Effective January 1, 2024, Cybersecurity Service Providers (CSPs), Cybersecurity Establishments (CEs), and Cybersecurity Professionals (CPs) without a license or accreditation have been barred from operating in Ghana, the Cyber Security Authority (CSA) has announced.
In a statement sighted by GhanaWeb Business, the CSA explained that the move comes after the December 2023 deadline for CSPs, CEs and CPs to obtain a license or accreditation to operate lawfully.
The Authority further noted that disregard to this directive is in contravention of Act 1038 and defaulters will face the rigours of the law including criminal prosecutions and administrative penalties where applicable.
"The CSA will fully enforce the provisions of the Cybersecurity Act, 2020 (Act 1038) regarding its mandate to regulate CSPs, CPs and CEs. Accordingly, CSPs, CEs and CPs who offer cybersecurity services without a licence or accreditation granted by the Authority, do so in contravention of Act 1038 and will face the full rigors of the Law including criminal prosecutions and administrative penalties where applicable. Institutions and individuals are consequently advised to engage only licensed CSPs and accredited CEs and CPs," part of the statement read.
Background
The Cybersecurity Act, 2020 (Act 1038) came into force in December 2020 to regulate cybersecurity activities and promote the development of cybersecurity in Ghana.
The Act mandates the Authority to regulate cybersecurity entities pursuant to sections 4(k), 49, 50, 51, 57 and 59.
The regulatory regime will among other things ensure; a streamlined mechanism for ensuring that CSPs, CEs and CPs offer their services in accordance with approved standards and procedures in line with domestic requirements and international best practices, greater assurance of cybersecurity and safety to consumers.
It also ensures an improved and maintained standard that offers baseline protection to Ghana’s digital ecosystem.
SA/MA