Ghana’s Cyber Security Authority (CSA) has announced a nationwide crackdown on unlicensed cybersecurity service providers, professionals and establishments, with enforcement set to begin on January 31, 2026.
In a press release dated January 23, the Authority said all Cybersecurity Service Providers, Cybersecurity Establishments and Cybersecurity Professionals operating without a valid licence or accreditation will be sanctioned in accordance with the law.
The CSA said the action follows earlier directives requiring all entities and individuals offering cybersecurity services in Ghana to obtain the appropriate authorisation to operate legally. It noted that the upcoming enforcement would see the full application of the Cybersecurity Act, 2020 (Act 1038), which mandates the regulation of cybersecurity activities nationwide.
Under Section 49(1) of the Act, offering cybersecurity services without a licence or accreditation constitutes an offence. Offenders, the Authority warned, will face criminal prosecution and administrative penalties as provided under Section 49(2).
The CSA urged institutions, businesses and members of the public to engage only service providers and professionals duly licensed or accredited by the Authority, stressing that compliance is critical to safeguarding Ghana’s digital ecosystem.
As part of the enforcement measures, the Authority said it would soon publish a comprehensive list of all licensed and accredited cybersecurity service providers, establishments and professionals, in line with best practice.
Members of the public can verify the licence or accreditation status of any provider by authenticating certificate numbers on the CSA’s official website or by contacting the Authority directly for further clarification.