The Cyber Security Authority (CSA) has received more than 1,400 registrations from cybersecurity service providers (CSPs), cybersecurity establishments (CEs), and cybersecurity professionals (CPs) in Ghana seeking to regularise their status to stay in business.
This follows the commencement of the implementation of the cybersecurity regulatory regime in March 2023, which requires CSPs, CEs, and CPs to be properly licenced and accredited to operate lawfully in the country.
Effective January 1, 2024, individuals and institutions operating within the country’s cybersecurity space without a licence or accreditation are prohibited from engaging in business.
“In furtherance of the December 31, 2023 deadline for all existing CSPs, CEs, and CPs to have obtained a licence or accreditation pursuant to sections 3(a), 4(k), 49, 50, 51, 57, and 59 of the Cybersecurity Act, 2020 (Act 1038), individuals and businesses without licences or accreditation are prohibited from conducting business in Ghana,” a statement issued by the CSA said.
It added that while some institutions and individuals have been issued provisional licences pending the issuance of a final licence, many others are at various stages of the licencing and accreditation process.
According to the statement, the CSA was fully committed to enforcing the provisions of the Cybersecurity Act regarding its mandate to regulate CSPs, CEs, and CPs, adding that businesses and individuals who are providing cybersecurity services without a licence or accreditation granted by the Authority, if caught, would face criminal prosecution.
Licencing/Accreditation Clinic
Meanwhile, the CSA has established a licencing and accreditation clinic on its premises, on the 3rd floor of the NCA Tower, Airport City, Accra, effective February 8, 2024, to assist all CSPs, CEs, and CPs who qualify but are having difficulties completing the online application process for a licence or accreditation.
The statement noted that every Thursday from 8 a.m. to 4 p.m. had been earmarked for the process up until the end of the first quarter of this year.
On collaboration and compliance, the CSA and the Public Procurement Authority (PPA) are collaborating to ensure that public sector institutions seeking cybersecurity services follow the rules established under Act 1038, with covered entities expected to engage only licenced and accredited CSPs, CEs, and CPs.
“Additionally, the CSA is liaising with the Judicial Service of Ghana to ensure that the provisions in the Cybersecurity Act are enforced to the letter. This collaboration is to guarantee that CSPs, CEs, and CPs who testify in all matters before the courts are licenced and/or accredited under Act 1038,” it indicated.
According to the statement, all businesses and individuals who seek to engage CSPs, CEs, and CPs are further advised to ascertain whether an entity or individual has been granted a licence or accreditation.
These actions are aimed at guaranteeing regulatory compliance with the Cybersecurity Act, streamlining the process of providing services in accordance with approved standards and processes that are consistent with domestic laws and international best practices, and, more especially, ensuring that the digital space is safe.