Cloud Services Agreement (Ghana)

A Cloud Services Agreement in Ghana records the obligations, timelines and payment owed between the client and the service provider.

Section 5 of the Electronic Transactions Act 2008 (Act 772) provides that an electronic document or electronic record satisfies any legal requirement for a document to be in writing, and Section 6 gives electronic signatures legal validity equivalent to wet-ink signatures in Ghana. The Electronic Communications Act 2008 (Act 775), administered by the National Communications Authority (NCA), governs the telecommunications infrastructure over which cloud services are delivered. The National Information Technology Agency Act 2008 (Act 771) establishes the National Information Technology Agency (NITA) as the principal public body responsible for ICT policy in Ghana.

The Cloud Services Agreement (Ghana) must also comply with the Data Protection Act 2012 (Act 843), which applies to any person or entity that collects, processes, stores, or transmits personal data in Ghana or in respect of Ghanaian data subjects. The Data Protection Commission of Ghana (DPC) enforces Act 843 and requires data controllers and data processors to register with the DPC. Section 17 of Act 843 restricts the cross-border transfer of personal data to countries that do not have an adequate level of data protection, which is highly relevant to cloud services where data may be stored in data centres outside Ghana.

A Cloud Services Agreement in Ghana is distinct from a Software Licence Agreement, which governs the right to use software installed on the customer's own hardware without the delivery of services over a network. The Cloud Services Agreement covers ongoing service delivery, service levels, uptime guarantees, data residency, and exit arrangements. It differs from an IT Services Agreement in that the provider does not necessarily deploy staff on the customer's premises; the service is delivered remotely over the internet infrastructure regulated by the National Communications Authority (NCA) under the Electronic Communications Act 2008 (Act 775).

The Income Tax Act 2015 (Act 896) treats fees paid to non-resident cloud service providers as royalties or management and technical service fees subject to withholding tax at 15% under Section 115 of Act 896, remitted to the Ghana Revenue Authority (GRA). The Value Added Tax Act 2013 (Act 870) requires foreign digital service providers supplying digital services (including cloud services) to Ghanaian customers to register for VAT in Ghana following the Digital Services Tax amendments, consistent with Ghana's digital economy tax strategy announced in 2022.

The legal framework governing the Cloud Services Agreement (Ghana) in Ghana draws on several key statutes and regulatory bodies. Under the Companies Act 2019 (Act 992), the Registrar General's Department (RGD) maintains the register of Ghanaian companies. Section 7 of the Companies Act 2019 governs company incorporation. The Ghana Revenue Authority (GRA) administers corporate tax under the Income Tax Act 2015 (Act 896). The Commercial Division of the High Court in Accra adjudicates business disputes. The Ghana Investment Promotion Centre (GIPC) regulates foreign investment under the GIPC Act 2013 (Act 865). Parties executing a Cloud Services Agreement (Ghana) in Ghana should confirm the document reflects current law, including any amendments enacted since the original drafting date. The Electronic Transactions Act 2008 (Act 772) sets the foundational requirements.

A Cloud Services Agreement in Ghana is needed whenever a business, government agency, or individual subscribes to cloud-hosted software, storage, computing infrastructure, or platform services from a provider.

A Cloud Services Agreement is required when a Ghanaian company migrates its enterprise applications — such as accounting software, human resources management systems, or customer relationship management (CRM) tools — from on-premise servers to a cloud platform hosted by a provider operating in Ghana or abroad, to govern uptime obligations, data security, and exit rights.

A Cloud Services Agreement is needed when a fintech company licensed by the Bank of Ghana (BoG) under the Payment Systems and Services Act 2019 (Act 987) uses cloud infrastructure to host payment processing systems, where the Bank of Ghana's ICT and Cybersecurity Directive requires documented contractual arrangements with cloud service providers and evidence of adequate data protection.

A Cloud Services Agreement is required when a healthcare provider under the Ghana Health Service (GHS) or the Health Facilities Regulatory Agency (HeRAF) uses a cloud-based electronic health record (EHR) system, where the storage and processing of patient data requires compliance with the Data Protection Act 2012 (Act 843) and the confidentiality obligations of the Health Institutions and Facilities Act 2011 (Act 829).

A Cloud Services Agreement is needed when a Ghanaian business engages a global cloud provider — such as a hyperscale cloud operator with data centres in Europe or the United States — to use SaaS productivity tools, where cross-border personal data transfers must be governed by appropriate contractual safeguards consistent with Section 17 of Act 843.

