There is a particular brand of Ghanaian governance that operates on a simple, well-rehearsed logic: identify the one sector in which ordinary young people, without connections, without family money, without a politician uncle, are actually building something for themselves, and then erect a magnificent bureaucratic tollbooth right in the middle of it.
The National Information Technology Authority Bill, 2025 currently making its way through Ghana’s legislative machinery with the quiet confidence of a document probably written by a majority of people who have never debugged a line of code in their lives is precisely that tollbooth. It is, in its 105 sections and accompanying Schedule, one of the most breathtaking exercises in regulatory overreach this country has produced in recent memory. And given our regulatory track record, that is genuinely saying something.
The ICT sector is the one industry where a boy from Ashaiman, or, like my friend from Pulima, Aliu Wahab, with a second-hand laptop and a YouTube tutorial, can compete with someone whose father went to Achimota. It is the one space where talent, not tribe; skill, not surname; output, not old-boy network, still carries meaningful weight. It is, bluntly, the only functioning meritocracy left in Ghana’s economic life.
And our government, with the NITA Bill 2025 has decided that this is precisely the sector that requires the most elaborate regulatory architecture since the tale of Moses coming down from Sinai with the Ten Commandments.
The Absurdity of Section 46: Certifying Everyone, Everywhere, Always
Let us begin with what is, without competition, the most extraordinary provision in this bill. Section 46(1) states, in plain and unambiguous terms:
“A person shall not be appointed as an ICT professional in a public or private institution unless that person is certified by the Authority.”
Read that again. Public or private.
This is not a provision that limits itself to government systems handling national security data. This is not a narrow carve-out for critical infrastructure. This is a provision that means the software developer at a startup in Osu, the data analyst at a logistics firm in Tema, the web designer freelancing from her bedroom in Kumasi, all of them, every single one must first obtain certification from a government authority before they can lawfully be employed.
Who dreamed this up? Under what theory of governance does it make sense for the government of Ghana which cannot consistently process a DVLA licence within six months, which spent years and hundreds of millions on a national identification system that still cannot talk to the health insurance database to position itself as the certifying gatekeeper for an entire profession across the entire economy?
And here is the delicious irony that the framers of this bill seem constitutionally incapable of perceiving: the government’s own ICT record is the single most compelling argument against giving it certification authority over anyone. You do not hand the keys of the wine cellar to the person who has been drinking the wine.
Politicians: The One Profession That Needs Certification Most, and Gets It Least
Since we are on the subject of certification, let us pause to consider who in this country is not required to demonstrate any competence whatsoever before being handed consequential power over millions of lives.
A Member of Parliament faces no certification requirement. A District Chief Executive faces no certification requirement. A minister including the very Minister responsible for Communications and Digital Technology who will exercise sweeping powers under this bill faces no certification requirement. A president who will assent to this legislation, who will appoint the board, who will set policy direction for the entire ICT ecosystem, faces no certification requirement beyond winning an election.
These are the people who design the economic policies that determine whether businesses survive. These are the people who approve budgets, execute procurement, negotiate international agreements, and occasionally with great fanfare and very little technical understanding announce digital transformation programmes that quietly expire before the next election cycle. They craft the policies that affect every single Ghanaian citizen. They make decisions with consequences that dwarf anything an ICT professional will ever be responsible for.
And yet it is the developer, the systems administrator, the cybersecurity analyst — people whose professional errors, at worst, bring down a website who must be certified by the Authority.
The logic here is not merely inverted. It is upside down, inside out, and spinning.
The 1% Gross Revenue Levy: A Tax Dressed in Regulatory Clothing
Section 23(d) of the bill provides that the funds of the Authority shall include “one percent (1%) of regulatory fees on gross revenue of all ICT businesses.”
Gross revenue. Not profit. Gross revenue.
