The Cyber Security Authority (CSA) opened the Draft Cybersecurity (Amendment) Bill, 2025 for public consultation in October 2025, as part of an effort to update and strengthen the Cybersecurity Act, 2020 (Act 1038). The consultation window closed on 24 October 2025. This article summarises what the amendments cover and where the bill stands now.
Table of Contents
- What the Cybersecurity Amendment Bill 2025 aims to do
- Why the 2020 Act needed updating
- Public consultation: what happened
- What it means for Ghanaian businesses and citizens
- Frequently asked questions
- Has the Cybersecurity Amendment Bill 2025 been passed?
- Where can I read the draft bill?
- Can I still submit comments?
What the Cybersecurity Amendment Bill 2025 aims to do
The CSA published the draft with three explicit goals:
- Strengthen national cyber resilience by clarifying obligations on critical information infrastructure operators.
- Improve regulatory frameworks for licensing, accreditation, and enforcement under the CSA.
- Align Ghana’s cybersecurity policy with emerging trends like AI, cloud, and cross-border data flows that Act 1038 (2020) didn’t fully anticipate.
Why the 2020 Act needed updating
Act 1038 was passed before the rapid expansion of mobile money fraud, the rollout of national e-services, and the broader push toward digitisation across MDAs and MMDAs. Cybersecurity professionals working in Ghana have flagged gaps including:
- Limited clarity on incident reporting timelines for non-critical operators.
- Enforcement powers that depend heavily on referral to other agencies.
- No specific framing for AI-enabled threats or for cloud-hosted services run from outside Ghana.
- Ambiguity around personal liability for executives whose organisations suffer breaches.
The amendment bill is the CSA’s attempt to close those gaps without scrapping the original Act.
Public consultation: what happened
The CSA invited individuals, organisations, and industry players to submit comments via the official portal at csa.gov.gh/public_document.php. The window ran from October 2025 and closed on 24 October 2025.
Although the consultation phase has ended, the public version of the draft remains available for reference at the CSA portal, and stakeholders can still raise issues through the Authority’s standard correspondence channels.
What it means for Ghanaian businesses and citizens
- For businesses: expect tighter incident-reporting expectations and clearer rules for engaging accredited cybersecurity providers, especially if you operate in finance, telecoms, or any designated critical sector.
- For everyday users: stronger CSA enforcement should, in theory, mean faster takedowns of fraud-linked domains and more accountable handling of breach notifications.
- For tech professionals: licensing and accreditation requirements may shift, especially for cybersecurity service providers and incident-response firms.
Frequently asked questions
Has the Cybersecurity Amendment Bill 2025 been passed?
As of publication, the bill remains at the post-consultation stage. The CSA is consolidating feedback received during October 2025 before the draft moves through Cabinet and Parliament. Final passage and gazetting will be announced through the official Government of Ghana channels.
Where can I read the draft bill?
The draft is published on the CSA’s public documents portal at csa.gov.gh/public_document.php. The CSA’s main site is www.csa.gov.gh.
Can I still submit comments?
The official online consultation period closed on 24 October 2025. Late comments can still be sent to the CSA via standard correspondence, but they are not guaranteed to be incorporated into this round of revisions.
For ongoing coverage of cybersecurity policy and threats in Ghana, see our Cybersecurity Awareness Month 2025 daily guide and Cybersecurity topic archive.
