The Ghanaian government is asking people who use mobile phones to register their SIM cards again. This is the fourth of these kinds of exercises in fifteen years, and each one has had problems with procedures, data protection, and unclear procurement. The most concerning aspect of the 2026 exercise is not only its recurrence but also the absence of evidence indicating institutional learning from the preceding three exercises. IMANI’s analysis finds that all of the previous exercises had the same kinds of technical and operational problems. For example, there was no NIA authentication, databases were spread out, agencies didn’t work well together, registration platforms weren’t reliable, deadlines were impossible to meet, and the Ghana Card penetration rate was too low at the time of registration. In practice, registration centers were overwhelmed, and for those who boycotted the process, the government temporarily turned off their SIM cards. This was an illegal punishment that affected over 9 million subscribers and stopped over GH₵200 million in mobile money transactions.
The most recent exercise in 2022 compounded these failures with serious data custody failures: nobody knew where the collected biometric data was hosted, there was no legal assignment for data protection, no verifiable deletion protocol, and no designated authority for independent audit. The NCA conducted the exercise without NIA involvement. Telcos collected data under no custody rules because the Data Protection Commission had no active oversight. Underlying all of this is what experts aptly call ‘katanomics’—a procurement-driven approach to policy where the incentive to initiate a new registration cycle is not technical necessity but the political economy of procurement. Each cycle generates contracting opportunities, and those opportunities generate political support. There is therefore no internal incentive to fix what went wrong as the failure of one exercise becomes the justification for the next. Until that procurement-first mindset is structurally disrupted, the 2026 exercise risks repeating the same trajectory.
Specific technical failures ignored
One of the most important things about the failure in 2022 is that biometric scanning equipment didn’t work together.One of the most important things about the failure in 2022 is that biometric scanning equipment didn’t work together. Reports say that telcos used contactless biometric devices for the exercise, while the NIA’s database uses contact scanners.Reports say that telcos used contactless biometric devices for the exercise, while the NIA’s database uses contact scanners. Because of this basic technical problem, even when biometrics were collected, they couldn’t be verified against the NIA’s records.Because of this basic technical problem, even when biometrics were collected, they couldn’t be verified against the NIA’s records. This was a failure in the procurement process that made the whole data collection exercise useless from the start.This was a failure in the procurement process that made the whole data collection exercise useless from the start. It wasn’t a small mistake in the administration.It wasn’t a small mistake in the administration. It shows that the procurement process worked on its own, without taking into account the system’s technical needs.It shows that the procurement process worked on its own, without taking into account the system’s technical needs. The Director-General of the NCA has since confirmed that a sample audit of about 2.3 million records found no successful biometric matches against the NIA database, even though 81% of them matched through facial verification.The Director-General of the NCA has since confirmed that a sample audit of about 2.3 million records found no successful biometric matches against the NIA database, even though 81% of them matched through facial verification. The exercise yielded facial data that could be utilized and biometric data that cannot, leading to a dual outcome that necessitates a specific response rather than a general reset.The exercise yielded facial data that could be utilized and biometric data that cannot, leading to a dual outcome that necessitates a specific response rather than a general reset.
A last registration?A last registration?
Hon. Sam George, the Minister of Communications, has called the 2026 exercise a “final” registration, a way to fix the problems that were left by previous rounds.Hon. Sam George, the Minister of Communications, has called the 2026 exercise a “final” registration, a way to fix the problems that were left by previous rounds. This framing needs to be looked at closely.This framing needs to be looked at closely. In fact, the conditions for a believable “final” exercise don’t exist yet.In fact, the conditions for a believable “final” exercise don’t exist yet. The legal framework that governs data custody, deletion, and inter-agency duties is still not complete.The legal framework that governs data custody, deletion, and inter-agency duties is still not complete. There have already been concerns about the lack of transparency and the fact that only one source will be used for the 2026 exercise.There have already been concerns about the lack of transparency and the fact that only one source will be used for the 2026 exercise. It is not yet clear if the Data Protection Commission has the power to oversee things.It is not yet clear if the Data Protection Commission has the power to oversee things. Without these foundations in place, calling the exercise “final” is more of a wish than a technical guarantee. Ghanaians have heard this kind of talk before.Without these foundations in place, calling the exercise “final” is more of a wish than a technical guarantee. Ghanaians have heard this kind of talk before.
