DEV Community

Cover image for Navigating CBN Data Localization: 5 Infrastructure Options for Payment Companies
Esther Nnolum
Esther Nnolum

Posted on

Navigating CBN Data Localization: 5 Infrastructure Options for Payment Companies

Why This Matters

The Central Bank of Nigeria (CBN) requires that financial and payment transaction data be stored and processed locally, within Nigerian borders (more details). For any fintech, payment processor, or bank currently running on a global cloud region, commonly AWS, using EC2 for application servers and RDS for a managed PostgreSQL database, this creates an immediate compliance problem. A standard global cloud region is no longer an option, and a plain local data center doesn't come with a managed database engine out of the box.

That leaves engineering teams with a fundamental choice: adopt a cloud ecosystem that offers managed databases inside Nigeria, or take on the operational burden of running databases by hand. Below are five infrastructure paths, ranked from most to least recommended based on operational efficiency, compliance strength, and financial risk, along with what each one actually means for your application servers and load balancers, not just your database.

A critical point that's easy to overlook: a database can't process requests in isolation. Application servers and load balancers need to sit physically close to the database they talk to. Splitting them across thousands of miles introduces latency that will break a payment application, so every option below has to be evaluated as a whole stack decision, not just a database decision.

Option 1: Huawei Cloud Lagos Region (Global Cloud with Local Managed DB)

Ranking: #1

Huawei Cloud is currently the only global hyperscale provider operating a full-service native cloud region inside Lagos. Onboarding requires manual approval from their regional team (see details), but it solves the core engineering bottleneck: a fully managed RDS-equivalent for PostgreSQL, hosted on Nigerian soil.

How it works: Application logic and PostgreSQL databases migrate to Huawei Cloud's Lagos infrastructure, where automated systems handle backups, point-in-time recovery, and engine patching.

Pros:

  • Eliminates DBA overhead: restores the "managed database" experience most teams are used to from RDS.
  • Proven financial trust: already used at scale by major Nigerian financial institutions, including UBA and OPay (see details).
  • Ultra-low latency: single-digit millisecond latency within Nigeria.

Cons: Requires migrating outside the AWS ecosystem entirely, plus an upfront corporate whitelisting process with Huawei Nigeria.

Impact on application servers and aws resources: Full migration required. EC2 instances and other aws resources need to be re-created as native equivalents in Huawei's Lagos data center; EC2 becomes Huawei's Elastic Cloud Servers (ECS), and the ALB is replaced by Huawei's native Elastic Load Balancer. This is non-negotiable: if application servers stay on AWS in Europe or South Africa, every database query has to cross the ocean and back, turning a 2ms query into 100+ ms of latency and causing payment APIs to time out.

Option 2: Local Nigerian Cloud Providers

Ranking: #2

Enterprise-grade local providers such as Layer3 Cloud or MainOne/MDXI, offer localized cloud virtualization bundled with managed database packages.

How it works: Applications and databases run on virtualized infrastructure owned and operated by a local Nigerian tech firm.

Pros:

  • Managed services: providers handle automated database backups and scaling.
  • Zero currency risk: billing is 100% Naira-denominated, insulating budgets from USD exchange rate volatility.

Cons: Less mature automation tooling, API ecosystems, and DevOps integrations (e.g., Terraform support) compared to global hyperscalers and Uptime percentage.

Impact on application servers and load balancers: Full migration required, for the same latency reasons as Option 1. Application servers and load balancers need to be recreated as equivalent virtual machines and load balancers within the local provider's Lagos data center, so they sit next to the database.

Option 3: AWS Lagos Local Zone (Self-Managed Postgres on EC2)

Ranking: #3

AWS allows extending a virtual network into the Lagos Local Zone (af-south-1-los-1a) (see details). However, Amazon RDS is not available in this zone at all.

How it works: Applications run on EC2 in Lagos, but the team must manually set up an unmanaged EC2 instance, install PostgreSQL, and write custom scripts to manage replication, indexing, and backups.

Pros:

  • Zero cloud migration friction: everything stays inside the existing AWS Console, using current IAM policies, security configurations, and deployment pipelines.

Cons:

  • Severe operational overhead: the development team effectively becomes full-time DBAs, responsible for manually resolving any downtime, corruption, or backup failure.

Impact on application servers and aws resources: They stay on AWS. EC2 instances and the aws resources that works with the application remain inside the AWS ecosystem but must be redeployed from the parent global region into the Lagos Local Zone subnet. The Lagos Local Zone natively supports both EC2 and ALB, so teams can reuse the exact same configurations, target groups, and security groups, just launching them in the Local Zone, next to the self-managed EC2 PostgreSQL database.

