By Samuel BOATENG (PhD)
The Cybersecurity (Amendment) Bill, 2025 presents an ambitious framework aimed at strengthening Ghana’s cyber resilience. However, as cybersecurity evolves into a domain where national security, economic growth, and human rights intersect, legislation must balance authority with accountability, and control with innovation.
As a cybersecurity professional, I recognize the intent behind this amendment to empower the Cyber Security Authority (CSA) with stronger oversight, investigative powers, and funding. Yet, several provisions, if left unchecked, risk undermining transparency, stifling innovation, and creating ethical and legal tensions. Let’s unpack some of these critical issues and suggest a more balanced approach.
Overreach in prosecution and enforcement powers
The Bill allows the CSA to “investigate and prosecute cybercrime on the authority of the Attorney-General” and to “exercise the powers of a Police Officer.” This blurs the separation of powers between investigative and judicial roles. In democratic governance, law enforcement, prosecution, and regulation should remain distinct to prevent conflicts of interest.
Concern: Concentrating investigative, regulatory, and prosecutorial powers within one Authority may lead to abuse of discretion and lack of accountability. It transforms a technical regulator into a quasi-policing body, a model inconsistent with good governance and international best practices.
Recommendation: The CSA should focus on technical forensics, incident response coordination, and policy enforcement, while leaving criminal investigations to the Police Cybercrime Unit and prosecutions strictly to the Attorney-General’s Office. A joint Cybercrime Task Force with clear oversight from Parliament would ensure checks and balances.
The 30% cyber hygiene fee, an unethical economic burden
Section 57C (4) proposes that “30percent of the revenue generated by certified cybersecurity professionals or providers under the scheme shall be paid into the Cybersecurity Fund.” This will apply to cybersecurity professionals, practitioners, and service providers authorized to deliver CSA’s newly proposed cyber hygiene certification service, which would serve as an alternative to other internationally recognized security frameworks.
Concern: This directive undermines professional independence and could discourage local innovation. Forcing private professionals and small cybersecurity firms to surrender nearly one-third of their revenue to a government fund, without clear transparency on fund utilization, resembles a hidden tax. It is neither ethical nor sustainable.
Recommendation: Replace the flat 30percent levy with a tiered licensing or annual accreditation fee based on company size or revenue bracket. Furthermore, the CSA should publish annual audits of the Cybersecurity Fund to ensure public accountability. Collaboration, not taxation, should drive cybersecurity growth.
Ambiguity in accreditation and licensing
The Bill mandates that no individual may practice as a cybersecurity professional without CSA accreditation. While professional regulation ensures quality, over-centralized control can exclude competent practitioners, especially in startups and academia.
Concern: The CSA’s sole authority to license practitioners may create a bureaucratic bottleneck, limit diversity in skills, and hinder knowledge exchange with international partners.
Recommendation: Establish an independent Accreditation Board comprising representatives from academia, private industry, and civil society to set and maintain transparent certification standards. Ghana should align its accreditation model with global frameworks like ISO 17024 or NIST NICE standards to maintain international credibility.
Ethical concerns over surveillance and data access
Sections 59D–59I give the CSA wide powers to collect, preserve, and access computer data through production and preservation orders. While necessary for combating cybercrime, the Bill lacks explicit judicial oversight mechanisms to protect citizens’ privacy.
Concern: The absence of strong privacy safeguards could lead to unauthorized data seizures and infringement on digital rights. Cybersecurity should never be used as a cover for surveillance.
Recommendation: Introduce mandatory judicial warrants for data collection and include a “Privacy Oversight Committee” under Parliament to review data requests quarterly. This protects both national security and individual liberty.
Positives worth retaining
Not all aspects of the Bill are problematic. Provisions on protection of women, children, and vulnerable groups online are commendable, as are initiatives to certify emerging technologies like AI, IoT, and blockchain. These efforts reflect Ghana’s progressive stance in aligning with global digital ethics. However, these gains must not be overshadowed by over-regulation.
The way forward
Cybersecurity governance must be built on trust, inclusion, and accountability. I urge policymakers to engage practitioners, academia, and the private sector before passing this Bill. Ghana stands at the threshold of becoming a digital hub in Africa but that vision can only materialize through laws that inspire confidence, not compliance out of fear. Let us pursue a cybersecurity framework that empowers professionals, safeguards citizens’ rights, and holds institutions accountable equally. Digital trust is the true foundation of national security.
>>>the writer is an accomplished cybersecurity executive, strategist, and academic, with more than two decades of progressive leadership across Fortune 500 enterprises, government institutions, and academia. He is widely recognized for his rare ability to fuse deep technical expertise with visionary leadership, shaping resilient security ecosystems that safeguard organizations in an era defined by digital transformation and evolving threats.
As Chief Executive Officer of Slamm Technologies (USA & Ghana) since 2007, Dr. Boateng has established himself as a trusted architect of Security Operations, spearheading the use of artificial intelligence, machine learning, and advanced automation to build world-class SOC and NOC frameworks.
The post Rethinking the Cybersecurity (Amendment) Bill, 2025: A balanced path toward digital trust and accountability appeared first on The Business & Financial Times.
Read Full Story
Facebook
Twitter
Pinterest
Instagram
Google+
YouTube
LinkedIn
RSS