The Cyber Security Authority (CSA) has announced an extension of the deadline for licensing and accrediting cybersecurity service providers (CSPs), cybersecurity professionals (CPs), and cybersecurity establishments (CEs) to comply with the Cybersecurity Act 2020 (Act 1038).
The original deadline of September 30, 2023, has been pushed back to December 31, 2023, to allow for industry players who have not yet started the process to do so.
In a statement, the CSA explained that the extension is a part of its collaborative approach to regulating the industry and creating an enabling and vibrant ecosystem for industry development.
The CSA urges applicants who have already registered on the licensing and accreditation portal but have not yet submitted their completed applications to take advantage of the extended timeline and submit their applications before the new deadline.
Ghana is the first country in Africa and the second in the world after Singapore to trigger a regulatory framework to license the cybersecurity sector.
The purpose is to provide a streamlined mechanism for ensuring that CSPs, CEs, and CPs offer their services in accordance with approved standards and procedures in line with domestic requirements and international best practices.
That will also provide greater assurance of cybersecurity and safety to consumers while addressing national security concerns.
Sensitisation
Ahead of the implementation, the CSA held a series of sensitisation activities including organising public consultation sessions to solicit input from key stakeholders, including academia, industry, civil society and the government, on the regime.
Also, the regulatory body is collaborating with other stakeholders to ensure compliance.
For instance, at a recent joint press conference between the CSA and the Public Procurement Authority (PPA), the two institutions joined forces to ensure that entities procuring cybersecurity services did so in accordance with the guidelines developed pursuant to Act 1038.
The regulation also applies to covered entities to engage cybersecurity service providers, cybersecurity establishments, and cybersecurity professionals who are licensed by the CSA in performing cybersecurity-related functions.
The regulatory framework is in tune with Section 2 of the Public Procurement Act to guarantee that public procurement is done in a fair, transparent and non-discriminatory manner as required by law.