Cybersecurity Authority Proposes Expanded Powers Under Draft Amendment

0
Cyber Security Authority (CSA)
Cyber Security Authority (CSA)

Ghana’s Cyber Security Authority (CSA) has introduced proposed amendments to the 2020 Act that would significantly broaden its regulatory reach and enforcement capabilities. The draft legislation establishes clearer responsibilities for service providers and professionals while expanding registration requirements and granting new investigatory powers to combat cybercrime.

The proposed changes signal a substantial shift toward stricter enforcement and enhanced accountability in incident handling across critical sectors including banks, telecommunications companies, and essential infrastructure systems. Supporters argue the amendments address gaps exposed by increasing fraudulent activity and platform abuse that have emerged since the original legislation took effect.

Key provisions in the draft include establishing standardized protocols for handling digital evidence, creating a centralized national coordination hub for security incidents, and accelerating mandatory reporting timelines for private companies. The amendments also introduce tiered accreditation systems designed to apply proportionate requirements to different sized organizations, with lighter checks for micro providers compared to enterprise operations.

Draft discussions reveal specific proposals for breach reporting deadlines, uniform incident documentation formats, and minimum data logging standards across banks, internet service providers (ISPs), and critical utilities. The framework would require mandatory staff training for high risk roles and establish clear escalation pathways connecting company Security Operations Centers (SOCs), sector Computer Emergency Response Teams (CERTs), and the national Computer Security Incident Response Team (CSIRT).

However, civil society organizations and legal commentators have raised concerns about balancing expanded authority with adequate oversight mechanisms. Critics are calling for tighter language around data access provisions, clearer definitions of prosecutorial powers within the regulator’s mandate, and refined terminology to prevent undue compliance burdens on small practitioners and nonprofit organizations.

Local editorials emphasize the need for transparent enforcement thresholds, proportionate education budgets matching the expanded regulatory scope, and explicit fundamental rights protections. The debate centers on ensuring precise drafting, mandating judicial oversight for intrusive measures, and maintaining proportionate penalties.

Legal experts suggest several reforms that could strengthen public confidence while maintaining security objectives. Recommendations include separating regulatory functions from law enforcement by keeping standards and audits with the Authority while leaving arrests to police units, requiring judicial warrants for content or device access, and narrowing definitions of terms like “cybersecurity services” and “critical information infrastructure.”

Observers identify three critical factors that will shape the final legislation. First, whether public consultation feedback produces stricter language on regulatory powers and clearer warrant requirements. Second, how the bill addresses potential speech related penalties, with commentators advocating for targeted takedowns and constitutionally sound fines rather than broad restrictions. Third, whether accreditation costs and licensing fees remain accessible to smaller businesses through transitional periods and tiered obligations.

The Cyber Security Authority website provides official updates and contact information for submitting formal comments during the consultation period. Parliament has not yet announced a timeline for debating the amendments.

Send your news stories to [email protected] Follow News Ghana on Google News