For those unfamiliar with how businesses particularly technology startups and small ICT firms actually operate: gross revenue is the top-line figure before costs, salaries, infrastructure expenses, server fees, software licences, and everything else is deducted. Many technology businesses, particularly in their early and growth stages, operate on thin or negative margins precisely because they are reinvesting in growth.
A levy on gross revenue means a company that turns over GHS 1 million but makes GHS 50,000 in profit will pay GHS 10,000 to the Authority — effectively handing over 20% of its profit to fund the bureaucratic apparatus that regulates it. A company that is loss-making but growing will still pay, because it has revenue. This is not a regulatory fee. This is a tax. And it is a particularly poorly designed one, targeted at exactly the stage of business development, early growth, where businesses are most vulnerable and most in need of breathing room.
Meanwhile, the bill simultaneously establishes an e-government ICT infrastructure company under Section 31 — a state-owned entity that will compete directly with the private sector while the same Authority that licenses private competitors also oversees the public company. The regulator creating and supervising its own commercial competitor. In any serious regulatory jurisdiction, this would be called a conflict of interest. In Ghana, we apparently call it governance.
Licensing Absurdities: Citizens Only Need Apply
Section 37 of the bill restricts licence eligibility to Ghanaian citizens aged 18 and above, or companies “wholly owned by a citizen.”
Wholly owned. Not majority-owned. Not substantially Ghanaian-controlled. Wholly owned.
In a global digital economy where technology firms raise capital internationally, form joint ventures with foreign partners, attract diaspora investment, and participate in multinational development programmes, this provision would disqualify the vast majority of serious technology companies from operating in Ghana’s ICT
We are, at this very moment, competing with Rwanda, Kenya, and Senegal for ICT investment and for the continent’s emerging technology talent. Kigali has just become a regional headquarters for technology multinationals. Nairobi’s Silicon Savannah attracts billions in venture capital. Dakar is building digital infrastructure at a pace that would make Ghanaian planners blush.
And Ghana’s legislative response is to require that ICT licences be held only by wholly citizen-owned entities.
This is not economic nationalism. Economic nationalism, at least, is coherent. This is economic self-sabotage dressed in a flag.
The Licensing Regime: A Bureaucrat’s Paradise
Section 35 makes it an offence to “engage in a business or related activity in the ICT sector” without a licence. The penalty for doing so, under Section 35(4), ranges from a fine to two years’ imprisonment.
Two years’ imprisonment for running an unlicensed ICT business.
The definition of ICT under Section 102 is helpfully broad to the point of uselessness, covering essentially all digital hardware and software systems, all information systems, all cloud-based infrastructure, and all digital innovation platforms. In other words: almost everything any modern business does.
Read alongside Section 46 which requires certification of all ICT professionals in private institutions and Section 35 which requires licensing for all ICT sector activity–what emerges is a picture in which it is essentially impossible to run any technology-adjacent business in Ghana without first obtaining the Authority’s blessing, paying its fees, and surviving its inspection regime.
The bill even requires, under Section 52, that public institutions obtain technical clearance from the Authority before undertaking any major ICT procurement. Given that the Authority itself has not yet demonstrated the capacity to deliver consistent, competent, well-governed ICT services in its current form as NITA, the prospect of this body becoming the mandatory gatekeeper for all public ICT procurement should concern everyone who has ever watched a public sector ICT project dissolve into delay, litigation, and loss.
The Penalties: Maximum Punishment, Minimum Logic
The offences and penalties provisions of this bill deserve special attention for their creativity.
Under Section 42(2), transferring a licence without the Authority’s prior written approval attracts a fine of up to 200,000 penalty units or imprisonment of up to ten years, or both. Ten years. For an administrative licensing technicality involving the paperwork around a business transfer.
Under Section 93, where a body corporate commits an offence, every director, manager, officer, and shareholder is deemed to have committed the offence unless they can prove they exercised due diligence. This reversal of the burden of proof — treating corporate officers as guilty until they prove their own innocence — sits uncomfortably against every principle of criminal justice that Ghana’s legal system is supposed to uphold.
