Digital Business

In South Africa, digital business is governed by several key legislative and regulatory provisions:

• The Electronic Communications and Transactions Act (25/2002):
• • facilitates and regulates electronic communications and transactions;
  • provides legal recognition for electronic contracts and signatures; and
  • sets out rules for e-commerce businesses.
• The Electronic Communications Act (36/2005) governs:
• • electronic communications;
  • broadcasting services; and
  • the use of the radio frequency spectrum.
• It aims to:
• • promote competition;
  • ensure efficient use of the spectrum; and
  • protect consumer rights.
• The Protection of Personal Information Act (4/2013) regulates the processing of personal information by public and private bodies, ensuring that data is collected, stored and used responsibly and securely.
• The Independent Communications Authority of South Africa Act (13/2000) governs telecommunications, broadcasting, postal services sectors as well as associated equipment and devices. It:
• • ensures compliance with legislation;
  • promotes competition; and
  • protects consumer interests.
• The Consumer Protection Act (68/2008) promotes fair business practices and protects consumer rights. It applies to all transactions, including those facilitated digitally.
• The Competition Act (89/1998) plays a significant role in regulating digital business by:
• • promoting fair competition; and
  • preventing anti-competitive practices.

It is also important to consider other generally applicable laws which may apply to digital businesses, depending on the nature of the goods and/or services provided.

Yes, South Africa has specific regimes that apply to different sectors and/or types of products:

• Banking and financial services: The banking and financial sector is heavily regulated:
• • The Banks Act (94/1990) and the South African Reserve Bank Act (90/1989) govern:
  • • banking operations;
    • capital requirements; and
    • risk management.
  • The Financial Advisory and Intermediaries Services Act (37/2002) regulates the provision of financial advisory services.
  • The Financial Markets Act (19/2012) governs exchanges and securities trading, among other things. Collective investment schemes and insurance services are also specifically and extensively regulated.
  • The National Credit Act (34/2005) regulates the credit industry to ensure fair and transparent credit practices.
• Mining and minerals:
• • The Mineral and Petroleum Resources Development Act (28/2002) governs the exploration and extraction of mineral resources. It also includes provisions on:
  • • environmental management;
    • social and labour plans; and
    • community development.
  • The Mine Health and Safety Act (29/1996) provides for the health and safety of persons in mines, including any equipment and machinery.
• Healthcare and pharmaceuticals: The Medicines and Related Substances Act (101/1965) regulates the registration, manufacture and distribution of medicines and medical devices.

In South Africa, several key bodies are responsible for implementing and enforcing the digital business regime:

• Information Regulator: This body oversees the implementation of the Protection of Personal Information Act. It ensures that personal data is processed lawfully and securely, protecting individuals’ privacy rights.
• Independent Communications Authority: The Independent Communications Authority of South Africa Act (13/2000) and the Electronic Communications Act (36/2005) provide for the establishment of a regulatory body, the Independent Communications Authority, to enforce and implement the legislation.
• Banking and financial services authorities: The following regulatory bodies have been established to enforce the laws in the banking and financial industry:
• • the Financial Sector Conduct Authority;
  • the Prudential Authority;
  • the South African Reserve Bank; and
  • the National Credit Regulator.
• Competition: The Competition Commission and the Competition Tribunal are regulatory bodies established to enforce the Competition Act, promoting fair competition and preventing anti-competitive practices in the digital market, among other things. They have a mandate to:
• • investigate and approve mergers and acquisitions; and
  • investigate anti-competitive behaviour.
• National Consumer Commission: This body enforces the Consumer Protection Act (68/2008), ensuring that consumers’ rights are upheld in transactions, including those conducted online. Its primary focus is on:
• • fair business practices;
  • transparency; and
  • consumer education.
• Healthcare and pharmaceuticals: The South African Health Products Regulatory Authority ensures that products meet safety, efficacy and quality standards. It also facilitates the licensing and registration of such health products.

These bodies adopt a proactive and collaborative approach, focusing on:

• compliance;
• consumer protection; and
• the promotion of a competitive digital economy.

The regulatory bodies in South Africa are typically quite effective in enforcing their respective laws and regulations.

Section 1: Greg Shapiro, Tanya Waksman, Sarah Charlton

Digital business is relatively embedded in South Africa. Most entities, small and large, utilise digital tools to some degree in running their business; and there is even a measure of digital implementation within the informal sector (eg, mobile banking and low-cost electronic card machines). As in every other jurisdiction, the COVID-19 pandemic and the resultant lockdowns have accelerated digital transformation and dependency.

