The Cybersecurity Instruments and Policy Framework of Ghana's Electoral Commission: A Qualitative Longitudinal Study

Abstract

This study investigates the Cybersecurity Instruments and Policy Framework of Ghana’s Electoral Commission (EC), tracing its evolution from 2012 to 2024. Employing a qualitative longitudinal design, the research explores how the EC has developed, implemented, and adapted cybersecurity measures to safeguard electoral integrity in the digital age. The study draws on in-depth interviews with officials from the EC, Cyber Security Authority (CSA), CERT-GH, civil society organizations, development partners, and election experts. It is guided by Joseph Nye’s theory of power diffusion and Bruce Schneier’s surveillance and trust framework, both of which illuminate how authority, control, and legitimacy operate within cyberspace and democratic institutions. Findings reveal that Ghana’s EC has moved progressively from ad hoc and reactive cybersecurity practices, seen during the 2012 and 2016 election cycles, to more structured and proactive frameworks by 2024, particularly after the passage of the Cybersecurity Act, 2020 (Act 1038). Despite significant improvements, including the introduction of biometric verification, encrypted data transmission, and inter-agency collaboration with CSA and CERT-GH, the study identifies gaps such as the EC’s non-designation as a Critical Information Infrastructure (CII), limited independent audits, and insufficient year-round cyber readiness. The research concludes that Ghana’s electoral cybersecurity landscape remains dynamic, requiring continuous investment in technical tools, institutional coordination, and human capacity development. It recommends establishing a permanent Election Cybersecurity Unit, strengthening compliance with Act 1038, conducting regular penetration tests, and aligning EC practices with international standards such as ISO 27001. The study contributes to scholarship by providing the first longitudinal analysis of Ghana’s electoral cybersecurity evolution and its implications for digital governance and democratic resilience.