IT Services Agreement (Ghana)
IT Services Agreement
This IT Services Agreement (this "Agreement") is entered into on [Agreement Date] between:
SERVICE PROVIDER: [Provider Name] (ORC Registration No. [Provider Reg Number]), having its registered office at [Provider Address] (the "Provider"); and
CLIENT: [Client Name] (ORC Registration No. [Client Reg Number]), having its registered office at [Client Address] (the "Client").
1. IT Services
The Provider shall provide the following IT services to the Client (the "Services") commencing on [Commencement Date]: [Services Description]
The Services are provided in compliance with the Electronic Transactions Act 2008 (Act 772), the Cybersecurity Act 2020 (Act 1038), and the National Communications Authority (NCA) guidelines applicable to electronic communications services in Ghana.
The initial term of this Agreement is [Initial Term] from the commencement date, after which it shall renew automatically for successive 12-month periods unless terminated in accordance with Clause 6.
2. Service Level Agreement
The Provider guarantees system uptime of [Uptime Guarantee], measured monthly, excluding scheduled maintenance windows notified at least 48 hours in advance.
The Provider shall respond to Priority 1 (critical) incidents [Incident Response Time] of notification. Failure to meet SLA targets shall entitle the Client to service credits of 5% of the monthly fee per percentage point of uptime below the guaranteed level.
3. Data Protection and Cybersecurity
The Provider acts as a data processor under the Data Protection Act 2012 (Act 843) and shall: (a) process personal data only on the documented instructions of the Client; (b) implement appropriate technical and organisational security measures; (c) not transfer personal data outside Ghana without the Client's prior written consent and adequate protections approved by the Data Protection Commission (DPC); (d) notify the Client within 72 hours of becoming aware of a personal data breach; and (e) delete or return all personal data on termination of this Agreement.
Both Parties shall comply with the Cybersecurity Act 2020 (Act 1038) and any cybersecurity directives issued by the Cyber Security Authority (CSA) applicable to their respective operations.
4. Fees and Payment
The Client shall pay the Provider a monthly service fee of GHS [Monthly Fee] (excluding VAT), payable [Payment Terms]. VAT at 19.5% (15% VAT + 2.5% NHIL + 2.5% GETFund Levy) shall be added where applicable under the Value Added Tax Act 2013 (Act 870).
Late payment shall attract interest at 2% per annum above the Bank of Ghana Monetary Policy Rate from the due date until payment in full.
5. Intellectual Property
Each Party retains ownership of its pre-existing intellectual property. Bespoke deliverables created specifically for the Client under this Agreement shall vest in the Client upon full payment of all fees, pursuant to Section 28 of the Copyright Act 2005 (Act 690). The Provider retains a licence to use its pre-existing tools, methodologies, and platforms in delivering the Services.
6. Termination
Either Party may terminate this Agreement for convenience by giving [Termination Notice] written notice. Either Party may terminate immediately for material breach unremedied within 30 days of written notice, or on the insolvency of the other Party.
On termination, the Provider shall return all Client data within 30 days in a mutually agreed format and shall provide up to 90 days of transition assistance to enable the Client to migrate to a successor provider.
7. Governing Law
This Agreement is governed by the laws of the Republic of Ghana. Any dispute arising out of or in connection with this Agreement shall be referred to [Dispute Resolution].
Signatures
IN WITNESS WHEREOF the Parties have executed this IT Services Agreement on the date first written above.
Service Provider
________________
Signature
Client
________________
Signature
What Is a IT Services Agreement (Ghana)?
An IT Services Agreement in Ghana sets out the terms on which a service provider performs work and is paid by the client.
Section 5 of the Electronic Transactions Act 2008 (Act 772) establishes the legal basis for electronic contracts and communications in Ghana, providing that a contract shall not be denied validity solely because it was entered into electronically. Act 772 recognises the legal effect of electronic signatures and electronic records in Ghana, enabling IT service agreements to be executed and managed electronically. The National Information Technology Agency (NITA), established under the National Information Technology Agency Act 2008 (Act 771), is the government body responsible for developing, promoting, and regulating information technology in Ghana, including advising on government IT procurement and establishing IT standards.