Despite these advancements, challenges remain. Digital penetration varies across industries, with traditional sectors still in the early stages of digital adoption. The barriers to widespread digital transformation include infrastructure issues such as:

• inconsistent internet connectivity in rural areas;
• the cost of internet connectivity; and
• education.

E-commerce, mobile financial services and cloud computing will play a crucial role in boosting the South African economy and fostering growth in related sectors such as retail, mining and logistics. As technology continues to advance, the adoption of digital strategies is vital for businesses across various sectors in South Africa.

The main players in South Africa’s digital economy are a mix of domestic, foreign and international companies. The e-commerce and digital health sectors are largely comprised of local businesses, while the banking, fintech and information technology sectors are generally comprised of a mix of each.

As more foreign and international businesses seek to enter the South African market, domestic companies must accelerate their digital transformation to ensure that they can compete with foreign and international companies.

These companies collectively drive innovation, create jobs and contribute to the overall growth of the digital economy in South Africa. The presence of domestic, foreign and international companies fosters a competitive environment that benefits consumers and businesses alike.

(a) E-commerce

South Africa’s e-commerce sector has seen significant growth, driven by increased internet penetration and mobile phone usage. Key features include a diverse range of online retail options, from fashion and electronics to groceries and health products. The sector benefits from a robust logistics network, enabling relatively efficient delivery services. The COVID-19 pandemic accelerated e-commerce adoption, especially in respect of groceries and food delivery, with many consumers preferring online shopping for its convenience and safety.

The major e-commerce players in South Africa are predominantly local/domestic businesses. These companies can offer services at reasonable prices and with decent turnaround times. Due to South Africa’s exchange control regime, the relative weakness of its currency and its geographic location, consumers typically prefer to patronise local/domestic businesses. However, as in other jurisdictions, there has been a notable rise in the use of, and purchases from, international low-cost e-commerce platforms that do not have a physical presence in the country.

(b) Fintech

South Africa has a well-developed financial sector, which is extensively and effectively regulated.

South Africa’s dynamic and rapidly evolving fintech sector encompasses a wide range of services, including:

• mobile payments;
• digital banking;
• lending; and
• insurance.

High smartphone usage and increased internet access have fuelled the growth of fintech in the country. Buy now, pay later payment services are also increasingly available on e-commerce platforms.

Fintech is still underutilised and underdeveloped in the informal business sector in South Africa and there is still heavy reliance on cash (at least in the informal sector).

The development of the fintech sector has been driven by the need to address financial inclusion – that is:

• providing financial services to unbanked and underbanked populations;
• catering for low-value transactions; and
• demanding convenient and simple financial systems.

The Intergovernmental Fintech Working Group was established in 2016 and includes a regulatory sandbox. Regulatory support from established and effective bodies such as the South African Reserve Bank and the Financial Sector Conduct Authority aims to foster innovation while ensuring economic and consumer protection. There are no separate regulations on fintech; rather, the current approach is to try to fit fintech within the existing regulatory regime. For example, the Financial Sector Conduct Authority has declared that crypto assets constitute a ‘financial product’ in terms of the Financial Advisory and Intermediary Services Act (37/2002).

(c) Digital health

South Africa has a large and well-established private healthcare system and an inadequate public health system. Digital health in South Africa is focused on improving healthcare access and quality through technology. Key features include:

• telemedicine services;
• mobile health applications; and
• electronic health records.

There are also government initiatives such as:

• the National Digital Health Strategy, which aims to integrate digital solutions into the public health system; and
• MomConnect, which provides health information and support to pregnant women by text message.

The digital health sector, while growing rapidly, is not as well developed as other countries. Collaboration between the public and private sectors is crucial to scale digital health innovations and provide the greatest benefit to patients.

Section 2: Greg Shapiro, Tanya Waksman, Sarah Charlton

(a) Online payments (including cryptocurrencies and digital wallets)

Online payments are regulated under:

• the Electronic Communications and Transactions Act (36/2005), which provides for the facilitation and regulation of electronic communications and transactions;
• the Financial Sector Regulation Act (9/2017), which regulates financial institutions, including electronic payment service providers; and
• the National Payment Systems Act (78/1998).

The South African Reserve Bank has legal responsibility for the national payment system, to promote its overall effectiveness, integrity, safety, efficiency and stability.

