deliberate competitive advantage.
Security and innovation are not in tension here. Two doors are.