Ghana’s Cyber Security Authority (CSA) has issued a final warning to players in the cybersecurity industry, announcing that it will begin strict enforcement of licensing and accreditation requirements from 31 January 2026.
In a press release issued on 23 January 2026, the Authority said any cybersecurity service provider, establishment or professional operating without valid authorization after the deadline will face legal sanctions.
The CSA also added that, individuals or firms operating without the required license or accreditation beyond the end of the month will be in direct violation of Section 49(1) of the Cyber Security Act, 2020 (Act 1038).
Under the Act, it is a criminal offence to provide cybersecurity services without approval granted by the Authority.
The Authority also said it will fully enforce the provisions of Act 1038 in line with its statutory mandate to regulate the industry and protect Ghana’s national digital ecosystem from substandard or unauthorized services.
According to the cyber security authority, defaulters will be subjected to the full rigours of the law, including formal legal action through the courts, heavy fines and regulatory sanctions, as provided under Section 49(2) of the Act.
However, the Cyber Security Authority was established under the Cyber Security Act, 2020, to oversee the regulation, licensing and supervision of cybersecurity activities in Ghana. the licensing regime requires cybersecurity professionals and firms to obtain accreditation before offering services, as part of efforts to improve standards, safeguard critical information infrastructure and strengthen national cyber resilience.
The CSA has previously issued multiple notices urging industry players to comply, ahead of the enforcement deadline at the end of January.











