Effective 31 January 2026, all Cybersecurity Service Providers (CSPs), Cybersecurity Establishments (CEs), and Cybersecurity Professionals (CPs) operating without a valid licence or accreditation will be sanctioned.
This action follows earlier directives issued by the Cyber Security Authority (CSA), which required all CSPs, CEs, and CPs to obtain the appropriate licence or accreditation to operate lawfully in Ghana.
The CSA will fully enforce the provisions of the Cybersecurity Act, 2020 Act 1038, in line with its statutory mandate to regulate cybersecurity service providers, professionals, and establishments.
Accordingly, any CSP, CE, or CP that offers cybersecurity services without a licence or accreditation granted by the Authority acts in contravention of Section 49 1 of Act 1038 and will face the full rigours of the law, including criminal prosecution and administrative penalties, as provided under Section 49 2 of the Act.
In line with this directive, institutions and individuals are advised to engage only CSA-licensed CSPs and CSA-accredited CEs and CPs.
Furthermore, the Cyber Security Authority will, in the coming days and following this cautionary notice, publish a comprehensive list of all licensed and accredited CSPs, CEs, and CPs in accordance with best practice.
Members of the public may verify the licence or accreditation status of any entity or individual by authenticating the certificate number online at: https://www.csa.gov.gh/licence






























