Ghana announces regulation of cybersecurity service providers and mandatory audits for critical information infrastructure owners.
In September 2022, the Governing Board of the Cyber Security Authority (CSA) announced that, effective January 1, 2023, every business, firm, or individual that provides cybersecurity services in Ghana will have to be licensed by the Cyber Authority. As part of the Cyber Security Act, that authority will only allow licensed entities to perform these activities and the authority will offer professional accreditation.
CSA is currently developing the framework and modalities for the implementation of Licensing of Cybersecurity Service Providers and Accreditation of Cybersecurity Professionals and Practitioners. The regulator reports that it will inform stakeholders once the process is completed. The effect on foreign suppliers is not fully known at this point.
In addition, the CSA announced that Critical Information Infrastructure (CII) Owners will be subjected to mandatory audit and compliance checks in terms of compliance with the Directive for the Protection of Critical Information Infrastructures which was adopted on October 1, 2021. Thirteen sectors have been identified as CII sectors. They comprise the bulk of the entire Ghanaian economy. They include national security and intelligence, ICT, banking and finance, energy, water, transportation, health, emergency services, government, food and agriculture, manufacturing, mining, and education.
For more information about cybersecurity in Ghana, please contact Victoria Agbai at Commercial Service Ghana at email: firstname.lastname@example.org and telephone: +233(0)30-274-1870. See CS Ghana’s Country Commercial Guide and further market intelligence on Ghana at www.trade.gov/ghana.