The Cyber Security Authority (CSA) has announced that effective January 31, 2026, all Cybersecurity Service Providers (CSPs), Cybersecurity Establishments (CEs), and Cybersecurity Professionals (CPs) operating without a valid licence or accreditation will face sanctions.
The directive follows earlier notices issued by the Authority, which required all cybersecurity service providers, establishments and professionals to regularise their operations by obtaining the appropriate licence or accreditation to operate legally in Ghana.
In a statement, the CSA said it will fully enforce the provisions of the Cybersecurity Act, 2020 (Act 1038) as part of its statutory mandate to regulate cybersecurity activities in the country. The Authority explained that any CSP, CE or CP that offers cybersecurity services without approval from the CSA will be acting in violation of Section 49(1) of the Act.
Such offenders, the Authority warned, will be subjected to the full rigours of the law, including criminal prosecution and administrative penalties, as provided under Section 49(2) of Act 1038.
The CSA has therefore advised institutions, organisations and individuals to ensure they engage only CSA-licensed Cybersecurity Service Providers and CSA-accredited Cybersecurity Establishments and Professionals to avoid exposure to legal and security risks.
As part of efforts to promote transparency and compliance, the Authority announced that it will, in the coming days, publish a comprehensive list of all licensed and accredited CSPs, CEs and CPs, in line with international best practices.
Members of the public are also encouraged to independently verify the licence or accreditation status of any cybersecurity entity or professional by authenticating certificate numbers via the Authority’s official portal at https://www.csa.gov.gh/licence.
For further clarification, the Cyber Security Authority may be contacted through compliance@csa.gov.gh or by telephone on 0531140408.
The CSA reiterated its commitment to strengthening Ghana’s cybersecurity ecosystem and ensuring strict compliance with the law to protect critical information infrastructure and digital services nationwide.