Buy now, pay later services are regulated as normal online transactions; however, they currently fall outside the ambit of the National Credit Act (34/2005).

As a general rule, cryptocurrencies are not specifically overseen by any central authority or regulated by any specific legislation. Cryptocurrencies are not considered legal tender in South Africa. However, the Financial Sector Conduct Authority (FSCA), under the Financial Advisory and Intermediary Services Act (37/2002), declared at the end of 2022 that crypto assets constitute ‘financial products’ under the act. This means that financial services relating to crypto assets are specifically regulated by the act, requiring – among other things – that such providers be licensed by the FSCA.

There are ongoing regulatory sandboxes and regulators have clearly stated that they intend to put in place a comprehensive fintech regulatory framework. This is a rapidly evolving and dynamic sector, so it is crucial to stay abreast of the latest requirements.

(b) Artificial intelligence

Artificial intelligence (AI) is not specifically regulated in South Africa, but there is legislation which regulates activities conducted by organisations using AI, including:

• the Protection of Personal Information Act (4/2013), with regard to the automatic processing of personal data;
• the Copyright Act (98/1978); and
• the Patents Act (57/1978), which may indirectly apply to AI-generated works.

Key considerations for digital businesses include ensuring:

• compliance with data protection laws to safeguard user privacy; and
• accountability and liability for AI-driven decisions and actions, which must be carefully evaluated to address potential legal and ethical implications.

(c) Connected devices/Internet of Things

South Africa lacks comprehensive regulatory frameworks tailored specifically to the Internet of Things (IoT) and connected devices. IoT technology, however, is not exempt from compliance with the Protection of Personal Information Act (4/2013). The National Data and Cloud Policy, which was established in 2024 in line with Section 3(1) of the Electronic Communications Act (36/2005), does refer to ‘IoT’ as an abbreviation, but does not yet specifically address IoT. We expect that more specific regulatory provisions will be established at a later stage.

(d) Other (eg, cloud services, quantum technology, chip technology)

The National Data and Cloud Policy, which was established in 2024 in line with Section 3(1) of the Electronic Communications Act (36/2005), is a framework aimed at efficiently managing and utilising data through cloud computing technologies. Its primary goal is to enhance government service delivery and foster socio-economic development by promoting data-driven decision making and creating data-based tradeable goods and services, thereby supporting an emerging digital economy.

Key principles of the National Data and Cloud Policy include:

• accelerating the rollout of digital infrastructure to ensure fast, secure and reliable broadband connectivity;
• ensuring data privacy and security;
• promoting open data and data interoperability; and
• adopting a cloud-first approach.

Section 3: Greg Shapiro, Tanya Waksman, Sarah Charlton

The Protection of Personal Information Act (4/2013) (POPIA) is the primary legislation governing the processing of personal data in South Africa.

The POPIA aims to give effect to the constitutional right to privacy; in doing so, it also deals with the limitations of this right. The purposes of the POPIA are to:

• regulate the manner in which personal information may be processed;
• provide persons with rights and remedies to protect their personal information from processing that is inconsistent with the POPIA; and
• establish measures – including the appointment of an Information Regulator – to ensure respect for and promote, enforce and fulfil the rights protected by the POPIA.

A marked difference with other jurisdictions is that the POPIA defines ‘personal data’ as data which relates to both natural and juristic persons.

The POPIA mandates that organisations, among other things:

• have a legal justification (listed in the POPIA) in order to process their personal data;
• implement robust security measures to protect this data;
• allow individuals to access their data;
• limit the use of personal data to the purposes for which it was collected; and
• ensure that data is accurate and up to date.

Specific implications/considerations for digital businesses include the following:

• Clear and transparent privacy policies should be implemented which inform users about data collection and usage, ensuring informed consent;
• Strong security measures, such as encryption and secure storage, should be implemented to protect personal data from breaches;
• Processes should be established for individuals to access, correct or delete their data upon request; and
• Regular reviews and updates of data protection practices should be conducted to maintain compliance, ensuring data accuracy and security.

Non-personal data is less stringently regulated in South Africa, but the National Data and Cloud Policy sets out guidelines for data sharing and security.

The POPIA does not apply to information which has been de-identified.

Key considerations for digital businesses include:

• data integrity – that is, ensuring the accuracy and reliability of non-personal data; and
• facilitating secure data-sharing practices.

