Ghana is digitalising rapidly. In 2025, 68.6% of Ghana’s population used the internet, while 69.8% owned a mobile phone, according to the 2024 ICT Development Index of the International Telecommunications Union. To support the digital transformation, the government adopted the Digital Economy Policy and Strategy, a program to boost skills through Digital Transformation Centres and an investment fund for Electronic Communications. Ghana is also home to the only “Tier IV” data centre in West Africa. On the international sphere, Ghana collaborates with the World Bank, which approved USD 200 million for the Digital Acceleration Project, and regional partners in the African Continental Free Trade Area and the Economic Community of West African States. 

But what do Ghana’s domestic digital policies stand for? Our DPA Digital Digest provides a succinct overview of the latest policy and enforcement developments in major policy areas and Ghana-specific points of emphasis.

• Data governance: Ghana implemented the Data Protection Act and the Cybersecurity Act, establishing comprehensive frameworks for personal data protection, critical infrastructure security, and cybercrime prevention.

• Content moderation: Ghana regulated online content through provisions in the Cybersecurity Act and recently adopted the National Child Online Protection Framework.

• Competition policy: Ghana addressed digital market competition through the Protection Against Unfair Competition Act and the Electronic Transactions Act.

• Artificial Intelligence: Ghana launched its National AI Strategy while actively participating in international AI governance initiatives, including the African Union’s Continental AI Strategy.

• Ghana’s points of emphasis include the taxation of the digital economy and the regulation of digital payments and assets. 

Jump directly to the section that interests you most:

Discover the details of Ghana's regulatory approach on our dedicated country page.

Remain up-to-date on new and upcoming developments with our free notification service. 

Written by Maria Buza and Sherif Taha. Edited by Tommaso Giardini.

Ghana’s primary data protection framework is the 2012 Data Protection Act. The Act establishes obligations for data controllers and processors to ensure accuracy, accountability, and data minimisation. The Act grants individuals the right to access, correct, delete their data, and to object to processing for direct marketing. Individuals can also restrict the processing of sensitive information, including data on children, health, political opinions, or criminal behaviour. Additionally, data controllers are required to register with the Data Protection Commission.

Ghana’s 2020 Cybersecurity Act establishes measures for critical information infrastructure protection, cybercrime prevention, and incident response. It requires providers to implement security measures, report incidents, undergo periodic compliance audits, and register with the Cyber Security Authority (CSA). The Act also establishes licensing requirements for cybersecurity service providers. 

Subsequently, several policies addressed critical infrastructure protection:

• In October 2024, the CSA adopted the National Cybersecurity Policy establishing legal, technical, organisational, and capacity-building measures to enhance cybersecurity. 

• In October 2021, the CSA adopted a Directive, which requires 24-hour incident reporting and 72-hour vulnerability disclosure of incidents for designated critical infrastructure entities. 

• In September 2021, the Ministry of Communications and Digitalisation issued a notice designating providers of information and communication technology, banking, energy, and health services as critical information infrastructure. 

On the international level, Ghana participates in various initiatives related to data governance.

• In June 2023, Ghana signed the Council of Europe's Second Additional Protocol to the Convention on Cybercrime (Budapest Convention). 

• In February 2022, Ghana adopted the African Union Data Policy Framework, which includes provisions on data protection, cybersecurity, and cross-border data transfers.

• In May 2019, Ghana ratified the African Union Convention on Cyber Security and Personal Data Protection, which covers data subject rights and cybersecurity, among others.

Ghana does not currently require data localisation. However, In June 2024, the Minister for Communications and Digitalisation announced plans to localise government data. The policy aims to enhance sovereignty, reduce costs, and attract global providers to establish local data centres.

The Data Protection Act does not establish explicit conditions for lawful cross-border data transfers but addresses transfers in several provisions. When a data controller outsources processing to a processor not domiciled in Ghana, the controller is responsible for ensuring that the processor complies with Ghanaian legal requirements. Additionally, data controllers must disclose transfer destinations during registration and obtain data subjects’ consent.

