South Africa POPIA

Protection of Personal Information Act (POPIA)

South Africa's comprehensive data protection law. Section 71 restricts automated decisions. Film and Publications Amendment Act adds chatroom safety duties.

Jurisdiction

South Africa

Enacted

Nov 19, 2013

Effective

Jul 1, 2021

Enforcement

Information Regulator South Africa

POPIA Portal

Why It Matters

Largest African economy; Section 71 applies to AI mental health recommendations. Gateway for African market.

Recent Developments

National AI Policy Framework (Oct 2024) signals future AI legislation. Information Regulator increasingly active.

At a Glance

Requires

Transparency User Rights Data Minimization

Who Must Comply

Responsible parties processing personal information in South Africa
Foreign entities processing SA residents' data

Obligations fall on:

Safety Provisions

Section 71: Prohibition on decisions based solely on automated processing with legal/significant effects
Sections 26-33: Special personal information (health, children) requires explicit consent
Section 35: Children's data requires parent/guardian consent
Film and Publications Amendment: Chatroom safety; child protection for digital services
Mandatory breach notification

Compliance & Enforcement

Penalties

ZAR 10M; criminal (up to 10yr)

Criminal liability

Primary Source

POPIA Portal

https://popia.co.za/

View on map

South Africa

Focus Areas

Mental health & crisis

Child safety

Algorithmic accountability

Active safeguards required

Cite This

APA

South Africa. (2013). Protection of Personal Information Act (POPIA).

Related Regulations

In Effect ZM

Zambia DPA

Zambia's comprehensive data protection law with special protections for vulnerable persons and DPIA requirements for high-risk processing.

In Effect BW

Botswana DPA

Botswana's modernized data protection law requiring Data Protection Impact Assessment and establishing age 16 for consent.

In Effect SC

Seychelles DPA

Seychelles' modern data protection law requiring DPO for large-scale processing and recognizing Cross-Border Privacy Rules certification.

In Effect RW

First African country to adopt comprehensive national AI policy. Establishes Responsible AI Office (RAIO) under MINICT. Implements RURA ethical guidelines covering beneficence, non-maleficence, autonomy, justice, explicability, transparency. Non-binding framework.

Proposed KE

Kenya AI Bill

First comprehensive AI bill in Sub-Saharan Africa. Proposes creation of AI Commissioner, AI Authority, and Advisory Committee. Establishes risk-based regulatory model aligned with EU AI Act framework, criminalizes harmful deepfakes, and mandates AI content labeling.

In Effect US

White House AI Legislative Framework

Non-binding White House framework outlining seven legislative pillars for Congress, including child safety protections, federal preemption of state AI laws, liability limitations for AI developers, intellectual property protections, free speech safeguards, AI infrastructure investment, and workforce development. Calls for a unified national standard superseding state AI regulations while preserving state child safety, consumer protection, and anti-fraud laws.

All regulations Check if this applies to you

Last updated February 17, 2026. Verify against primary sources before relying on this information.