Ghana has adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Signatures.

Ghana has adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Commerce.

The Electronic Transactions Act 2008 provides a comprehensive consumer protection framework that applies to online transactions.

Ghana has not signed the United Nations (UN) Convention on the Use of Electronic Communications in International Contracts.

According to the guidelines for registering domains under the GH2-DOM, for the registration of a ".gh" domain name, the domain administrator must be located in Ghana and the company of the domain administrator should have been registered in Ghana. In addition, domain names registered under the top-level .gh domains should be active within six months after registration

It is reported that the de minimis threshold, that is the minimum value of goods below which customs do not charge duties, is USD 100, below the 200 USD threshold recommended by the International Chamber of Commerce (ICC). However, it is also reported that there is an informal agreement that allows goods whose value does not exceed USD 200 to be exempted.

The law prohibits the sale or provision of encryption or authentication services unless it is compliant with the country’s 2008 Electronic Transactions Act. The National Information Technology Agency is charged with certifying and issuing licenses for encryption and authentication services. Law enforcement officers are also entitled to require access to decryption information and “the reasonable technical and other assistance required for investigation or prosecution”.

When telecom equipment dealers import ICT devices into the country, they are required to declare the details of the shipment to the National Communications Authority (NCA) through Customs’ system. The NCA subsequently conducts physical inspection at the ports of entry to ensure that the devices are Type Approved. The NCA has designed NCA Approval Testing Labs for testing. The testing laboratory consists of a Specific Absorption Rate (SAR), Electromagnetic Field (EMF) measurements, Digital Terrestrial Television (DTT) and Radio Frequency and Signalling (RF & Sig) Laboratories.

The Ghana Standards Authority (GSA) is mandated under the Standards Authority Act, 1973 to undertake conformity assessment activities. The Product Certification Department provides assessment and impartial third-party attestation that fulfilment of specified requirement has been demonstrated. Specified requirements for products are generally contained in standards or other normative documents. Product certification is carried out by product certification bodies which should conform to ISO IEC 17065.

The Subscriber Identity Module Registration Regulations 2011 mandates telecom network operators to register subscribers. In addition, Regulation 7(1)(l) of the National Identity Register Regulations 2012 made the National ID card the mandatory identification document for the registration of SIM cards. Use of National ID is applicable to individuals who qualify for citizen and non-citizen National ID Cards, for non-citizens, a valid passport is required.

Sections 90-95 of the Electronic Transactions Act, provide a framework that does not make intermediaries and service providers liable for data transmission, routing, or storage of electronic records. Intermediaries are not liable for the information stored on their systems “at the request of recipients of their services” on condition that they do not “have actual knowledge that the information or an activity relating to the information is infringing the rights of a third party (a person or the state),” are not aware of the circumstances surrounding the infringement and takes steps to make the information inaccessible upon a take-down notification.

The Cybersecurity Act in December 2020, greatly expanding the government’s legal authority to conduct surveillance, compels telecommunication service providers to hand over data, and control encryption providers. Section 76 empowers the Cybersecurity Authority to compel a service provider to install interception technology, in order to facilitate the government’s surveillance powers under the law. Section 71 authorizes security officers to collect and record communications metadata, either stored or in real time, on receipt of a warrant.

Sections 90-95 of the Electronic Transactions Act, provide a framework that does not make intermediaries and service providers liable for data transmission, routing, or storage of electronic records. Intermediaries are not liable for the information stored on their systems “at the request of recipients of their services” on condition that they do not “have actual knowledge that the information or an activity relating to the information is infringing the rights of a third party (a person or the state),” are not aware of the circumstances surrounding the infringement and takes steps to make the information inaccessible upon a take-down notification.

The Data Protection Act 2012 compels data controllers to appoint a data protection officer, also defined as data protection supervisor. The supervisor is a professional whose role is to monitor the compliance by the data controller in accordance with the provisions of the Act, Section 58.