Two authorities oversee data governance in Ghana. The Data Protection Commission, established under the Data Protection Act, oversees data protection rules. Its responsibilities include registering data controllers and processors, issuing compliance notices, and imposing penalties for violations. The CSA, created under the 2020 Cybersecurity Act, oversees cybersecurity and enforces related regulations, in coordination with sectoral computer emergency response teams.

Currently, no public or official sources regarding enforcement actions or guidelines related to Ghana’s data governance framework are available.

Ghana’s content moderation framework is primarily based on the 2020 Cybersecurity Act. The Act prohibits the distribution of content depicting children in sexually explicit or suggestive conduct, among others. Furthermore, the Act criminalises the non-consensual sharing of intimate images with the intent to cause serious emotional distress. Service providers, defined as entities that enable communication, process or store data, or deliver services involving data and content, are required to prevent the use of their services for soliciting, promoting, or depicting such content. The Cyber Security Authority (CSA) has the authority to order service providers to block, filter, or remove illegal content, including materials that threaten national security, public safety, or children's protection, as well as content that violates individual rights or health. Penalties for continued non-compliance include fines and prison. 

In October 2024, the CSA issued the National Child Online Protection Framework outlining plans to address the threats children face in the digital space, including cyberbullying, harassment, and online exploitation. In the framework, the CSA announced plans to develop guidelines for notice, take-down, blocking and removal of child abuse materials, as well as reporting procedures. 

In addition, the 2008 Electronic Transactions Act establishes liability protections for intermediaries facilitating the transmission, routing, storage, or access to electronic records, provided they do not initiate, select recipients, or alter content. The Act clarifies that intermediaries are not generally required to monitor electronic records for potential criminal offences and can be held liable for wrongful takedowns. 

At the international level, Ghana participates in several content governance initiatives:

• In February 2024, Ghana joined other African governments in adopting the Association of African Election Authorities' Digital and Social Media Guidelines, which establish standards for the responsible use of digital platforms during electoral processes.

• In June 2023, Ghana was among 71 governments that signed the International Statement to Remove Online Child Sexual Abuse Materials, committing to proactive measures against child exploitation online.

• In May 2024, as a member of the African Union, Ghana adopted the African Union Child Online Safety and Empowerment Policy which provides a framework for protecting children online while promoting digital literacy and skills.

Currently, no public or official sources regarding enforcement actions or guidelines related to Ghana’s content moderation framework are available.

To date, Ghana has not adopted specific rules regarding competition in digital markets. In May 2023, the Ministry of Trade and Industry announced the drafting of the Competition and Fair Trade Practices Bill, although the text of the Bill is not currently public. In the meantime, Ghana applies three main frameworks to digital competition:

• The 2000 Protection Against Unfair Competition Act defines unfair commercial practices, including deceptive practices and the disclosure of trade secrets, and establishes a range of remedies, including injunctive relief and damages.

• The 2008 Electronic Communications Act establishes a duty for all licensees, including electronic communication and broadcasting service providers, to avoid anti-competitive practices. The National Communications Authority (NCA) has the authority to designate providers as having Significant Market Power and to require them to implement specific measures to prevent the abuse of market power and promote fair competition.

• The 2008 Electronic Transactions Act establishes fair business practice requirements. It requires suppliers to provide information such as business details, product or service characteristics, pricing, and terms of agreement. It also establishes consumer rights. 

In October 2024, the Ministry of Communications and Digitalisation adopted the Digital Economy Policy to combat anti-competitive practices and outlined plans for an e-commerce regulatory framework. In March 2023, the Ministry of Trade and Industry consulted on the Consumer Protection Policy, which also addresses digital marketplace challenges, including competition in online markets and consumer rights in e-commerce transactions.

As a member of the Economic Community of West African States (ECOWAS), Ghana adopted the regulation specifying notification thresholds for mergers and acquisitions with cross-border implications in January 2024. The regulation builds upon the 2007 Regional Competition Policy Framework and mandates transaction notifications when parties from at least two Member States meet financial thresholds: a combined turnover or balance sheet item exceeding UA 20 million (approx. USD 14.71 million) or at least UA 5 million (approx. USD 3.68 million) per entity for two entities.

In November 2023, the Ministry of Communications and Digitalisation issued an enforcement notice under the Electronic Transactions Act, requiring all e-commerce platforms and digital delivery companies to register by January 2024. The notice was issued to combat e-commerce fraud, regulate unlicensed personnel, and support the Africa Continental Free Trade Agreement (AfCFTA). 