Section 4: Greg Shapiro, Tanya Waksman, Sarah Charlton

The Cybercrimes Act (19/2020) is the primary legislation addressing cybercrime in South Africa. Portions of the Cybercrimes Act came into force and effect on 1 December 2021; the remainder of the act will take effect upon proclamation. The main objectives of the Cybercrimes Act are to deal with:

• offences relating to cybercrime;
• powers of investigation;
• the criminalisation of the distribution of harmful data messages;
• the provision of interim protection orders;
• evidence gathering;
• regulation of the jurisdiction of the courts;
• the establishment of a specified point of contact; and
• the reporting of obligations and related penalties.

Anyone that violates the Cybercrimes Act may face:

• a fine;
• up to 15 years’ imprisonment; or
• both.

The broad scope of jurisdiction established by the Cybercrimes Act means that the South African courts have the power to try:

• persons that are non‐South African citizens; and
• persons that commit crimes in other countries which affect a person or business in South Africa.

The Regulation of Interception of Communications and Provision of Communications-Related Information Act (70/2002) regulates and limits the interception and monitoring of direct and indirect communications. This is particularly important for any e-commerce business that:

• hosts its call centres online; or
• records telephone calls or other correspondence.

The POPIA also sets out the minimum cybersecurity safeguards that should be in place when processing personal information.

Key considerations for digital businesses include:

• obligations to report cyber incidents to authorities, ensuring prompt action and risk mitigation;
• the need to implement cybersecurity measures to protect data and systems, including:
• • advanced security protocols;
  • regular audits; and
  • up-to-date security patches; and
• potential legal consequences for failure to comply with cybersecurity regulations, such as:
• • fines;
  • legal action; and
  • reputational damage.

Section 5: Greg Shapiro, Tanya Waksman, Sarah Charlton

In South Africa, the primary statutes governing money laundering and other forms of financial crime are:

• the Financial Intelligence Centre Act (38/2001) (FICA);
• the Prevention of Organised Crime Act (121/1998) (POCA); and
• the Protection of Constitutional Democracy against Terrorist and Related Activities Act (33/ 2004).

Since South Africa’s grey listing in February 2023 by the Financial Action Task Force, there has been a drive to tighten and enforce financial regulation in the country.

The FICA establishes the Financial Intelligence Centre to combat money laundering and terrorist financing. It mandates that accountable institutions, including banks and other financial service providers:

• implement robust customer due diligence (CDD) measures;
• report suspicious transactions; and
• maintain comprehensive records.

The 2017 amendments to the FICA introduced a risk-based approach, allowing institutions to tailor their compliance efforts based on the risk profile of their clients.

The POCA:

• criminalises money laundering;
• mandates the reporting of suspicious activities; and
• provides mechanisms for the confiscation of proceeds derived from criminal activities.

The POCA’s provisions are crucial for digital businesses, especially those involved in financial transactions, as they must ensure that their platforms are not used to launder illicit funds.

The Protection of Constitutional Democracy against Terrorist and Related Activities Act focuses on preventing and combating terrorism and related activities. It requires institutions to report any transactions that may be linked to terrorist financing.

These financial regulations have significant implications for digital businesses, which must:

• implement stringent CDD processes;
• monitor transactions for suspicious activities; and
• ensure compliance with reporting requirements.

Failure to comply can result in severe penalties, including fines and imprisonment. Additionally, digital businesses must invest in robust cybersecurity measures to protect against financial crimes and ensure the integrity of their platforms.

Section 6: Greg Shapiro, Tanya Waksman, Sarah Charlton

Consumer protection measures in South Africa have specific implications for digital businesses. The primary statutes include:

• the Consumer Protection Act (68/2008); and
• the Electronic Communications and Transactions Act (25/2002) (ECTA).

The CPA aims to promote fair business practices and protect consumer rights across all transactions, including those conducted online. For digital businesses, this means ensuring transparency in:

• product descriptions;
• pricing; and
• terms of service.

The CPA:

• mandates that consumers have the right to clear and understandable information, which is crucial for online transactions where physical inspection of products is not possible; and
• provides consumers with the right to return goods and receive refunds under certain conditions, which digital businesses must accommodate.

The ECTA provides a legal framework for electronic transactions, ensuring that electronic contracts and signatures are legally recognised. It:

• requires digital businesses to implement secure and reliable systems for conducting online transactions; and
• mandates the protection of consumer data, aligning with the Protection of Personal Information Act (4/2013), which governs data privacy and security (see question 4).

