The Cybersecurity Authority (CSA) has directed all Cybersecurity Service Providers (CSPs), Cybersecurity Establishments (CEs), and Cybersecurity Professionals (CPs) to take immediate steps to legalise their operations or be prepared to face the law.

In a statement issued yesterday, the CSA stressed that effective January 31, this year, any person or entity operating without a valid licence or accreditation would be sanctioned.

The latest action follows earlier directives issued by the CSA, which required all CSPs, CEs and CPs to obtain the appropriate licence or accreditation to operate lawfully in the country.

“Any CSP, CE or CP that offers cybersecurity services without a licence or accreditation granted by the CSA acts in contravention of Section 49(1) of Act 1038 and will face the full rigours of the law, including criminal prosecution and administrative penalties, as provided under Section 49(2) of the Act,” the statement stressed.

It added that the CSA would fully enforce the provisions of the Cybersecurity Act, 2020 (Act 1038) in line with its statutory mandate to regulate cybersecurity service providers, professionals and establishments.

“In line with this directive, institutions and individuals are advised to engage only CSA licensed CSPs and CSA-accredited CEs and CPs,” the CSA added.

The CSA also said it would, in the coming days, publish a comprehensive list of all licensed and accredited CSPs, CEs, and CPs in accordance with best practice.

“Members of the public may verify the licence or accreditation status of any entity or individual by authenticating the certificate number online at  https://www.csa.gov.gh/licence,” the statement added.

Background

The CSA was established by the Cybersecurity Act, 2020 (Act 1038), to regulate, manage, and promote cybersecurity, evolving from the earlier National Cyber Security Secretariat (NCSS) and Centre (NCSC).

Its core functions include regulating critical infrastructure, licensing providers, preventing and responding to threats, developing standards, and fostering public awareness to secure Ghana's digital ecosystem and support its digitalisation agenda.