The Data Protection Act 2012 (Act 843) is a critical statute for IT Services Agreements in Ghana involving the processing of personal data on behalf of clients. Under Act 843, an IT service provider that processes personal data on behalf of a data controller (the client) acts as a 'data processor' and must comply with the principles of Act 843, including: processing data only in accordance with the client's instructions; implementing appropriate technical and organisational security measures; not transferring personal data outside Ghana without adequate protections; and notifying the client of any data breach. The Data Protection Commission (DPC), established under Act 843, maintains a register of data controllers and data processors and has powers to investigate complaints and impose sanctions.
The National Communications Authority (NCA), established under the National Communications Authority Act 2008 (Act 769), regulates electronic communications networks and services in Ghana, including internet service providers (ISPs), cloud service providers, and data centres. IT service providers offering regulated communications services in Ghana must be licensed by the NCA.
The IT Services Agreement differs from a Software Development Agreement — which is specifically for bespoke software creation — and from a Software Licence Agreement, which governs the right to use an existing software product. It is broader than both, covering the full spectrum of managed IT services that a provider may supply to a client organisation over an ongoing service relationship.
When Do You Need a IT Services Agreement (Ghana)?
An IT Services Agreement in Ghana is required whenever a business or organisation engages an IT service provider on an ongoing or project basis and wishes to document the terms of engagement, service levels, data protection obligations, and fees.
An IT Services Agreement is required when a company incorporated under the Companies Act 2019 (Act 992) engages a managed IT service provider for ongoing infrastructure management, helpdesk support, cybersecurity monitoring, or cloud hosting services, confirming the provider is contractually bound to deliver agreed service levels and protect the client's data under the Data Protection Act 2012 (Act 843).
An IT Services Agreement is needed when a Ghanaian bank or financial institution regulated by the Bank of Ghana (BoG), or an insurance company regulated by the National Insurance Commission (NIC), engages a technology vendor for core banking system implementation, digital banking platform development, or payment system integration, where the BoG and NIC have issued specific ICT risk management guidelines applicable to regulated financial institutions.
An IT Services Agreement is required when a government ministry, department, or agency in Ghana procures IT services under the Public Procurement Act 2003 (Act 663) and the Public Procurement Authority's IT procurement guidelines, confirming compliance with NITA standards and government data classification requirements.
An IT Services Agreement is needed when a multinational company with operations in Ghana outsources its IT support, cloud infrastructure, or cybersecurity services to a local or international provider, where the agreement must address cross-border data transfer restrictions under the Data Protection Act 2012 (Act 843) and any applicable data localisation requirements.
An IT Services Agreement is required when a startup in Ghana's growing fintech or healthtech sector engages a third-party IT provider for cloud infrastructure, API integration, or cybersecurity services, confirming the provider's obligations under the Electronic Transactions Act 2008 (Act 772) and the Cybersecurity Act 2020 (Act 1038) are properly documented.
An IT Services Agreement is needed when an IT service provider in Ghana wishes to formalise its service offering to multiple clients using a standard master services agreement supplemented by individual statements of work (SOWs) for specific projects.
What to Include in Your IT Services Agreement (Ghana)
A valid IT Services Agreement in Ghana under the Electronic Transactions Act 2008 (Act 772) and the Data Protection Act 2012 (Act 843) must contain the following essential elements.
Parties: Full legal names, company registration numbers from the Office of the Registrar of Companies (ORC), and registered addresses of the IT service provider and the client. Where the provider holds an NCA licence for regulated communications services, the licence number should be referenced.
Scope of Services: A detailed description of the IT services to be provided, which may include: software development or customisation; system integration; cloud hosting and infrastructure management; cybersecurity services (penetration testing, security operations centre (SOC), vulnerability scanning); helpdesk and end-user support; data backup and recovery; network design and management; and any specific deliverables or project milestones.
Service Level Agreement (SLA): Measurable performance standards for the services, including: system uptime guarantees (e.g. 99.9% availability); maximum response and resolution times for support tickets by severity level; scheduled maintenance windows; and the remedies available to the client for SLA failures (service credits, step-in rights).
