A netizen identified as Michael Asiedu has blown an alarm on the Cybersecurity Amendment Bill, 2025, being introduced by the Communication Minister, Sam George.
The Cybersecurity Authority has come under intense criticism following the proposed amended Cybersecurity Act, 1038.
Reports suggest the CSA amendment bill seeks to gain sweeping control over Ghana’s cyberspace and also a 30% levy on industry players.
Many Ghanaians have criticised the bill, arguing that the CSA, which seeks to protect Ghanaians, rather poses a significant threat to Ghana’s digital security landscape.
According to the netizen, the CSA is the most dangerous bill Ghana has ever drafted, which quietly gives the CSA power to arrest, freeze assets, and access your data, all in the name of “cybersecurity”.
Speaking in a self-recorded video on social media, the netizen wrote, “See, the new cybersecurity amendment bill is not a cybersecurity reform, but then it’s a control reform, and if passed, it will give just one government agency more power over your digital life than any law in Ghana”.
He further detailed that the CSA gives one body three powers, “Section 4a, which is The New Powers of Cybersecurity Authority.
Now, this Section gives authority to investigate and prosecute cybercrime. That means that the same institution that writes these rules can also decide who breaks them to investigate the case and prosecute that person. That’s 3 powers in one body”.
He added, They also get to certify and regulate emerging technologies like AI, blockchain, cloud, whatever, so if you are building tech in Ghana, they can decide whether your product is secure enough to exist, I mean that not security, that’s just a way to centralise control.
Michael Asiedu further highlighted that section 20b gives the CSA powers to the same powers as the police to arrest, search or seize your property, but unlike the police, they won’t report to the IGP but directly to the authority under the Ministry of Communications, that’s Honourable Sam George.
The netizen further lamented that a part of the CSA bill allows the authority to make money when it finds and punishes people, he added, “ Section 31, which involves money. Now this section finds the authority with 12 per cent of the communication service tax, 9 per cent of corporate tax and 50 per cent of all fines and penalties under the act.
So, in other words, the authority makes money when it finds and punishes people. Now this is a soft financing system. The more people they arrest or punish, the richer the institution becomes. I mean, that’s direct incentive to overreach”.
He further added, “Section 35-37, which is the Critical Information Infrastructure. This section allows the minister to declare any systems as critical. Hospital, startup or hosting business.
Once it’s declared critical, you must register it and pay annual fees and give the authority access to your internal systems that is for inspection & auditing. Now this will open doors to private infrastructure across sectors. You know refusal comes with a heavy penalty”.
Section 49 involves licensing and cybersecurity services. No one can offer cybersecurity services, even give it for free, without a government license that includes ethical hackers, IT consultants, I mean, even a non-profit doing privacy work.
So with that accreditation from the authority, your work becomes illegal, and that’s how they quietly kill independent oversight”.
The netizen further warned that section 57c, which talks about the Cyber Hygiene Certification. The Authority will run a new cyber hygiene scheme, and set prices to approve who can offer certifications and collect 30% of the revenue from every certification done, meaning the authority that regulates, audits will profit from the Cyber Hygiene Certification.
He further emphasised that Sections 59a to 59k are the Enforcement Powers, which are the most dangerous part of the entire bill.
He noted that the section gives the authority power to arrest, prosecute anyone who violates cybersecurity standards and also freeze your bank account.
He explained, “Now it gives the Authority nearly unlimited power and here are these sections in simple English. They can arrest. They can prosecute anyone who violates cybersecurity standards. Freeze your bank account property before Even approves it.
They can compel you to hand over your information and your data during an investigation, and they can get caught up with others in secret to access your digital Data.
They can enter and inspect your premises, sometimes even without so. We have full surveillance, full policing power concentrated in one agency. Without a clear judiciary, and one that exists, it won’t stop cyber crime will being used against journalists, critics and even political opponents. That’s how Digital control begins”, he warned.
He further highlighted the part that criminalises speech, “Section 66, 67a and 67b that will criminalise speech. So this section introduces cyberbullying, you know, False information clauses.
They make it a crime to spread false or misleading information on penalties with penalties up to five years in prison, but who decides what is false? The same authority that enforces their hat so.
He warns, “If you criticise a government official and then they call it false, you are now a cybercriminal, that’s a violation of our free speech”.
Michael Asiedu further explained, “Section 92 and this actually allows the authority to issue binding orders to innovator software engineers, service providers to secure emerging technology. In simple terms, they can tell startups what they build, how they can build it or even stop them. That’s direct state control by innovation under the banner of Cyber safety”.
“Section 94-94b, they have added new offences like unlawful access, computer forgery and computer-related fraud. Some are valid, but the language is broad, so it can easily criminalise ethical hacking or even testing your own systems.
Every major authoritarian thing in modern history starts with laws like this. They write the law very softly, I mean, they try to make it open, or you can submit your Input, and then they justify it as Protection”.
He further cited the Nigerian situation, where their Cybercrime Act will protect citizens, but later it was used to jail journalists for criticising Governors.
“Ghana’s Bill gives the states the same toolkit they can arrest, prosecute, cease and then silence you. So if one government agency can write its rules, enforce them and then punish you, that’s not cybersecurity”, he warned.
Meanwhile, the Cyber Security Authority (CSA) are asking Ghanaians for their input to shape the country’s digital defences as the government launches a public review of its proposed cybersecurity update.
“We need laws that match the speed of digital innovation,” the CSA noted.
However, the Cyber Security Authority (CSA), designed to provide technical oversight and promote digital safety, has now ignited debate on social media, with Ghanaians arguing that it could now act as an armed enforcement body capable of conducting arrests, searches, and seizures without traditional police oversight.
Netizens argue that the bill could lead to abuse of power, intimidation of opponents and critics, and the suppression of online views under the guise of cybersecurity enforcement.
Watch the video below:
This is the most dangerous bill Ghana has ever drafted.
— Michael Asiedu (@MichaelAsiedu_) October 25, 2025
I have read the entire CSA amendment bill.
I break everything down, including its most dangerous part, which quietly gives the CSA power to arrest, freeze assets, and access your data, all in the name of “cybersecurity.” pic.twitter.com/mEUUwcmQyh