And Section 95(k) provides that anyone whose “gross negligence leads to data breaches or system failures” is liable to a fine of up to ten thousand penalty units or ten percent of annual turnover, whichever is higher, plus mandatory third-party audits.
Ten percent of annual turnover. For a cybersecurity incident. In an industry where breaches happen to the most sophisticated organisations in the world including governments, banks, and military institutions– the bill proposes to treat negligence-adjacent security failures as events warranting penalties that could existentially destroy a small company overnight.
This is not consumer protection. This is a regime under which the Authority accumulates enormous discretionary power to punish, and companies accumulate enormous incentives to avoid operating in Ghana altogether.
The Government’s ICT Competitor: Regulatory Capture Dressed as Public Interest
Perhaps the most structurally troubling provision in the entire bill is Section 31, which requires the Minister to incorporate a government-owned e-government ICT infrastructure company within six months of the Act coming into force.
The object of this company, per Section 32, includes managing government data centres, cloud hosting environments, national digital identity services, shared government systems, and enterprise software solutions.
This is, to put it plainly, a government-owned technology company that will offer services — hosting, cloud infrastructure, enterprise software that private ICT companies also offer, and in some cases, currently provide to the government.
The same Authority that licenses private ICT companies will conduct technical audits of this government company under Section 34. The same Authority whose funds come partly from levies on private ICT businesses will oversee a public company that competes with those same businesses for government contracts.
No serious regulatory framework anywhere in the world permits the regulator to simultaneously own and audit a commercial competitor to the entities it regulates. This is not a technical concern. It is a fundamental conflict that undermines the credibility of the entire regulatory architecture.
What This Bill Actually Does
The government of Ghana wants to create a powerful, well-funded authority with broad discretionary powers to license, certify, audit, fine, suspend, and imprison participants in the ICT sector. It wants to fund this authority partly through a levy on the gross revenue of the very businesses it regulates. It wants to simultaneously establish a government-owned company to compete in the same sector. And it wants to extend its certification requirement to private businesses that have no connection to government and no particular reason to submit to state oversight of their hiring decisions.
This is not a regulation designed to protect consumers, promote innovation, or ensure interoperability. This is a regulation designed to expand the state’s footprint into the one sector where the state has not yet managed to make itself indispensable.
There is nothing wrong with regulation per se. Thoughtful, proportionate, outcome-focused regulation of ICT infrastructure–particularly where it touches government systems, public data, and national security is legitimate and necessary. Ghana needs clear standards for government ICT procurement. It needs enforceable data protection mechanisms. It needs accountability for public digital projects that regularly go over budget and under-deliver.
But that is not this bill. This bill is a maximalist assertion of state authority dressed in the vocabulary of modern digital governance. It will burden the entrepreneurs who cannot afford compliance costs. It will advantage the incumbents who can. It will drive away foreign investment and talent. It will give a government agency enormous discretionary power with inadequate checks. And it will do all of this while the politicians who designed it remain, as ever, the one professional class in Ghana that answers to no certification board, no licensing authority, and no competency standard of any kind.
If the government of Ghana is genuinely serious about regulating for public benefit, perhaps it might begin with a simple pilot programme: certify Parliament first.
Show us that works, and we will talk about certifying the developers.
Surely, Hon. Samuel Nartey George and his people have to look at the compass again and change navigation.
Source: Chris-Vincent Agyapong
See the post below:
I barely do this but I beg any Ghanaian to read the following write up by Chris-Vincent Agyapong. Bookmark, share etc cos wtf 😳
— Hubert Tieku Esq (@KwesiHubert) May 23, 2026
1/4
“Ghana's NITA Bill 2025: How a Government That Cannot Fix Potholes Wants to Certify Your Keyboard Strokes
There is a particular brand of Ghanaian… pic.twitter.com/KDCGuJhnuQ
