Solly Malatsi, communications and digital technologies minister. (Source: South African Government News Agency.)
Cabinet has approved the publication of the Draft South Africa Artificial Intelligence (AI) Policy for public comment, it said at the end of last week, with the policy likely to be implemented in the 2027/28 financial year.
“The aim of the AI policy is to ensure that both the benefits and risks brought by AI are evenly distributed across society and generations,” it says in a statement.
Law firm Baker McKenzie says on its website that the policy entering into the Cabinet approval process signals “a decisive shift from high-level principles to concrete regulatory development”.
Cabinet explains that the policy aims to strengthen government’s ability to regulate and adopt AI responsibly, while encouraging local innovation, supporting job creation and improving access to AI skills.
The Department of Communications and Digital Technologies (DCDT) has indicated that it seeks development outcomes such as improved public service delivery, expanded digital economic participation, and enhanced quality of life for citizens.
The policy is structured around six core pillars aimed at promoting the responsible development and ethical deployment of AI:
- Capacity and talent development,
- AI for inclusive growth and job creation,
- Responsible governance,
- Ethical and inclusive AI,
- Cultural preservation and international integration,
- Human-centred deployment.
Last week’s statement followed the department indicating, at the end of February, in a Parliamentary presentation that the draft policy was going through the Cabinet approval processes and was set to be published for public comment in the next few months.
In that presentation, DCDT said regulations and guidelines were slated to be developed in 2027/28 alongside the implementation of the national policy.
SA’s journey to an AI policy started in 2024. (Image generated with GenAI.)
Yet, Ellipsis said on its website towards the end of February following the department’s presentation that “there is concern about how long this process is taking, with finalisation of the policy now only likely in 2027”.
Government’s AI policy has been in the works since the release of a Draft National AI Plan discussion document in April 2024, with a national policy framework for AI published that August.
Communications and digital technologies minister Solly Malatsi, in a wide-ranging interview with ITWeb TV, said last October that South Africa was getting closer to having a finalised national artificial intelligence (AI) policy.
Cabinet notes that the “policy recognises that a phased approach should be adopted, as AI deployment and risk profiles differ across sectors”.
In the DCDT’s presentation, it says that this proposed roll out schedule includes the development of national ethical guidelines and standards, alignment with existing data protection and cybersecurity frameworks, collaboration with industry, academia, and civil society, followed by a phased adoption across priority sectors.
Baker McKenzie says that this approach recognises that AI deployment and risk profiles differ significantly across sectors.
“AI in healthcare, for example, presents distinct ethical and safety considerations when compared to AI used in financial services, telecommunications or public administration,” it says.
Baker McKenzie says AI governance will likely overlap with existing regulatory obligations – including conduct, risk management, data protection and cybersecurity – embedding accountability within current frameworks rather than introducing a standalone regime.
Perhaps the most significant structural revelation from the DCDT in February was the decision not to create a single AI Regulator, says Baker McKenzie. Instead, oversight will be distributed among existing authorities, the firm says.
“This multi-regulator model represents a coordinated oversight approach rather than the creation of a centralised AI regulator,” it says.
Kabelo Dlothi, co-head of Corporate & Commercial at legal company CMS, explains that, in the absence of a standalone statutory framework regulating AI, the processing, monitoring, storage and other uses of data and data governance are generally regulated by existing legislation.
This includes the Protection of Personal Information Act, the Consumer Protection Act, the Electronic Communications Act as well as the Electronic Communications and Transactions Act.
“The Cybercrimes Act, which was intended to create offenses which have a bearing on cybercrime, sets out procedures and compliance requirements relating to the access, and seizure of digital assets like computers, databases, or networks. This broadly and indirectly affects the use of AI in SA telecommunications networks,” says Dlothi.
In addition, Dlothi said, the Copyright Act and Patents Act indirectly regulates work generated by AI in SA.
PH Attorneys says this policy “will set the foundation for future AI laws (hopefully a National AI Act) which will guide the lawmakers’ decisions on how AI should be governed in SA”.
A candidate legal practitioner at the company, Wisani Maluleke, writes “AI regulation in SA is evolving.”
