Once again, the Ghanaian government is asking mobile telecommunication subscribers to re-register their SIM cards. This is the fourth of such exercise in fifteen years, each plagued by procedural errors, data protection failures, and procurement opacity. What is most troubling about the 2026 exercise is not merely that it is happening again, but that it is happening without any evidence of institutional learning from the three that preceded it. IMANI's analysis identifies a consistent set of technical and operational failures across all previous exercises. For instance, the absence of NIA authentication, scattered databases, poor inter-agency integration, unreliable registration platforms, impossible deadlines, and an insufficient Ghana Card penetration rate at the time of registration. Operationally, registration centres were overwhelmed, and for those who boycotted the process, the government's response was to temporarily deactivate their SIM cards—an illegal sanction that disrupted services to over 9 million subscribers and froze over GH₵200 million in mobile money transactions.

The most recent exercise in 2022 compounded these failures with serious data custody failures: nobody knew where the collected biometric data was hosted, there was no legal assignment for data protection, no verifiable deletion protocol, and no designated authority for independent audit. The NCA conducted the exercise without NIA involvement. Telcos collected data under no custody rules because the Data Protection Commission had no active oversight. Underlying all of this is what experts aptly call ‘katanomics’—a procurement-driven approach to policy where the incentive to initiate a new registration cycle is not technical necessity but the political economy of procurement. Each cycle generates contracting opportunities, and those opportunities generate political support. There is therefore no internal incentive to fix what went wrong as the failure of one exercise becomes the justification for the next. Until that procurement-first mindset is structurally disrupted, the 2026 exercise risks repeating the same trajectory.

Specific technical failures ignored

One of the most telling details of the 2022 failure concerns the incompatibility of biometric scanning equipment. Reports indicate that telcos deployed contactless biometric devices for the exercise while the NIA's database operates on contact scanners. This fundamental technical mismatch meant that even where biometrics were collected, they could not be authenticated against the NIA’s records. This was a procurement failure that rendered an entire data collection exercise unusable from the outset. It was not a minor administrative oversight. It is evidence that the procurement process operated independently of the technical requirements of the system it was meant to serve. The NCA's Director-General has since confirmed that a sample audit of approximately 2.3 million records found zero successful biometric matches against the NIA database, even as 81% matched through facial verification. The exercise produced facial data that may be usable and biometric data that is not, resulting in a bifurcated outcome that demands a targeted response, not a blanket restart.

A final registration?

Communications Minister Hon. Sam George has framed the 2026 exercise as a ‘final’ registration—a clean-slate effort to close the loopholes left by previous rounds. This framing deserves direct scrutiny. In fact, the preconditions for a credible ‘final’ exercise do not yet exist. The legal framework governing data custody, deletion, and inter-agency responsibilities remains incomplete. The procurement process for the 2026 exercise has already been flagged for opacity and sole-sourcing concerns. The Data Protection Commission is not yet confirmed as having active oversight authority. Without these foundations in place, calling the exercise ‘final’ is aspirational rhetoric rather than technical assurance, which rhetorics Ghanaians have encountered before.

There is also a fundamental question of proportionality. Approximately 30 million SIM cards have already been linked to the Ghana Card, and over 21 million biometric records have been collected. The government has acknowledged that roughly 80% of identities have already been cross-referenced against NIA data. This means the unresolved population is approximately 20% of subscribers. It then becomes a verification and validation problem, not a justification for mass re-collection of biometric data from the entire subscriber base.

Substance of interagency coordination

The 2026 framework formally includes the NIA, NCA, Immigration Service, and Ministry of Foreign Affairs. There is now a broader institutional footprint than in previous exercises. This is a welcome structural change. But institutional presence on paper is not the same as functional integration, and the history of this exercise gives grounds for caution. The 2022 exercise nominally involved multiple agencies and still produced a data custody vacuum. The question for 2026 is not whether the right agencies are listed, but whether there are clear, legally binding protocols governing data transfer between them, defined timelines for inter-agency verification, and designated accountability when those protocols are breached. Without answers to those questions, the expanded agency list is a governance box-tick rather than a reform.

Technical contradictions in self-service

The government has promised that the 2026 exercise will eliminate the long queues that characterised previous rounds, partly through self-service portals and digital-first registration mechanisms. President Mahama has also indicated that aspects of the process could be completed via short code (USSD). These are welcome commitments, but they carry a significant technical contradiction. Cybersecurity experts have flagged that USSD cannot technically satisfy biometric verification requirements. If NIA authentication which is the cornerstone of the entire framework requires biometric matching, then a USSD-based registration pathway is either bypassing that requirement or not doing what the government says it is doing. The government owes Ghanaians a clear technical explanation of how remote registration channels will meet NIA biometric standards, not just an assurance of convenience.

IMANI’s proposed architecture and safeguards

The logical and cost-effective path is not mass re-registration. It is a targeted verification and validation exercise—one that accounts for the 2022 biometric data, cleans and audits what is usable, and directs re-collection only at the 20% of subscribers whose identities remain unverified. This approach preserves existing investment, reduces cost to subscribers and the state, and eliminates the procurement rent-seeking that a full re-registration exercise enables.

The architecture for any new exercise should follow a 'verify and forget' model; telcos collect user identifiers, the NCA verifies against the NIA, the NIA returns a binary yes/no verdict, and the telcos activate or suspend the SIM accordingly. Biometric data is never transferred to telcos or vendors. Audit logs are maintained for all access. NIA retains exclusive custody of all biometric records. This model is privacy-preserving, technically sound, and substantially less expensive than mass re-collection. Seven safeguards must also be embedded in the legislative and operational framework: exclusive NIA custody of biometric data; verification-only data returns; minimised data collection; prohibition on cross-database matching to prevent the creation of a surveillance infrastructure; tamper-evident access logs; user access and control over stored information; and a verifiable right to confirm deletion of old biometric data.

Critically, a new Legislative Instrument is currently under review. Whether this L.I embeds the 'verify and forget' model, or whether it leaves the door open for data transfer to telcos and vendors will determine whether the 2026 exercise represents genuine reform or another iteration of the same cycle. The public is entitled to see the draft provisions of the L.I and to engage them before the exercise proceeds.

Conclusion

Fifteen years and three failed exercises have produced one consistent lesson, that when procurement drives policy, the system optimises for contracts rather than outcomes. The 2026 re-registration exercise, as currently framed, shows insufficient evidence that this logic has changed. The mass re-registration exercise must be halted. The 2022 biometric data must be fully accounted for, and all procurement records made public. Thereafter, the exercise must be redesigned around the verify-and-forget architecture, governed by a transparent procurement process, embedded within a robust legal framework, and subject to active DPC oversight. Inter-agency coordination must be demonstrated and not just declared.

Ghana has exhausted its tolerance for recurrent SIM registration failures underscored by 'katanomics.' Over 21 million biometrics were collected but never authenticated. Therefore, there is no technical basis for another mass registration exercise. But very technical, legal, and fiscal bases exist for a targeted, accountable verification exercise conducted transparently and at a fraction of the cost. That is what the government should be doing.

This Alert was prepared by the research team at IMANI's Centre for Science, Technology and Innovation Policy. It was submitted to Cabinet when IMANI was consulted on the idea of SIM cards re-registration.