The Cyber Security Authority (CSA) has cautioned Cybersecurity Service Providers (CSPs), Cybersecurity Establishments (CEs), and Cybersecurity Professionals (CPs) without a license or accreditation to cease all operations in the country.

The directive follows the CSA’s December 31, 2023, deadline for CSPs, CEs, and CPs to obtain a license or accreditation to operate lawfully in the country or be barred beginning January 1, 2024.

A statement issued by the Authority said it would fully enforce provisions of the Cybersecurity Act, 2020 (Act 1038) regarding its mandate to regulate CSPs, CPs and CEs.

It stated that CSPs, CEs, and CPs who provided cybersecurity services without a license or accreditation given by the Authority were in violation of Act 1038 and would face the full force of the law, including criminal prosecutions and administrative penalties where appropriate.

The statement advised institutions and individuals to engage only licensed CSPs and accredited CEs and CPs.

To ascertain whether an enti
ty or individual has been granted a license or accreditation,

the certificate number of the entity or individual can be authenticated online at https://www.csa.gov.gh/licence. The Authority may also be contacted via email: [email protected] or Telephone: 0531140408.

It said that Ghana had become the first African country and the second in the world, after Singapore, to take such a bold step in developing the cybersecurity industry.

The Cybersecurity Act of 2020 (Act 1038) was enacted in December 2020 to regulate cybersecurity activities and to promote cybersecurity development in Ghana.

The Act mandated the Authority to regulate cybersecurity entities, pursuant to sections 4(k), 49, 50, 51, 57 and 59.

According to the statement, the regulatory framework would streamline the process for ensuring that CSPs, CEs, and CPs provided services in accordance with established standards and procedures that were consistent with national and global best practice.

It would also increase consumer confidence in cyberse
curity and safety; create an upgraded and maintained standard that provides baseline protection to Ghana’s digital ecosystem; and address national security concerns.

The statement said the CSA and the Public Procurement Authority were collaborating to ensure that public sector entities procuring cybersecurity services did so in accordance with the Guidelines developed pursuant to Act 1038.

It said Since October 2022, the CSA had been engaging all relevant stakeholders including cybersecurity service providers, establishments and professionals on the regulatory regime by deploying different communication strategies.

The statement said there had been more than 30 different industry engagements, leading to the introduction and implementation of the licensing and accreditation regime provided in the Cybersecurity Act, 2020.

It said the Authority had set up dedicated desks to receive all enquiries and to provide prompt feedback on the exercise to stakeholders.

The statement said as part of efforts to continuo
usly engage and collaborate with the accredited and licensed cybersecurity professionals and institutions, the CSA was compiling a national register of licensed and accredited Cybersecurity Service Providers, Cybersecurity Establishments and Cybersecurity Professionals pursuant to section 4(t) of Act 1038.

It said the CSA would see to the establishment of the Industry Forum pursuant to section 81 of the Cybersecurity Act 2020 (Act 1038).

Source: Ghana News Agency