Ghana: The CyberSecurity Act, 2020
The Cybersecurity Act, 2020 is a Ghanaian law enacted to regulate cybersecurity and data protection. The law aims to promote the security of electronic communications and transactions in the country by establishing a Cybersecurity Authority. The Authority is tasked with ensuring compliance with the provisions of the Act and other related cybersecurity regulations.
Under the Cybersecurity Act, 2020, the government must establish a cybersecurity fund to support cybersecurity research, development, and training. The law also establishes several offences related to cybersecurity and cybercrime, including unauthorized access to data, interception of data without authorization, and damage to electronic data. Anyone found guilty of committing an offence under the Act may be fined, imprisoned, or both.
The Cybersecurity Act, 2020 is a significant step in Ghana’s efforts to protect its citizens from cyber threats. The Act will help promote a safe and secure digital environment, support the growth of the country’s digital economy, and protect the privacy and security of individual’s personal information. The law is also expected to promote public-private partnerships in cybersecurity and foster greater collaboration between the government, the private sector, and civil society in tackling cybercrime.
Preliminary Section
1 – Application
Cyber Security Authority
2 – Establishment of the Cyber Security Authority
3 – Objects of the Authority
4 – Functions of the Authority
Governance of the Authority
5 – Governing body of the Authority
6 – Functions of the Board
7 – Tenure of office of members of the Board
8 – Meetings of the Board
9 – Disclosure of interest
10 – Establishment of committees
11 – Allowances
12 – Policy directives
13 – Joint Cybersecurity Committee
14 – Functions of the Joint Cybersecurity Committee
Administrative Provisions
15 – Appointment of Director-General
16 – Functions of the Director-General
17 – Secretary to the Board
18 – Appointment of inspectors
19 – Functions of inspectors
20 – Appointment of other staff
21 – Divisions of the Authority
22 – Internal Audit Unit
Financial Provisions
23 – Funds of the Authority
24 – Bank account of the Authority
25 – Borrowing powers of the Authority
26 – Expenses of the Authority
27 – Accounts and audit
28 – Annual report and other reports
Cybersecurity Fund
29 – Establishment of the Cybersecurity Fund
30 – Object of the Fund
31 – Sources of moneys for the Fund
32 – Bank account for the Fund
33 – Management of the Fund
34 – Disbursement from the Fund
Critical Information Infrastructure
35 – Designation of critical information infrastructure
36 – Registration of critical information infrastructure
37 – Withdrawal of designation of critical information infrastructure
38 – Management and compliance audit of critical information infrastructure
39 – Duty of owner of critical information infrastructure
40 – Access to critical information infrastructure
National and Sectoral Computer Emergency Response Teams
41 – Establishment of the National Computer Emergency Response Team
42 – Functions of the National Computer Emergency Response Team
43 – Responsibility of the Authority relating to response to cybersecurity incident
44 – Sectoral Computer Emergency Response Team
45 – Cybersecurity incident monitoring and response system
46 – Early warning system
Cybersecurity Incident Reporting
47 – Duty to report cybersecurity incident
48 – Cybersecurity incident point of contact
Licensing of Cybersecurity Service Providers
49 – Licensing of cybersecurity service providers
50 – Application for licence
51 – Grant of licence
52 – Non-transferability of licence
53 – Validity and duration of licence
54 – Suspension of licence
55 – Revocation of licence
56 – Review of decision of Authority
Accreditation and Certification
57 – Accreditation of cybersecurity professionals and practitioners
58 – Certification of cybersecurity products and technology solutions
Cybersecurity Standards, Enforcement and Education
59 – Cybersecurity standards and enforcement
60 – Cybersecurity public awareness and education
61 – Research and development programme
Protection of Children Online
62 – Indecent image and photograph of a child
63 – Dealing with child for purposes of sexual abuse
64 – Aiding and abetting of child dealing for purposes of sexual abuse
65 – Cyberstalking of a child
66 – Sexual extortion
Other Online Sexual Offences
67 – Non-consensual sharing of intimate image
68 – Threat to distribute prohibited intimate image or visual recording
Cybersecurity and Investigatory Powers
69 – Application for production order of subscriber information
70 – Issue of production order for subscriber information
71 – Application for interception of traffic data
72 – Issue of interception warrant for traffic data
73 – Application for interception of content data
74 – Issue of interception warrant for content data
75 – Duration and extension of a production order or an interception warrant
76 – Interception capability
77 – Retention of data
Realisation of Property
78 – Freezing of assets
79 – Realisation of property
80 – Utilisation of proceeds of realisable propert
Industry Forum
81 – Establishment of Industry Forum
82 – Industry code
Miscellaneous Provisions
83 – International co-operation
84 – Immunity of members of the Authority
85 – Cybersecurity Risk Register
86 – Request for information
87 – Blocking, filtering and taking down illegal content
88 – Co-operation
89 – Oath of Secrecy
90 – Trial court and procedural powers
91 – Guidelines
92 – Directives
93 – Administrative penalties for contraventions
94 – Unlawful access
95 – General penalty
96 – Regulations
97 – Interpretation
98 – Repeals and savings
99 – Consequential amendments
100 – Transitional provisions
SCHEDULES
