About 1,400 individuals and businesses operating in the country have registered with the Cyber Security Authority (CSA) to seek licences and accreditation since the commencement of the implementation of the cybersecurity regulatory regime in March 2023.
As of February 19, 2024, the CSA had registered 1,137 Cybersecurity Professionals (CPS), 194 Cybersecurity Service Providers (CSPs) and 52 Cybersecurity Establishments (CES), bringing the number to 1,383. While some institutions and individuals have been issued provisional licences pending the issuance of a final licence, many others are at various stages of the licensing and accreditation process.
In furtherance of the December 31, 2023 deadline for all existing CSPS, CEs, and CPs to have obtained a licence or accreditation pursuant to sections 3(a), 4(k), 49, 50, 51, 57 and 59 of the Cybersecurity Act, 2020 (Act 1038), individuals and businesses without licences or accreditation are prohibited from conducting business in Ghana.
The CSA is fully committed to enforcing the provisions of the Cybersecurity Act, 2020 (Act 1038) regarding its mandate to regulate CSPS, CEs and CPs. Thus, CSPs, CEs and CPs who are offering cybersecurity services without a licence or accreditation granted by the Authority, do so in contravention of Act 1038 and will face the full rigours of the law including administrative penalties and criminal prosecutions pursuant to sections 49, 92 and 95 of the Act.
Licensing/Accreditation Clinic
While audit and enforcement mechanisms remain in place, the CSA is also committed to developing the cybersecurity industry to ensure a secured and resilient digital ecosystem pursuant to section 3(d) of the Cybersecurity Act, 2020 (Act 1038).
The CSA has, therefore, established a licencing and accreditation clinic at its premises, on the 3rd floor of the NCA Tower, Airport City, Accra, effective February 8, 2024, to assist all CSPS, CEs, and CPs who qualify but are having difficulties in completing the online application process for a licence or accreditation. Every Thursday from 8 a.m. to 4 p.m. has been earmarked for the process up until the end of the first quarter of 2024.
Collaborations and Compliance
The CSA and the Public Procurement Authority (PPA) are collaborating to ensure that public sector institutions seeking cybersecurity services follow the rules established under Act 1038 with covered entities expected to engage only licensed and accredited CSPS, CEs and CPs.
Additionally, the CSA is liaising with the Judicial Service of Ghana to ensure that the provisions in the Cybersecurity Act, 2020 (Act 1038) are enforced to the letter. This collaboration is to guarantee that CSPS, CEs, and CPs who testify in all matters before the courts are licensed and/or accredited under Act 1038.
All businesses and individuals who seek to engage CSPS, CEs and CPs are further advised to ascertain whether an entity or individual has been granted a licence or accreditation. The certificate number of the entity or individual can be authenticated online at https://www.csa.gov.gh/licence. The Authority may also be contacted via email: compliance@csa.gov.gh or telephone: 0531140408 by all businesses and individuals who wish to do due diligence on individuals and institutions they wish to engage for cybersecurity services.
These actions are aimed to guarantee regulatory compliance with the Cybersecurity Act, 2020 (Act 1038) and to streamline the process of providing services in accordance with approved standards and processes that are consistent with domestic laws and international best practices and more especially, to ensure that the digital space is safe.
Issued by the Cyber Security Authority February 20, 2024
Ref: CSA/COMMS/PR 2024-02-03