As of January 1, 2024, the Cyber Security Authority (CSA) has prohibited cybersecurity service providers, establishments, and professionals lacking licenses from conducting operations in Ghana.
This decisive action follows the December 31, 2023, deadline set by the Authority, urging these entities to acquire proper licenses or accreditations to operate legitimately in the country, with the aim of ensuring a secure cyberspace.
In a statement released on Thursday, the CSA affirmed its commitment to enforcing the stringent provisions outlined in the Cybersecurity Act of 2020 (Act 1038), emphasizing that violators will be subject to criminal prosecution and administrative penalties as stipulated by the law.
To verify whether an entity or individual has obtained a license or accreditation, one can check the certificate number online at https://www.csa.gov.gh/licence. The Authority reiterated its intention to fully enforce the Cybersecurity Act, 2020 (Act 1038), regulating Cybersecurity Service Providers (CSPs), Cybersecurity Establishments (CEs), and Cybersecurity Professionals (CPs).
Entities operating without the required license or accreditation will face legal consequences, including criminal prosecutions and administrative penalties where applicable. The public is advised to engage only with licensed CSPs and accredited CEs and CPs.
The Cybersecurity Act, 2020 (Act 1038), enacted in December 2020, empowers the Authority to regulate cybersecurity activities in Ghana under sections 4(k), 49, 50, 51, 57, and 59.
The regulatory regime will among other things ensure:
- a streamlined mechanism for ensuring that CSPs, CEs and CPs offer their services in accordance with approved standards and procedures in line with domestic requirements and international best practice;
- greater assurance of cybersecurity and safety to consumers;
- an improved and maintained standard that offers baseline protection to Ghana’s digital ecosystem and;
- that national security concerns are addressed.
The CSA is collaborating with the Public Procurement Authority (PPA) to ensure that public sector entities procuring cybersecurity services adhere to guidelines established pursuant to Act 1038.
Since October 2022, the CSA has engaged in over 30 industry discussions with relevant stakeholders, including cybersecurity service providers, establishments, and professionals, to communicate and implement the licensing and accreditation regime specified in the Cybersecurity Act, 2020.
The Authority has established dedicated desks to handle inquiries and provide timely feedback to stakeholders involved in the process.
