The Cyber Security Authority (CSA) has announced a nationwide clampdown on individuals and organisations operating in Ghana’s cybersecurity space without the required licences and accreditation.
Effective January 31, 2026, the Authority says any Cybersecurity Service Provider (CSP), Cybersecurity Establishment (CE) or Cybersecurity Professional (CP) found working outside the law will face sanctions, including administrative penalties and possible criminal prosecution.
The enforcement follows earlier directives issued by the CSA, which require all cybersecurity actors to regularise their operations in line with the Cybersecurity Act, 2020 (Act 1038).
In a statement, the Authority referenced Section 49(1) of the Act, which makes it illegal to provide cybersecurity services in Ghana without approval. Persons or entities that flout the directive, the CSA noted, will be punished under Section 49(2) of the same law.
The Authority has therefore urged public and private institutions, as well as individuals, to transact business only with CSA-licensed service providers and properly accredited professionals.
To promote transparency, the CSA said it will soon publish a comprehensive list of approved cybersecurity firms and practitioners. Members of the public can also verify the status of any provider by checking the certificate number on the Authority’s official website.
For enquiries, the CSA advised stakeholders to contact its compliance unit via email at compliance@csa.gov.gh or through its hotline.
The enforcement action forms part of broader efforts to strengthen Ghana’s cyber safety architecture and ensure that practitioners meet national standards for digital security.
ALSO READ:
