The Ghanaian Government has implemented stringent measures, barring Cybersecurity Service Providers (CSPs), Cybersecurity Establishments (CEs), and Cybersecurity Professionals (CPs) without a valid license or accreditation from operating in the country.
The regulation, effective from January 1, 2024, follows a deadline set on December 31, 2023, for entities in this sector to acquire the necessary licenses or accreditations.
The Cyber Security Authority (CSA) emphasised its commitment to enforcing the provisions outlined in the Cybersecurity Act, 2020 (Act 1038), pertaining to the regulation of CSPs, CPs, and CEs.
Entities operating in the cybersecurity sector without the required license or accreditation now face legal consequences, including criminal prosecutions and administrative penalties, as stated in the Authority’s announcement on Wednesday.
The Director-General of the Cyber Security Authority, Dr. Albert Antwi-Boasiako, highlighted the imperative for institutions and individuals to engage only with licensed CSPs and accredited CEs and CPs.
The CSA underlined its dedication to introducing order into the cybersecurity sector and ensuring the adherence to legal frameworks outlined in Act 1038.
Despite the stringent enforcement, Dr. Antwi-Boasiako, speaking at a National Cyber Security Awareness Month event in Accra last year, called for an extension of the initial deadline. This appeal was based on the impressive response, with the Authority receiving a substantial number of licensing and accreditation requests as of October 2023.
By the numbers, the CSA reported that it received a total of 907 licensing and accreditation requests by October 2023. Among these requests, 134 institutions sought licenses as cybersecurity service providers, 41 applied for accreditation as cybersecurity establishments, and 732 aimed for accreditation as cybersecurity professionals.
The CSA initiated the license and accreditation process on March 1, 2023, aligning with its mandate to instill order in the cybersecurity sector. The initial deadline for entities in this sector to obtain necessary licenses and accreditations was set for September 30, 2023.
This regulatory framework ensures that licensed and accredited entities are legally empowered to engage in legitimate business, aligning with Sections 57 and 58 of the Cybersecurity Act, 2020 (Act 1038).
Ghana’s participation in the global Cybersecurity Awareness Month initiative underscores its commitment to enhancing cybersecurity practices.
The country joins several nations worldwide, including Canada, South Africa, the United Kingdom, and others, in promoting awareness and regulatory measures to safeguard digital ecosystems.