There is also a basic question of balance.There is also a basic question of balance. Over 21 million biometric records have been collected, and about 30 million SIM cards have already been linked to the Ghana Card.Over 21 million biometric records have been collected, and about 30 million SIM cards have already been linked to the Ghana Card. The government has said that about 80% of identities have already been checked against NIA data.The government has said that about 80% of identities have already been checked against NIA data. This means that about 20% of subscribers are still unresolved.This means that about 20% of subscribers are still unresolved. It then turns into a problem of checking and confirming, not a reason to collect biometric data from all subscribers again.It then turns into a problem of checking and confirming, not a reason to collect biometric data from all subscribers again.
Substance of interagency coordination
The 2026 framework formally includes the NIA, NCA, Immigration Service, and Ministry of Foreign Affairs. There is now a broader institutional footprint than in previous exercises. This is a welcome structural change. But institutional presence on paper is not the same as functional integration, and the history of this exercise gives grounds for caution. The 2022 exercise nominally involved multiple agencies and still produced a data custody vacuum. The question for 2026 is not whether the right agencies are listed, but whether there are clear, legally binding protocols governing data transfer between them, defined timelines for inter-agency verification, and designated accountability when those protocols are breached. Without answers to those questions, the expanded agency list is a governance box-tick rather than a reform.
Technical contradictions in self-service
The government has pledged that, in part through self-service portals and digital-first registration methods, the 2026 exercise will do away with the lengthy lines that marked earlier rounds. Additionally, President Mahama has suggested that short code (USSD) could be used to finish some parts of the procedure. Although these promises are commendable, there is a serious technical inconsistency with them. According to cybersecurity experts, USSD is not theoretically able to meet the requirements for biometric verification. If biometric matching is required for NIA authentication, which forms the basis of the entire structure, then a USSD-based registration method is either circumventing that requirement or failing to fulfill the government’s stated obligations. Ghanaians need more than just a convenience guarantee from the government; they need a detailed technical explanation of how remote registration channels would adhere to NIA biometric criteria.
IMANI’s proposed architecture and safeguards
The logical and cost-effective path is not mass re-registration. It is a targeted verification and validation exercise—one that accounts for the 2022 biometric data, cleans and audits what is usable, and directs re-collection only at the 20% of subscribers whose identities remain unverified. This approach preserves existing investment, reduces cost to subscribers and the state, and eliminates the procurement rent-seeking that a full re-registration exercise enables.
The architecture for any new exercise should follow a ‘verify and forget’ model; telcos collect user identifiers, the NCA verifies against the NIA, the NIA returns a binary yes/no verdict, and the telcos activate or suspend the SIM accordingly. Biometric data is never transferred to telcos or vendors. Audit logs are maintained for all access. NIA retains exclusive custody of all biometric records. This model is privacy-preserving, technically sound, and substantially less expensive than mass re-collection. Seven safeguards must also be embedded in the legislative and operational framework: exclusive NIA custody of biometric data; verification-only data returns; minimised data collection; prohibition on cross-database matching to prevent the creation of a surveillance infrastructure; tamper-evident access logs; user access and control over stored information; and a verifiable right to confirm deletion of old biometric data.
Critically, a new Legislative Instrument is currently under review. Whether this L.I embeds the ‘verify and forget’ model, or whether it leaves the door open for data transfer to telcos and vendors will determine whether the 2026 exercise represents genuine reform or another iteration of the same cycle. The public is entitled to see the draft provisions of the L.I and to engage them before the exercise proceeds.
Conclusion
One recurring lesson from fifteen years and three unsuccessful exercises is that the system optimizes for contracts rather than results when procurement drives policy. There is not enough proof that this reasoning has changed in the 2026 re-registration process as it is now structured. It is necessary to stop the mass re-registration process. All purchase documents must be made public and the 2022 biometric data must be fully accounted for. After that, the exercise needs to be redesigned around the verify-and-forget architecture, controlled by an open procurement procedure, incorporated into a strong legislative framework, and actively monitored by the DPC. Coordination between agencies must be proven, not only stated.
Ghana has exhausted its tolerance for recurrent SIM registration failures underscored by ‘katanomics.’ Over 21 million biometrics were collected but never authenticated. Therefore, there is no technical basis for another mass registration exercise. But very technical, legal, and fiscal bases exist for a targeted, accountable verification exercise conducted transparently and at a fraction of the cost. That is what the government should be doing.
This Alert was prepared by the research team at IMANI’s Centre for Science, Technology and Innovation Policy. It was submitted to Cabinet when IMANI was consulted on the idea of SIM cards re-registration.