These consumer protection measures necessitate that digital businesses:

• invest in robust cybersecurity measures to protect consumer data and ensure secure transactions;
• provide clear and accessible information about their products and services; and
• have mechanisms in place for handling returns and refunds.

Non-compliance can result in significant penalties, including fines and reputational damage.

Section 7: Greg Shapiro, Tanya Waksman, Sarah Charlton

South Africa does not impose digital services tax or similar tax on income derived by non-residents from the provision of digital services to South African customers. Income from digital services is subject to normal income tax rules. Under these rules, a non-resident is subject to income tax in South Africa on income derived from a South African source. Income derived from services rendered is generally held to be from the South African source if the services that gave rise to the income were physically rendered in South Africa. On the basis that digital services rendered by non-residents are generally rendered from offshore, income derived from such services will generally not be found to be from a South African source and thus will not be subject to income tax in South Africa. However, if income from digital services is found to be from a South African source, it still will not be subject to income tax in South Africa if:

• the non-resident recipient of the income is from a country that has concluded a double tax agreement with South Africa; and
• the income is not attributable to the non-resident’s permanent establishment located in South Africa.

However, a non-resident that provides digital services (referred to as ‘electronic services’ for value-added tax (VAT) purposes) to customers in South Africa must register for VAT and charge VAT on invoices issued to South African customers. Under the current rules, the non-resident must charge VAT irrespective of whether the South African customer is a registered VAT vendor.

South Africa has no specific rules that deal with the taxation of income from digital (electronic) services. However, non-residents that provide digital (electronic) services to South African customers must register for VAT and charge VAT on invoices issued to South African customers. A non-resident supplier of digital (electronic) services must register for VAT if:

• the recipient of the services is a resident of South Africa;
• the payment for the services originates from a bank registered under the Banks Act (94/1990) – that is, from a South African Bank; or
• the recipient of the services has a business, residential or postal address in South Africa.

Currently, VAT on digital (electronic) services applies irrespective of whether the South African customer to which the invoice is issued is a registered VAT vendor. During the 2024 budget speech, the minister of finance announced a proposal to change these rules such that non-residents will be required to register for and charge VAT on digital (electronic) services only if the South African customers to which they provide the services are not registered as VAT vendors. This proposal is awaiting enactment with a proposed effective date of 1 April 2025.

Section 8: Norman Mekgoe

South Africa has implemented several legal measures to facilitate digital cross-border trade, enhancing its integration into the global digital economy.

One of the key frameworks is the African Continental Free Trade Area (AfCFTA), which includes provisions specifically designed to boost digital trade across Africa. The AfCFTA’s e-commerce protocol addresses crucial aspects such as:

• data protection;
• cross-border data flows; and
• electronic payments.

This creates a more secure and streamlined environment for conducting digital transactions across borders.

South Africa has also adopted the Digital Trade Protocol under the AfCFTA. This protocol sets out rules for both traditional and digital trade, promoting regulatory alignment and common standards among African countries. Key provisions include:

• the free flow of data;
• bans on data localisation; and
• a prohibition on the imposition of customs duties on digitally transmitted products.

These measures help to reduce barriers and facilitate smoother digital trade.

The Electronic Communications and Transactions Act (25/2002) (ECTA) is another critical piece of legislation. The ECTA provides a legal framework for electronic transactions, ensuring that electronic contracts and signatures are legally recognised. This promotes trust and reliability in cross-border digital transactions.

Additionally, South Africa’s involvement in regional initiatives such as the Common Market for Eastern and Southern Africa has led to the adoption of measures such as:

• electronic document submission;
• electronic payments; and
• coordinated border management.

These initiatives aim to reduce trade barriers and enhance the efficiency of cross-border digital trade.

Digital cross-border trade presents several specific challenges and concerns for businesses in South Africa. One of the primary challenges is exchange control regulations, which require – among other things – that permission be obtained from the National Treasury, through the South African Reserve Bank (SARB) and authorised dealers (specific local banks mandated by the SARB), in order to export funds (and the right to funds) from South Africa. Digital businesses must consider these regulations when conducting cross-border transactions.

Exchange control regulations also restrict the export of intellectual property, including the licensing thereof, from South Africa. Applicants must show that, among other things:

• the transfer will take place at arm’s length; and
• the transaction will benefit the South African economy.

