South Africa POPIA
Protection of Personal Information Act (POPIA)
South Africa's comprehensive data protection law. Section 71 restricts automated decisions. Film and Publications Amendment Act adds chatroom safety duties.
Jurisdiction
South Africa
Enacted
Nov 19, 2013
Effective
Jul 1, 2021
Enforcement
Information Regulator South Africa
Why It Matters
Largest African economy; Section 71 applies to AI mental health recommendations. Gateway for African market.
Recent Developments
National AI Policy Framework (Oct 2024) signals future AI legislation. Information Regulator increasingly active.
At a Glance
Who Must Comply
- Responsible parties processing personal information in South Africa
- Foreign entities processing SA residents' data
Safety Provisions
- Section 71: Prohibition on decisions based solely on automated processing with legal/significant effects
- Sections 26-33: Special personal information (health, children) requires explicit consent
- Section 35: Children's data requires parent/guardian consent
- Film and Publications Amendment: Chatroom safety; child protection for digital services
- Mandatory breach notification
Compliance & Enforcement
Penalties
ZAR 10M; criminal (up to 10yr)
Primary Source
POPIA Portal
https://popia.co.za/
View on map
South Africa
Focus Areas
Cite This
APA
South Africa. (2013). Protection of Personal Information Act (POPIA).
Related Regulations
Zambia DPA
Zambia's comprehensive data protection law with special protections for vulnerable persons and DPIA requirements for high-risk processing.
Botswana DPA
Botswana's modernized data protection law requiring Data Protection Impact Assessment and establishing age 16 for consent.
Seychelles DPA
Seychelles' modern data protection law requiring DPO for large-scale processing and recognizing Cross-Border Privacy Rules certification.
Rwanda AI Policy
First African country to adopt comprehensive national AI policy. Establishes Responsible AI Office (RAIO) under MINICT. Implements RURA ethical guidelines covering beneficence, non-maleficence, autonomy, justice, explicability, transparency. Non-binding framework.
Kenya AI Bill
First comprehensive AI bill in Sub-Saharan Africa. Proposes creation of AI Commissioner, AI Authority, and Advisory Committee. Establishes risk-based regulatory model aligned with EU AI Act framework, criminalizes harmful deepfakes, and mandates AI content labeling.
White House AI Legislative Framework
Non-binding White House framework outlining seven legislative pillars for Congress, including child safety protections, federal preemption of state AI laws, liability limitations for AI developers, intellectual property protections, free speech safeguards, AI infrastructure investment, and workforce development. Calls for a unified national standard superseding state AI regulations while preserving state child safety, consumer protection, and anti-fraud laws.
Last updated February 17, 2026. Verify against primary sources before relying on this information.