Fees and Payment: The service fee structure — monthly retainer, project-based fee, or time-and-materials billing; the payment schedule; invoicing requirements compliant with the Value Added Tax Act 2013 (Act 870); and any penalty for late payment.
Data Protection and Security: The provider's obligations as a data processor under the Data Protection Act 2012 (Act 843), including: processing data only on documented instructions of the client; implementing appropriate technical and organisational security measures; maintaining records of processing activities; notifying the client within 72 hours of a personal data breach; and complying with cross-border data transfer restrictions. Both parties' obligations under the Cybersecurity Act 2020 (Act 1038) should also be addressed.
Intellectual Property: Ownership of pre-existing IP brought by each party, ownership of bespoke IP developed during the engagement, and any software licences granted to the client for proprietary tools used by the provider.
Liability and Indemnity: Limitations of the provider's liability for service failures, data breaches, and consequential losses, together with indemnities for third-party IP infringement claims.
Termination and Exit: Notice periods for termination for convenience; termination for cause (material breach, insolvency); data return and destruction obligations on termination; and the transition assistance the provider will give to a successor provider.
Governing Law: Ghana law, with disputes referred to the High Court (Commercial Division), Accra, or to arbitration under the Alternative Dispute Resolution Act 2010 (Act 798). Forms-legal.com provides this template as a starting point for Ghana IT services documentation.
Additional compliance elements for a IT Services Agreement (Ghana) used in Ghana include: Under the Companies Act 2019 (Act 992), the Registrar General's Department (RGD) maintains the register of Ghanaian companies. Section 7 of the Companies Act 2019 governs company incorporation. The Ghana Revenue Authority (GRA) administers corporate tax under the Income Tax Act 2015 (Act 896). The Commercial Division of the High Court in Accra adjudicates business disputes. The Ghana Investment Promotion Centre (GIPC) regulates foreign investment under the GIPC Act 2013 (Act 865). Forms-legal.com provides this template as a starting point for Ghana-compliant documentation.
Cite this page
Reference this free template in an article, syllabus, or research note:
Forms Legal. (2026). IT Services Agreement (Ghana) (Ghana) [Legal document template]. Forms Legal. https://forms-legal.com/ghana/business/services/it-services-agreement-ghana
"IT Services Agreement (Ghana) (Ghana)." Forms Legal, 2026, https://forms-legal.com/ghana/business/services/it-services-agreement-ghana.
@misc{formslegal-it-services-agreement-ghana,
author = {{Forms Legal}},
title = {IT Services Agreement (Ghana) (Ghana)},
year = {2026},
howpublished = {\url{https://forms-legal.com/ghana/business/services/it-services-agreement-ghana}},
note = {Free legal document template}
}
Frequently Asked Questions
Under the Data Protection Act 2012 (Act 843), an IT service provider in Ghana that processes personal data on behalf of a client acts as a 'data processor' and must comply with the following obligations: process personal data only on the documented instructions of the data controller (the client); implement appropriate technical and organisational security measures to protect personal data against unauthorised access, loss, destruction, or disclosure; not sub-contract the processing to third parties without the prior written consent of the data controller; not transfer personal data outside Ghana without adequate protections in place, such as standard contractual clauses approved by the Data Protection Commission (DPC); maintain records of all processing activities carried out on behalf of the controller; promptly notify the data controller of any personal data breach; and assist the data controller in fulfilling its obligations to data subjects under Act 843, including handling data subject access requests. Both parties should register with the Data Protection Commission (DPC) as data controller and data processor respectively, as required by Act 843.
