The Cyber Security Authority (CSA) has announced an enforcement action targeting unlicensed Cybersecurity Service Providers (CSPs), Cybersecurity Establishments (CEs), and Cybersecurity Professionals (CPs) operating in Ghana. Beginning January 31, 2026, any entity or individual offering cybersecurity services without a valid CSA-issued license or accreditation will face sanctions, including criminal prosecution and administrative penalties.
This move follows earlier directives issued under the Cybersecurity Act, 2020 (Act 1038), which mandates all CSPs, CEs, and CPs to obtain proper authorization from the CSA. According to Section 49(1) of the Act, operating without such credentials constitutes a legal violation, with Section 49(2) outlining the consequences for non-compliance.
“The CSA will fully enforce the provisions of the Cybersecurity Act in line with its statutory mandate,” the Authority stated in a press release issued today. “Institutions and individuals are advised to engage only CSA-licensed and accredited entities and professionals.”
To support transparency and public compliance, the CSA will soon publish a comprehensive list of all licensed and accredited cybersecurity entities and professionals. Verification of license or accreditation status can be done online via www.csa.gov.gh/licence.
For further clarification, the CSA has provided contact details: email [email protected] and telephone 0531140408.
This enforcement is part of efforts to strengthen the cybersecurity ecosystem and ensure that only qualified professionals and organizations operate within the sector.