In June 2020, the NCA designated Scancom Ghana (MTN) as a Significant Market Power (SMP) in the telecommunications sector, requiring the implementation of corrective measures to promote market competition. The measures included a 30% asymmetrical interconnect rate for smaller operators, price ceilings on services, regulatory approval for pricing, uniform on-net and off-net pricing, and safeguards against exclusionary practices and market information misuse against non-SMP operators.

Ghana has not yet adopted laws or regulations specifically governing the development and use of Artificial Intelligence (AI). 

In September 2024, the Ministry of Communications and Digitalisation launched the Ethical AI Readiness Assessment Measurement to evaluate Ghana’s preparedness for implementing ethical AI systems, identify regulatory gaps and assess data protection, transparency, and fairness in AI governance. Previously, in October 2023, the Ministry of Communications and Digitalisation released the National AI Strategy. The strategy focuses on eight pillars, including AI education, workforce development, digital infrastructure, data governance, ecosystem coordination, sector-wide adoption, applied research, and public-sector AI use. It also addresses risks such as bias, privacy, and job displacement and recommends the creation of a Responsible AI Office.

In May 2020, the Ministry of Finance adopted the Digital Financial Services Policy, setting AI governance standards, interoperability requirements, and a framework for government-industry collaboration. 

At the international level, Ghana has endorsed numerous initiatives on AI governance:

• In February 2025, Ghana joined members of the African Union, the European Union, the G20, the G7, and the United Nations in adopting the Statement on Inclusive and Sustainable AI at the Paris AI Action Summit. 

• In January 2024, Ghana joined the Digital Cooperation Organization Generative AI Initiative, which aims to promote responsible development and use of generative AI technologies through international collaboration and knowledge sharing.

• The African Union, of which Ghana is a member, adopted the Continental AI Strategy, the AI for Sustainable Youth Development framework, and the cooperation on AI research and development with China.

There are currently no public, official sources on enforcement action or guidelines related to Ghana's artificial intelligence framework.

In December 2022, Ghana amended the Electronic Transfer Levy Act, establishing a 1% levy on electronic transfers between mobile money wallets, bank accounts, and digital platforms. It applies to electronic money issuers, payment service providers, banks, and other financial institutions. Previously, the levy was set at a level of 1.5%. 

In September 2022, Ghana introduced a Value Added Tax (VAT) on digital services, covering social networking, online gaming, cloud services, streaming, digital marketplace operations, online advertising and telecommunications. Non-resident providers must register for VAT if they supply taxable services unless they appoint a local VAT agent. In January 2023, the standard VAT rate increased from 12.5% to 15% and betting and gaming activities were exempted from VAT.

Additionally, Ghana imposes a Communications Service Tax (CST) on electronic communication services, including national fixed and mobile network operators, internet service providers, data operators, broadcasters, and recipients of such services from non-resident entities. The CST applies to charges for using these services and is collected by service providers from consumers. In September 2020, the CST rate was reduced from 9% to 5% as part of economic relief measures.

Ghana has established a regulatory framework for electronic payment systems and is continuing to develop rules for digital assets.

In February 2020, Ghana implemented the Payment Systems and Services Act, setting licensing requirements for payment service providers and electronic money issuers. These entities must obtain a licence from the Bank of Ghana, which assesses factors such as financial stability, technological capacity, anti-money laundering compliance, and consumer protection measures.

In December 2020, to combat financial crime, Ghana implemented the Anti-Money Laundering Act requiring virtual asset providers, payment service providers, and electronic money issuers to implement user identification and customer due diligence measures. The Bank of Ghana further clarified these obligations in the December 2022 guidelines for anti-money laundering and combating terrorism financing. 

In August 2024, the Bank of Ghana consulted on draft guidelines for digital assets, proposing regulatory measures to address risks such as money laundering, fraud, and cybersecurity. These guidelines, aligned with international best practices, require digital assets providers to implement risk management strategies and ensure consumer protection. The Bank is also exploring blockchain applications in financial services and plans to collaborate with other authorities to manage emerging risks.