The Cyber Security Authority (CSA) of Ghana has announced a major enforcement drive against unlicensed cybersecurity service providers, establishments, and professionals, with sanctions set to begin on January 31, 2026.
In a public notice, the CSA stated that all entities and individuals offering cybersecurity services without proper accreditation or licensing will face criminal prosecution and administrative penalties.
The action enforces Section 49(1) of the Cybersecurity Act, 2020 (Act 1038), which prohibits any person or entity from providing cybersecurity services without authorization from the Authority.
Section 49(2) of the Act prescribes penalties for violations, including fines and imprisonment.
The CSA urged institutions, businesses, and individuals to engage only with CSA-licensed Cybersecurity Service Providers (CSPs), accredited Cybersecurity Establishments (CEs), and accredited Cybersecurity Professionals (CPs).
In the coming days, the CSA plans to publish a comprehensive list of all licensed and accredited providers and professionals on its official website.
The public is advised to verify the accreditation status of any cybersecurity provider or professional by checking the certificate number online at https://www.csa.gov.gh/licence.
For further clarification or enquiries, the CSA can be contacted via:
- Email: [email protected]
- Phone: 0531140408
This enforcement drive forms part of Ghana’s broader strategy to strengthen the national cybersecurity framework, protect critical infrastructure, and ensure that all cybersecurity services meet required standards of professionalism and compliance.
