The Cyber Security Authority (CSA) has cautioned Cybersecurity Service Providers (CSPs), Cybersecurity Establishments (CEs), and Cybersecurity Professionals (CPs) who provide cybersecurity services without a license or perform cybersecurity-related professional functions without accreditation by the Authority.

According to the Authority, providing such services without the requisite license or accreditation is in contravention of the Cybersecurity Act, Sections 49 and 57 of Act 1038, 2020, and has commenced processes to sanction defaulters.

Delivering the welcome address on behalf of CSA’s Director-General, Dr. Albert Antwi-Boasiako – in a speech read on his behalf at the presentation of licenses and accreditation to professionals and entities in Accra – reiterated the Authority’s commitment to regulating and sanitising the industry.

“In accordance with the CSA mandate in Sections 3, 4(k), 49, 57, and 59 of the Cybersecurity Act, 2020 (Act 1038), CSA has a duty to regulate cybersecurity activities within the country; which includes licencing cybersecurity service providers (CSPs), and accrediting cybersecurity establishments (CEs) and cybersecurity professionals (CPs).

“I want to take this opportunity to once again caution all CSPs, CEs, and CPs that are providing cybersecurity services without a license or performing cybersecurity-related professional functions without accreditation granted by the Authority.

“The Authority is committed to ensuring that all defaulting institutions and individuals face the appropriate sanctions, including administrative penalties and criminal prosecutions where applicable. Further, take note that enforcement processes against non-compliant registrants and applicants have commenced and all defaulters will face the full rigours of the law,” he warned.

18 CSPs, 7 CEs, and 69 CPs get licenses and accreditation

During the presentation ceremony in Accra on Thursday, September 12, 2024, the Authority issued licenses and accreditations to 18 cybersecurity service providers; 7 cybersecurity establishments; and 69 cybersecurity professionals which have successfully completed the application process and met requirements to operate in the country.

The exercise, according to him, is a landmark achievement that underscores the nation’s unwavering commitment to digital security and resilience.

“I once again extend my congratulations to all licensees and accredited establishments and professionals. This achievement signifies a pivotal moment for CSA and the industry, as it reaffirms CSA’s dedication to building a digitally resilient Ghana and a testament to the commitment of CSPs, CEs, and CPs as key stakeholders in Ghana’s cybersecurity development.

“Let us continue working together through collaboration, vigilance, and innovation, to ensure Ghana continues being a hub of cybersecurity excellence in Africa,” he urged.

He further reiterated that the issuance of licenses and certificates of accreditation bestows on recipients a responsibility to maintain standards and professionalism in dispensing the respective services they have been licensed and accredited to provide.

“Licensees must observe utmost good faith toward clients while complying with Act 1038 and all applicable laws, including confidentiality and data protection obligations.”

The Cyber Security Authority officially commenced the licencing and accreditation process in March 2023, and consequently issued licenses to eight (8) CSPs, and certificates of accreditation to eight (8) CEs and thirty-five (35) CPs in July 2024. The Authority has so far registered 252 CSPs, 65 CEs, and 1,451 CPs.