The Nigerian Bar Association (NBA) has issued a clarification on the security and privacy architecture of its Digital Seal platform, assuring members that robust safeguards are in place to protect accounts, preserve client confidentiality, and enable document verification without exposing sensitive contents.
The clarification comes amid growing online concerns about the safety of the system and how member and client data are handled.
According to the NBA, access to the platform is strictly tied to each lawyer’s personal record and requires authentication through SCN/EXM, registered email, and password. Account activation and password recovery are secured with email-based One-Time Password (OTP) verification, ensuring that only verified members can access or restore their accounts. Passwords are stored as one-way cryptographic hashes, making them inaccessible even to administrators, while users are prompted to change their passwords after login.
The association emphasized that the Digital Seal platform is not a document repository. Uploaded PDF documents are processed solely for seal application and immediately returned to the member for download. The system does not store or archive legal documents, client files, pleadings, personal data, document pages, or extracted text.
However, for verification purposes, the platform retains limited sealing metadata, including document hash (a cryptographic fingerprint), seal serial number, seal count, timestamp, and member identifier. The NBA explained that the document hash is a mathematical signature that cannot reveal document contents.
On accountability and transaction safety, all activities on the platform are linked to authenticated sessions and timestamped audit records. Seal purchases are credited only after payment confirmation to prevent billing errors or false credits.
The NBA further disclosed that the system incorporates established security safeguards such as secure session management, request validation, anti-tampering controls, token protection against unauthorized actions, and verified payment processing.
The platform, according to the association, complies with the Nigeria Data Protection Act (NDPA) 2023, applying key principles including data minimization, purpose limitation, and security safeguards through controlled access, secure authentication, and OTP verification. Because documents themselves are not stored, confidentiality risks are significantly reduced.
Reaffirming its commitment to professional confidentiality, the NBA noted that the system verifies documents without possessing them, meaning administrators cannot access document contents and client confidentiality remains solely with the legal practitioner.
The NBA Digital Seal platform, the association concluded, operates strictly as a verification and sealing service rather than a file storage system, designed to support modern legal practice while preserving privacy, security, and confidentiality obligations. Members were encouraged to explore the platform and familiarize themselves with its security features.