Ghana: Cyber Security Authority opened consultation on Draft Cybersecurity (Amendment) Bill including registration requirements

On 1 October 2025, the Cyber Security Authority (CSA) opened a public consultation on the Draft Cybersecurity (Amendment) Bill, until 14 November 2025. The Bill revises the provisions on critical information infrastructure. The Minister, on the advice of the Cyber Security Authority (CSA), may designate computer systems or networks as critical if they are essential to national security, public safety, economic and social well-being, or public health. The Minister must publish the designation and consider factors such as security, law enforcement, communications, finance, utilities, transportation, government functions, digital services, supply chains, and international business. Owners of designated infrastructure are required to register with the CSA, pay fees, nominate a point of contact, provide verified information, and update the Authority on changes in ownership, with non-compliance attracting administrative penalties. The Minister may also withdraw the designation if the criteria are no longer met, and the withdrawal must be published and notified to the owner. Contraventions of certain provisions carry fines between four thousand and twenty-five thousand penalty units. Sectoral Computer Emergency Response Teams are required to report cybersecurity incidents within 24 hours to the National Computer Emergency Response Team, with penalties for non-compliance.