There is a level of uncertainty regarding the applicability and enforcement of exchange control regulations in respect of crypto assets and cryptocurrencies. According to the SARB and the Intergovernmental Fintech Working Group, which have both released statements regarding their position on crypto assets, crypto assets are considered capital and/or the right to capital and are therefore restricted from being exported without approval from the SARB. There are currently significant challenges to the enforcement of these regulations in relation to crypto assets, primarily arising because the nature of crypto assets is such that they generally lie outside of banking infrastructure. Regulators will need to expand their scope to crypto exchanges and other fintech businesses in order to properly enforce exchange control regulations in respect of crypto assets.

Section 9: Norman Mekgoe and Sarah Charlton

In South Africa, brand protection is governed by several key laws, including:

• the Copyright Act (98/1978), which protects, among other things, artistic works, songs, novels, computer software, photographs and other artistic works, including brand logos;
• the Trade Marks Act (194/1993), which:
• • protects trademarks that have been registered with the Companies and Intellectual Property Commission; and
  • prohibits the use of similar or identical trademarks to those that have been registered for the same or similar goods and/or services; and
• the Common Law, which protects trademarks and copyrights that have not been registered.

The digital landscape often makes it easier for IP infringers to operate, given that they can act anonymously and/or from various jurisdictions, which poses a challenge to brand enforcement. The digital landscape is rapidly evolving and digital technologies and trends are ever changing; thus, digital businesses in South Africa should:

• adapt their strategies to protect their brands; and
• ensure that they remain up to date with various technology and/or other trends in the industry.

Section 10: Greg Shapiro, Tanya Waksman and Emma Veysie

In South Africa, innovation in the digital business space is protected by various laws, including:

• the Copyright Act (98/1978); and
• the Trade Marks Act (194/1993).

Innovation is also protected by the Patents Act (57/1978), which protects inventions that are novel and inventive, including agricultural and technological innovations/inventions. Notably, computer programs are expressly excluded from being considered inventions in terms of the Patents Act. Patents are registered with the Companies and Intellectual Property Commission and give the inventor the exclusive rights to use, sell and/or manufacture the invention for a period of time. In South Africa, patented works are usually protected for 20 years from the date of filing the patent application with the Companies and Intellectual Property Commission.

Digital businesses should ensure that they have IP strategies to protect innovations, including:

• protecting inventions and technological advancements by filing for patents;
• securing copyrights for original works of authorship; and
• registering trademarks to protect brand names.

Further, digital businesses should ensure that they:

• implement strong measures to protect digital assets and data related to inventions from cyber threats/attacks;
• stay up to date with new technology laws and/or regulations to ensure compliance in respect of any innovative ideas and strategies; and
• educate their employees about the importance of:
• • protecting the business’s innovation and IP rights; and
  • understanding the business’s policies in respect of innovation and IP protection in the digital business landscape.

Section 11: Greg Shapiro, Tanya Waksman and Emma Veysie

Yes, South Africa’s competition regime is designed to:

• prevent anti-competitive practices; and
• promote fair competition in the South African economy.

The competition regime in South Africa is governed by the Competition Act (89/1998). The South African regulator, the Competition Commission, investigates, among other things:

• restrictive business practices;
• mergers;
• abuse of a dominant market position; and
• price discrimination by dominant firms.

It also undertakes formal inquiries, known as ‘market inquiries’, in respect of the general state of competition, levels of concentration in and structure of markets for particular goods or services. In particular, it has:

• undertaken market inquiries into the data services market and the distribution of media content on digital platforms, including search, social media and news aggregation platforms; and
• paid attention to the market features of online intermediation platforms that may impede, distort or restrict competition in South Africa.

The commission thus takes a proactive role and pays particular attention to digital platforms, looking at aspects such as:

• discriminatory fees;
• self-preferencing conduct;
• search;
• food delivery;
• e-commerce; and
• travel and accommodation.

From a merger perspective, there are specific threshold requirements for a merger to be notifiable to the commission. If the merging entities do not meet the requisite threshold, a mandatory notification to the commission is not required. The problem is that many transactions in the digital sector often escape the commission’s scrutiny, usually due to the size of the target. These transactions involve the acquisition of startups which have very low asset values or turnover at the time of acquisition (ie, small mergers). Accordingly, the commission has proposed amendments to its guidelines on smaller mergers whereby it must be informed of all small mergers and acquisitions where the merging parties operate in digital markets.

