Economic Adviser at the Office of the Vice President, Professor Sharif Mahmud Khalid, has recommended that the proposed passage of the Cybersecurity (Amendment) Bill, 2025, should be informed by consensus-building, bi-partisanship, and broad stakeholder engagement and not political expediency.

Since cybersecurity affects the general public, the Professor believes that there is a need for extensive consultations with key stakeholders and experts in the digital sector.

Speaking on JoyNews’ Newsfile on Saturday, November 1, Professor Khalid cautioned that,

“With such legislation, I will always call for bipartisan support,” he said. “The cybersecurity network in the country, including professionals, civil society organisations, and others whose work directly relates to this field, ought to be consulted to chart the way forward.”

Among the about nine stages a bill goes through to become a law in Ghana, as stipulated by the dictates of the 1992 constitution, Professor Khalid noted that legislative drafting is often one of the most complex stages of lawmaking, emphasising that the language used in bills must accurately reflect their intended purpose.

“Legislation can be a very challenging process, and drafting is often the hardest part. Sometimes the intent of a law is not clearly captured on paper, which is why it’s important to involve skilled drafters in the process,” he detailed.

He added that cybersecurity laws must not only be robust enough to address evolving digital threats but also carefully worded to avoid misinterpretation and unintended consequences.

Ghana’s Cybersecurity (Amendment) Bill, 2025, is a proposed update to the existing Cybersecurity Act (Act 1038), aimed at expanding the powers of the Cyber Security Authority (CSA) to regulate, investigate, and prosecute cyber-related offences. However, it has sparked significant public debate due to concerns over privacy, overreach, and industry impact.

The Cybersecurity (Amendment) Bill, 2025, was proposed by the Ministry of Communications and Digitalisation in Ghana. It was drafted in collaboration with the Cyber Security Authority (CSA), which is the regulatory body responsible for implementing cybersecurity standards and protecting Ghana’s digital space.

The Bill has become a necessity due to the rising cases of cybercrime in the country. Cyber Security Authority (CSA) in mid-October announced over GH¢19 million in losses to cybercrime between January and September this year. This marks a 17 per cent increase in cyber crimes compared to the same period last year.

He expressed concern over the growing trend of online crimes in Ghana, highlighting the dangers it poses to the economy. Earlier in the year, the authority reported a steep rise in cybercrime, with a record 2,008 cyber incidents, marking a 52 per cent rise from 2024.

He said online among the crimes, the most prevalent is online fraud, which makes up about 36% of the reported cases, including mobile money scams, fake investment schemes, phishing attacks, and cyber bullying, mostly targeted at women and children, represented 25 per cent of all reported incidents.

Consequently, to resolve this, the Communications Ministry has proposed the Cybersecurity (Amendment) Bill, 2025whick seeks to strengthen Ghana’s digital resilience against cyber threats by expanding the mandate of the CSA. The proposed amendments would empower the CSA to license and certify all cybersecurity professionals and service providers, set standards for emerging technologies such as artificial intelligence (AI), blockchain, Internet of Things (IoT), and quantum computing, and investigate and prosecute cybercrime in collaboration with the Attorney-General.

However, some provisions of the Bill, including Section 3 that require all cybersecurity practitioners to be licensed and certified by the CSA. Critics argue that this could stifle innovation and exclude smaller players who may not have the resources to meet certification requirements. Section 4A(b) grants the CSA broad authority to regulate and certify emerging technologies, which some fear could slow down technological development and discourage experimentation.

Another contentious issue is the bill’s provision for mandatory data access. Critics warn that investigators could be allowed to access personal data, passwords, and digital assets without judicial oversight, raising serious concerns about privacy and civil liberties. Additionally, the bill proposes a 30% levy on earnings from cybersecurity professionals, which has drawn criticism for its potential impact on fairness and transparency in the industry.

In response to these concerns, civil society groups, IT professionals, and media commentators have called for a comprehensive review of the bill before it is enacted. The main points of contention include fears of state overreach and surveillance, the absence of judicial safeguards, and the potential harm the bill could cause to Ghana’s growing tech ecosystem.

Vice President for Innovation and Technology at IMANI Africa, Selorm Branttie, has criticised the 2025 Cybersecurity (Amendment) Bill, describing it as ambiguous and potentially oppressive.

In an interview with Joy FM, he observed that several sections of the draft law are vaguely written and overly broad, making it challenging to separate minor online infractions from serious cyber offences.

Mr. Branttie warned that such lack of clarity could lead to misinterpretation and abuse, allowing ordinary digital activities to be unfairly criminalised.

“A lot of the lettering for the Cybersecurity Bill, for example, is ambiguous in terms of the kinds of offenses that are being discussed and the ramifications for you being seen as contravening some of these offences makes them draconian, makes it unsuitable for the current day and age and society that we have" he said on

“You are looking at things that could either be minor or major, and bottling it up into just one category and then criminalising all of it."

Mr. Branttie noted that several Ghanaians maintain additional social media profiles or alternative online identities for valid purposes such as protecting their privacy or adhering to workplace policies.

He explained that, as the bill currently stands, such practices could easily be misconstrued as dishonest or unlawful.

According to him, the absence of precise definitions and a clear categorisation of offences could give authorities undue power, potentially paving the way for the harassment of individuals, journalists, or political critics under the pretext of enforcing cybersecurity measures.

“It’s a dangerous to have laws like this, or some of the stipulations in laws like this dictating the what should be the government’s response or the security aparatus' response to some of these things that happen digitally because in the wrong hands, this could be used to abuse the personal rights of many indivuduals and could be used to target people percieved as political opponents or people perceived as not liked by anybody who is in authority,” he explained.

Mr. Branttie called on Parliament to carefully revise the language of the bill before its approval to ensure it maintains a fair balance between strengthening national cybersecurity and upholding citizens’ online rights.

He recommended that legislators work closely with technical professionals, civil society groups, and private sector stakeholders to refine the scope of offences, classify their severity, and establish transparent oversight systems.