Government has barred Cybersecurity Service Providers (CSPs), Cybersecurity Establishments (CEs), and Cybersecurity Professionals (CPs) without a license or accreditation from operating in the country.
The ban which took effect January 1 2024, follows the December 31, 2023, deadline issued by the Authority to CSPs, CEs, and CPs to obtain a licence or accreditation to operate lawfully in the country.
“The CSA will fully enforce the provisions of the Cybersecurity Act, 2020 (Act 1038) regarding its mandate to regulate CSPs, CPs and CEs. Accordingly, CSPs, CEs and CPs who offer cybersecurity services without a licence or accreditation granted by the Authority, do so in contravention of Act 1038 and will face the full rigors of the Law including criminal prosecutions and administrative penalties where applicable,” the Authority said in a statement on Wednesday.
“Institutions and individuals are consequently advised to engage only licensed CSPs and accredited CEs and CPs,” it added.
Need for extension
Speaking last year at the launch of National Cyber Security Awareness Month (NCSAM) in Accra, Director-General, CSA, Dr. Albert Antwi-Boasiako called for the extension of the deadline to encourage more participation, given the impressive number of applications received.
According to him, the number of applications received surpassed the Authority’s initial estimates when the licencing and accreditation regime began in March. This suggests the likelihood of even more potential applicants, given the interest and requests received by CSA.
“This number will certainly increase, and hence I am already making a case for the board to allow extension of the [deadline] for further engagement. This is the first time we are doing this, and I do believe once we intensify engagements we can achieve even better results,” Dr. Antwi-Boasiako stated.
The numbers so far
As of October 2023, the Authority received 907 licencing and accreditation requests since the process began.
These requests include 134 institutions registering to apply for licences as cybersecurity service providers, 41 seeking accreditation as cybersecurity establishments and 732 applying to be accredited as cybersecurity professionals.
The CSA began the licence and accreditation process on 1 March 2023 as part of its mandate to introduce sanity into the cybersecurity sector, setting 30 September 2023 as the deadline for cybersecurity service providers, cybersecurity establishments and cybersecurity professionals to obtain the necessary licences and accreditations.
This regulatory regime is designed to ensure that licenced and accredited entities are legally empowered to engage in legitimate business, pursuant to Sections 57 and 58 of the Cybersecurity Act, 2020 (Act 1038).
Ghana is one of several countries around the world that participates in the Cybersecurity Awareness Month initiative, along with countries like Canada, South Africa, the United Kingdom, Australia, Germany, France, Japan, Singapore, South Korea, Brazil, Mexico, Spain, Italy, Switzerland, the United Arab Emirates and Saudi Arabia.