Section 12: Greg Shapiro, Tanya Waksman and Emma Veysie

Usually, when someone renders the types of services required of digital businesses, they are regarded as being independent contractors and not employees. However, this is not always the case and digital businesses must be mindful when concluding contracts with prospective employees or independent contractors as to how the envisaged relationship is to be governed.

If the person that renders services to the digital business is not an employee and is rather an independent contractor, he or she will not enjoy the rights and protections that ordinary employees enjoy under South African labour law.

In such instances, the relationship between the business and the independent contractor will be regulated by contract law and, more specifically, the terms agreed between the parties.

Of course, if the person who renders services to the digital business is an employee, he or she will enjoy all rights and protections afforded to employees. Apart from the usual rights and protections, South African legislation does not have specific implications for digital business.

There are no legislative provisions within South Africa which specifically govern remote working.

Despite this, there are certain important considerations which employers must bear in mind and guidelines which should be complied with when permitting employees to work remotely. In this regard, employers should have remote working polices in place which regulate how employees should work from home, as this luxury is often abused.

Working hours should also be kept front of mind. Apart from the importance of setting out ordinary working hours and days of work, if an employee earns below the earnings threshold as prescribed under the Basic Conditions of Employment Act (BCEA) – which, at the time of writing, is set at ZAR 254 371.67 per annum and is subject to annual change – employers must pay careful attention to the regulation of the employee’s working hours.

The BCEA states that employees’ working hours may not exceed:

• nine hours a day if they work for five days or less in any week;
• eight hours a day if they work for more than five days in any week; or
• 45 hours a week.

If an employee works in excess of the above hours, he or she is entitled to overtime pay and/or time off in lieu of overtime. These regulations also apply to employees who work remotely.

Digital businesses can explore various options to attract specialist talent from overseas, such as a proper global recruitment campaign. To this end, digital businesses must ensure that they advertise job opportunities internationally and, in doing so, highlight that the advertised position is a remote working opportunity, offering flexible working hours.

By offering flexible work arrangements such as remote work options or relocation support, digital businesses can further entice specialists who value work-life balance or prefer working from their home country.

Should remote working not be a viable option for a digital business, employers can offer visa support as part of the employment offer, as well as a housing allowance.

Digital businesses can seek to collaborate with entities such as universities or other businesses that already have an established online presence and footprint. In doing so, they can offer internships and, through their collaborative partners, attract top talent from abroad.

In a further attempt to attract overseas talent, digital businesses can host informative seminars to:

• provide prospective employees with insight into the work to be conducted; and
• more importantly, illustrate their cultural inclusivity and conducive working environment.

Section 13: Sandro Milo, Nadia Smith and Sean Fourie

Digital business presents several environmental challenges and concerns that need careful consideration:

• Energy consumption: Digital businesses – especially those that rely on artificial intelligence (AI), data centres and cloud computing – consume significant amounts of energy. Data centres require constant power for servers and cooling systems, contributing to high carbon emissions. Recently, the likes of Microsoft, Amazon and Google have been exploring the use of nuclear energy to fuel their AI usage requirements: Microsoft plans to purchase power from the Three Mile Island Plant, while Amazon and Google are partnering with startup energy companies for the development and use of small modular reactors.
• E-waste: Given the rapid pace at which technological advancement takes place, coupled with the built-in obsolescence of many hardware products, frequent hardware upgrades and disposal are needed, resulting in substantial volumes of e-waste. The improper disposal of electronic devices can release harmful substances into the environment. Digital businesses must thus consider and implement effective e-waste management strategies.
• Carbon footprint: The digital economy contributes to greenhouse gas emissions through the production, use and disposal of electronic devices. Again, this requires digital businesses to reduce their carbon footprint by adopting sustainable environmental practices and programmes.
• Resource depletion: The production of electronic devices involves a significant volume of rare earth metals and other finite resources. Such resources are located in a limited number of locations, some of which are in underdeveloped nations. Over-extraction of these materials can lead to environmental degradation and resource scarcity, as well as long-term ecological consequences.

