Cybersecurity Service Providers (CSPs), Cybersecurity Establishments (CEs) and Cybersecurity Professionals (CPs) without a licence or accreditation are barred from operating in the country.

This took effect from Monday, 1 January 2023, following the December 31 deadline issued by the CSA to CSPs, CEs, and CPs to obtain a licence or accreditation to operate lawfully in the country.

The Cyber Security Authority (CSA), in a statement emphasised that it will fully enforce the provisions of the Cybersecurity Act 2020 (Act 1038) regarding its mandate to regulate CSPs, CEs and CPs.

Hence, CSPs, CEs and CPs who “offer cybersecurity services without a licence or accreditation granted by the Authority, do so in contravention of Act 1038 and will face the full rigors of the law including criminal prosecutions and administrative penalties where applicable.”

It advised institutions and individuals “to engage only licensed CPs and accredited CEs and CPs.