The Cybersecurity Act 2020 (Act 1038) establishes a detailed legal framework for cybersecurity in Ghana. The Cyber Security Authority (CSA), established under Act 1038, is responsible for regulating and overseeing cybersecurity in Ghana. IT service providers and operators of critical information infrastructure (CII) — including banking and financial systems, telecommunications networks, energy and utilities, and government systems — are required to comply with cybersecurity directives issued by the CSA, implement minimum cybersecurity standards, and report cybersecurity incidents to the CSA within prescribed timeframes. Providers of regulated electronic communications services must also comply with the cybersecurity requirements of the National Communications Authority (NCA) under the National Communications Authority Act 2008 (Act 769). IT Services Agreements in Ghana should allocate cybersecurity obligations between the provider and the client, specify incident notification timelines, and reference the applicable CSA and NCA standards. Failure to comply with the Cybersecurity Act 2020 (Act 1038) may result in regulatory sanctions, fines, or criminal liability.
A Service Level Agreement (SLA) is a contractual commitment by the IT service provider to deliver specified, measurable levels of service performance. In an IT Services Agreement in Ghana, the SLA is critical because it: defines what the client is entitled to receive (uptime percentages, response times, resolution times); provides an objective basis for assessing whether the provider has met its contractual obligations; triggers remedies for underperformance, such as service credits, price reductions, or the right to terminate for material breach; and allocates risk between the parties for service failures. A well-drafted SLA in a Ghana IT Services Agreement should cover: system availability (e.g. 99.9% uptime for hosted systems, measured monthly and excluding planned maintenance); incident response and resolution targets by priority level (P1 critical incidents within 1 hour response, 4 hours resolution; P2 high within 4 hours, 24 hours; P3 medium within 1 business day, 5 business days); change management procedures; and performance reporting obligations. Under Ghanaian contract law, an SLA failure that causes the client financial loss may give rise to a damages claim in the High Court (Commercial Division), Accra.
Yes. The Electronic Transactions Act 2008 (Act 772) provides that an IT Services Agreement — and any other commercial contract — is not invalid merely because it was formed electronically. Section 5 of Act 772 establishes that where a law requires information to be in writing or requires a signature, an electronic record and electronic signature satisfy those requirements. An electronic signature under Act 772 may take several forms, including a scanned signature image, a digital signature created using a cryptographic key, or an acceptance click on an online contract platform. However, certain categories of documents in Ghana are excluded from the operation of Act 772 and must be executed in paper form — including wills, powers of attorney, contracts for the sale of immovable property, and documents requiring notarisation or attestation. An IT Services Agreement is not in these excluded categories, and parties may therefore execute it electronically using platforms such as DocuSign, Adobe Sign, or other electronic signature platforms that generate audit trails.
Intellectual property ownership is a critical issue in IT Services Agreements in Ghana. Under Section 16 of the Copyright Act 2005 (Act 690), software and other works created by an employee in the course of their employment vest in the employer. However, where an IT service provider creates bespoke software or other deliverables for a client under a service contract — rather than an employment contract — the copyright in those deliverables vests in the provider, not the client, unless the agreement expressly assigns the copyright to the client. The IT Services Agreement must therefore clearly specify: (a) who owns the intellectual property in bespoke deliverables created specifically for the client (typically assigned to the client for a fee); (b) what rights the client receives in the provider's pre-existing proprietary tools, platforms, and methodologies used in delivering the services (typically a limited licence to use the output, not the underlying tools); (c) whether the provider retains the right to use non-confidential know-how and experience gained from the engagement for other clients; and (d) what happens to IP on termination — particularly for software hosted by the provider on which the client depends. Parties should seek advice from a solicitor enrolled with the Ghana Bar Association on IP ownership before finalising the agreement.
This template is provided for informational purposes only and does not constitute legal advice. Laws vary by jurisdiction and change over time. Consult a qualified attorney for advice specific to your situation.Full disclaimer
Found an error? Let us knowRelated Documents
You may also find these documents useful:
Non-Disclosure Agreement — Disclosure (Ghana)
A binding Non-Disclosure Agreement for Ghana protecting confidential business information under the Contract Act 1960 (Act 25) and equitable principles of confidence recognised by Ghanaian courts.
Software Development Agreement (Ghana)
A Software Development Agreement for Ghana between a client and a developer or development company governing the creation, delivery, and ownership of custom software under the Copyright Act 2005 (Act 690) and the Electronic Transactions Act 2008 (Act 772).