Digital business presents several social challenges and concerns that need careful consideration:

• Digital divide: One consequence often overlooked is the digital divide – that is, the gap between those who have access to digital technologies and those who do not. While digital business drives economic growth and development, it can also exacerbate inequalities by excluding marginalised communities who often lack access to technology or otherwise face barriers to digital accessibility, literacy and opportunities. It is important to promote digital accessibility and inclusion through education programmes and affordable and practical access to technology
• Job displacement: While digital businesses can create new job opportunities, automation and digital transformation can lead to job displacement, particularly in sectors that:
• • rely heavily on manual labour; or
  • have intense process-driven requirements.
• Privacy concerns: The collection and use of personal data by digital businesses raise significant privacy concerns. Consumers are increasingly worried about how their data is being used and protected, particularly in light of various data breaches both locally and abroad.
• Mental health: The ‘always-on’ nature of social media and digital business can contribute to stress and burnout among employees. Remote work, while offering flexibility, can also blur the boundaries between work and personal life.

Digital business presents several governance challenges and concerns that need careful consideration:

• Data privacy and security: With the increasing amount of data being generated and processed on a daily basis, data privacy and security are critical and of major concern.
• Cybersecurity threats: Digital businesses are prime targets for cyberattacks. Governance frameworks and strategies must be robust and cybersecurity measures implemented to protect against data breaches, ransomware and other cyber threats.
• Compliance and legal risks: The digital sector is advancing at a rapid pace and is far outpacing the development of the legislative framework that governs the digital space. Furthermore, digital businesses operate across multiple jurisdictions, each with its own set of regulations, regulators and stakeholder interests. Compliance with such diverse legal requirements poses a significant challenge and requires:
• • the implementation of comprehensive risk management strategies; and
  • the development of ethical guidelines for data use and particularly the use of artificial intelligence.

Section 14: Greg Shapiro, Tanya Waksman and Sarah Charlton

The South African economy, like other economies, is digitising rapidly. This means that citizens and consumers from both the private and public sectors access most services on digital platforms through electronic devices. Businesses in South Africa are capitalising on technological opportunities to drive profitability, efficiency and innovation.

The prevailing trends which are reshaping various local industries in South Africa include the following:

• E-commerce growth: The e-commerce market in South Africa continues to grow as businesses capitalise on the expanding internet user base, resulting in more consumers shopping online. Larger international e-commerce companies are establishing themselves in South Africa.
• Data centres and cloud computing: Businesses are increasingly recognising the value of cloud computing in:
• • enhancing operational efficiency;
  • reducing infrastructure costs; and
  • improving accessibility.
• Data centre development is growing at a rapid pace in South Africa.
• Artificial intelligence (AI) integration: AI is helping organisations to automate routine tasks and provide data-driven insights, which helps them to make informed decisions and improve customer experiences.
• Internet of Things (IoT) and connected devices: Use of the IoT and connected devices is increasing, providing businesses with the opportunity to connect devices and systems that facilitate successful data analysis and exchange.

The recently published National Cloud and Data Policy aims, among other things, to:

• enhance data security;
• facilitate digital transformation; and
• improve public service delivery.

We expect to see developments in this direction in the coming years and perhaps additional legislation and/or regulations related to the regulation of cryptocurrencies.

Section 15: Greg Shapiro, Tanya Waksman and Sarah Charlton

Regulators are generally slow to respond to the rapid growth of technology and digital businesses, and in South Africa this is particularly true. While this can create opportunities for businesses, it is also results in a level of uncertainty. Digital businesses should:

• maintain a clear picture of the regulatory landscape;
• keep informed about regulatory updates; and
• be intuitive about the future of their respective industries.

For digital businesses conducting cross-border trade, as well as foreign investors, it is crucial to consider and comply with tax and exchange control regulations in South Africa.

It is also important for digital businesses to safeguard their intellectual property. This includes registering trademarks, copyrights and/or patents in order to protect brands, content and innovations from infringement. The conclusion of appropriate IP assignment agreements and non-disclosure agreements with employees, partners and vendors is necessary to protect intellectual property and prevent infringement.

Another paramount concern is data privacy and protection. Businesses must comply with local laws such as the Protection of Personal Information Act (4/2013) and global data protection regulations such as the General Data Protection Regulation. Establishing clear privacy policies and securing data through encryption and other cybersecurity measures can help to mitigate risks.

Cybersecurity is additionally a significant consideration. The implementation of robust security measures to protect business and customer data from cyber threats is not only best practice but also a legal requirement. Regular audits and updates of these security measures can help to prevent data breaches and the associated legal consequences.

Finally, comprehensive user terms of sale and service are essential for digital businesses. These documents should clearly outline the rights and responsibilities of both the business and its customers, which will help to avoid legal disputes and limit potential liability.

Section 16: Greg Shapiro, Tanya Waksman and Sarah Charlton