CSA to enforce strict licensing of cybersecurity providers from January 31

The Cyber Security Authority (CSA) has announced that it will begin the strict enforcement of licensing and accreditation requirements for all cybersecurity service providers, establishments and professionals operating in Ghana, effective January 31, 2026.

The Authority warned that entities found operating without valid authorisation will face sanctions, including criminal prosecution and administrative penalties.

In a press release dated January 23, the CSA said the move was in line with the Cybersecurity Act, 2020 (Act 1038), which mandates the regulation of cybersecurity services in the country.

Under Section 49(1) of the Act, it is unlawful for any person or entity to offer cybersecurity services without an appropriate licence or accreditation issued by the Authority.

The CSA urged public and private institutions, as well as the general public, to engage only cybersecurity service providers and professionals that are duly licensed and accredited.

It announced that a comprehensive list of authorised entities would be published in the coming days, adding that members of the public could also verify the status of service providers online through the CSA website.

The Authority further provided contact details for organisations and individuals seeking clarification or guidance on compliance with the new enforcement regime.