Existing Cybersecurity service providers have 6 months to apply for a licence – CSA

The Cyber Security Authority (CSA) says firms engaged in the business of providing cybersecurity services have six months, beginning March 1 to September 30, 2023, to apply for a licence, as the Authority rolls out a licensing and accreditation process. 

The implementation of the licensing and accreditation of Cybersecurity Service Providers (CSPs), Cybersecurity Establishments (CEs), and CyberSecurity Professionals, which commenced this month, is in line with sections 4(k), 49, 50, 51, 57, and 59 of the CyberSecurity Act, 2020 (Act 1038), the Authority said in a press release.  

“The purpose of the regime is to ensure regulatory compliance with the CyberSecrity Act, 2020 (Act 1038) and to certify that CSPs, CEs, and CPs offer their services in accordance with approved standards and procedures in line with domestic requirements and industry best practices.”

Scope of Licence and Accreditation

The licensing process will start with existing and new CyberSecurity service providers and then be followed by the accreditation of CEs and CPs.

According to the CyberSecurity Authority, the regulatory compliance process will largely consider firms with expertise in Vulnerability Assessment and Penetration Testing, Digital Forensic Testing, Risk and Compliance, Cybersecurity Governance, and Managed Cybersecurity service. 

“Under the regime existing CSPs who are already engaged in the business of providing cybersecurity services will be given six months (from March 1 to September 30, 2023) to apply for a licence. A CSP who fails to obtain a licence within this period will cease operation until a licence is obtained from the Authority.”