A Cloud Services Agreement is required when a government ministry, department, or agency (MDA) procures cloud services under the Public Procurement Act 2003 (Act 663) and the Public Procurement Authority (PPA) guidelines on ICT procurement, to confirm accountability for public funds and data sovereignty obligations.

Parties should execute the Cloud Services Agreement before onboarding data to the cloud platform. The Data Protection Commission of Ghana (DPC) enforces Act 843 rigorously, and undocumented cloud arrangements expose both the customer and the provider to regulatory liability.

Parties in Ghana should prepare a Cloud Services Agreement (Ghana) proactively rather than waiting for a dispute to arise. Courts interpret agreements based on the written terms rather than oral representations. Under the Companies Act 2019 (Act 992), the Registrar General's Department (RGD) maintains the register of Ghanaian companies. Section 7 of the Companies Act 2019 governs company incorporation. The Ghana Revenue Authority (GRA) administers corporate tax under the Income Tax Act 2015 (Act 896). The Commercial Division of the High Court in Accra adjudicates business disputes. The Ghana Investment Promotion Centre (GIPC) regulates foreign investment under the GIPC Act 2013 (Act 865). Where the transaction involves regulated activities, prior approval from the relevant authority may be required before execution.

A valid Cloud Services Agreement in Ghana must contain the following essential elements to be enforceable and compliant under the Electronic Transactions Act 2008 (Act 772) and the Data Protection Act 2012 (Act 843).

Parties: Full legal names, addresses, and Ghana Revenue Authority (GRA) Tax Identification Numbers (TINs) of the provider and the subscriber. Where the provider is a foreign company, the agreement should confirm the foreign company's registration or licensing in its home jurisdiction and the entity responsible for service delivery in Ghana.

Description of Cloud Services: A precise description of the cloud services to be provided — SaaS, IaaS, or PaaS — including the specific applications, storage capacity, computing resources, and features included in the subscription, and a clear description of services excluded.

Service Level Agreement (SLA): Uptime commitments expressed as a percentage (e.g., 99.9% monthly uptime), the method of measuring downtime, the provider's obligations in the event of a service outage, and the remedies available to the subscriber (service credits, refunds, or termination rights) in the event of SLA failure.

Data Protection and Security: The provider's obligations under the Data Protection Act 2012 (Act 843) as a data processor, including: registration with the Data Protection Commission of Ghana (DPC); implementation of appropriate technical and organisational security measures; notification to the subscriber within 72 hours of a data breach; compliance with cross-border data transfer restrictions under Section 17 of Act 843; and the provider's obligations on data deletion or return upon termination.

Data Residency: Identification of the country or countries in which the subscriber's data will be stored and processed, and confirmation of compliance with applicable data localisation requirements — particularly relevant for financial sector customers regulated by the Bank of Ghana (BoG) or the Securities and Exchange Commission (SEC).

Fees and Payment: Subscription fees in Ghana Cedis (GHS) or the currency of the agreement, the billing cycle (monthly, annual), the payment method, and the treatment of VAT under the Value Added Tax Act 2013 (Act 870) and withholding tax under the Income Tax Act 2015 (Act 896).

Intellectual Property: Confirmation that the provider retains all intellectual property rights in the cloud platform and software, and that the subscriber retains all rights in the data it uploads or generates on the platform.

Termination and Exit: Notice periods for termination, the subscriber's right to export its data before termination, the provider's obligation to delete or return all subscriber data within a specified period (e.g., 30 days) after termination, and the format in which data is returned.

Limitation of Liability: Caps on the provider's liability, typically limited to the fees paid by the subscriber in the preceding 12 months, with exclusions for data breaches caused by the provider's wilful default or gross negligence.

Governing Law: Ghana law, with disputes resolved before the High Court (Commercial Division) in Accra or by arbitration under the Alternative Dispute Resolution Act 2010 (Act 798). Forms-legal.com provides this template as a starting point for Ghana-compliant cloud services contracts.

Additional compliance elements for a Cloud Services Agreement (Ghana) used in Ghana include: Under the Companies Act 2019 (Act 992), the Registrar General's Department (RGD) maintains the register of Ghanaian companies. Section 7 of the Companies Act 2019 governs company incorporation. The Ghana Revenue Authority (GRA) administers corporate tax under the Income Tax Act 2015 (Act 896). The Commercial Division of the High Court in Accra adjudicates business disputes. The Ghana Investment Promotion Centre (GIPC) regulates foreign investment under the GIPC Act 2013 (Act 865). Forms-legal.com provides this template as a starting point for Ghana-compliant documentation.