Option 4: Hybrid Split Architecture (AWS Cloud + Local Data Center)

Ranking: #4

This architecture splits the environment: application logic stays in the cloud, while financial data is restricted to physical local hardware.

How it works: Application servers run on AWS (global region or Lagos Local Zone), while the PostgreSQL database is hosted inside a secure, physical Nigerian data center, connected via AWS Direct Connect or a secure VPN.

Pros: Lets teams keep using advanced cloud tooling for application-side scaling while satisfying the strict letter of data residency law.

Cons: Introduces dangerous network latency between application compute and data storage, significantly slowing transaction processing.

Impact on application servers and load balancers: This is the only option where EC2 and ALB can theoretically stay exactly where they are today (e.g.eu-north-1), while only the database relocates to Nigeria. It's technically possible, but strongly discouraged for payment applications, the distance between application servers and the local database creates a "chatty application" latency bottleneck that slows down transaction processing.

Option 5: Physical Colocation / On-Premises Data Center

Ranking: #5 (Least Recommended)

This involves renting raw physical rack space in a Tier III/IV facility (e.g., OADC, Rack Centre, Medallion) and purchasing dedicated hardware.

How it works: Physical servers are purchased, shipped to the data center, and configured from the ground up, hypervisors, Linux, application, and PostgreSQL, all installed and managed manually.

Pros: Maximum physical sovereignty and data control, with predictable monthly costs once hardware is paid off.

Cons: High upfront capital expenditure, long hardware shipping and customs clearance timelines, and full manual responsibility for both database management and physical hardware failures (blown drives, failed RAM, etc.).

Impact on application servers and load balancers: Full migration required. EC2 and ALB equivalents must be built on owned physical hardware inside the Lagos data center, using software hypervisors (VMware, Proxmox) to recreate virtual machines, and software load balancers (Nginx, HAProxy, F5 BIG-IP) to replace the ALB.

The Bigger Picture: Two Categories of Options

Options that require a full stack migration (app servers + supporting aws services + database all move):

  • Option 1 (Huawei Cloud)
  • Option 2 (Local Nigerian Cloud)
  • Option 5 (Physical Colocation)

Options that let you keep your AWS tooling and architecture:

  • Option 3 (AWS Lagos Local Zone): but the whole stack, including EC2 and ALB, must relocate into the Local Zone subnet.
  • Option 4 (Hybrid Split): technically the only option where app servers can stay put, but at a real latency cost that makes it risky for payment workloads.

Comparative Decision Matrix

Evaluation Metric Option 1: Huawei Cloud Option 2: Local Cloud Option 3: AWS Local Zone Option 4: Hybrid Split Option 5: Colocation
CBN Compliance 100% 100% 100% 100% 100%
Database Management Fully Managed Fully Managed Self-Managed Self-Managed Self-Managed
Infrastructure Type Public Cloud Private Cloud Public Cloud Hybrid Physical Metal
App Servers & Supporting services Full Migration Full Migration Stay on AWS (redeploy to Local Zone) Can stay as-is (not recommended) Full Migration
Billing Currency USD / Local arrangement Naira USD Mixed Naira
Engineering Effort Medium (migration) Medium (migration) High (DBA duties) High (networking) Critical (hardware + DB)

Questions Worth Asking Before You Decide

Every organization facing this decision should work through a few key questions:

  1. Is staying on AWS worth becoming your own DBA team? Option 3 keeps you inside familiar tooling, but shifts real operational risk, database uptime, backups, patching, onto your engineers.
  2. Are you willing to onboard with a new provider to get managed database services back? Options 1 and 2 restore a "managed" experience, but require stepping outside the AWS ecosystem and going through a new provider's onboarding process.
  3. How much infrastructure actually needs to move? The size of your current EC2 and supporting services footprint will heavily influence migration cost and timeline worth scoping precisely before committing to a path.
  4. Can your application tolerate the latency risk of Option 4? If any part of your team is drawn to the hybrid split for its simplicity, weigh that against the real transaction-speed risk for payment workloads specifically.

Bottom Line

For most payment and fintech companies, the fully managed cloud options (Huawei Cloud or a local Nigerian cloud provider) offer the best balance of compliance, low operational burden, and in the case of local providers currency risk protection. AWS's Lagos Local Zone is a reasonable middle ground for teams deeply invested in AWS tooling who are prepared to take on database administration. Physical colocation and the hybrid split architecture carry the most risk, whether in the form of capital expense and hardware ownership, or in latency that can directly degrade payment transaction performance.

There's no universally "right" answer, the correct choice depends on team size, existing cloud investment, risk tolerance, and how quickly the CBN deadline needs to be met. But mapping out compliance, database management, currency exposure, and infrastructure migration scope side by side, as above, is a solid starting point for any organization working through this decision.

Top comments (0)