In short, the practical machinery to curb unsolicited electronic marketing under the CPA is finally in force.

While privacy enforcement under other statutes remains important in the broader ecosystem, these Regulations make clear that, within the Consumer Protection Act (“CPA“) framework, the  NCC now has custody of the national opt‑out registry and the associated compliance lifecycle for direct marketers, thereby addressing persistent concerns about spam call and messages.

The Regulations are issued by the Minister of Trade, Industry and Competition under section 120(1)(a), read with section 11(6), of the CPA, following consultation with the NCC and provincial consumer regulatory authorities, which situates the new regime squarely within the CPA’s consumer rights to restrict unwanted direct marketing.  The Regulations amend the 2011 Consumer Protection Act Regulations by adding three annexures, reflected as Annexures N, O and P, which supply the operative forms and tariff schedules required to run a functioning opt‑out and direct‑marketer registration system. The amended Regulations states expressly that it comes into effect on the date of publication of the Notice, which means the obligations and processes described are already live as of 15 April 2026.

The reliance on section 11(6) is significant because section 11 of the CPA addresses a consumer’s right to restrict unwanted direct marketing, and the amendments implement the mechanics for that right through a Commission‑run registry, rather than leaving it as an unenforced principle.

The Regulations introduce a defined concept of “cleansing”, which is described as the process of removing consumers who have opted‑out of electronic communication from a direct marketer’s database to ensure they are no longer contacted. This is important because it transforms the opt‑out right into a recurring operational duty on marketers.  The term “direct marketer” is expressly defined to capture any person who engages in direct marketing, thereby pulling both traditional and digital outreach actors within the compliance perimeter regardless of specific channel. The Regulations also define an “electronic communication recipient” as a consumer who receives electronic communication from a direct marketer and has registered a pre‑emptive block, which clarifies that registry protection attaches to recipients who have taken the step to opt‑out.

The pivotal instrument for exercising that protection, “pre‑emptive block”, is defined as registering a block on the opt‑out registry established by the Commission to prevent unwanted electronic communications from direct marketers.

Collectively, these definitions move compliance from general notions of consent and preference into a concrete taxonomy that underpins duties to register, verify, and purge marketing databases against the official registry.

The amended Regulation 4 makes clear that the opt‑out registry is administered by the Commission, and it must be accessible at all times, save for unforeseen technical interruptions, to all persons in the Republic for the purpose of registering a pre‑emptive block, which positions the NCC as the operational hub and guarantees public access to exercise the opt‑out right. The Regulations require direct marketers to register on the Commission’s opt‑out registry using the dedicated Direct Marketer Registration Form, which internalises a single point of onboarding into the system for all entities engaging in direct marketing. A corresponding Consumer Pre‑emptive Block Form specifies the data elements a consumer must provide to register a pre‑emptive block, embedding a standardised, recordable process for opt‑outs. To preserve integrity and privacy of registry information, the Commission must use information it receives solely to operate the opt‑out registry and may not disclose confidential information without consent, except where required by law, which both limits secondary use and recognises lawful disclosure obligations. The Commission is also obliged to verify all information submitted for registration with other relevant state organs before registering profiles, to publish guidance on its website for consumers and direct marketers on how to use the registry, and to inform the public if the registry is unavailable for 24 hours or more, which together create a governance framework for accuracy, transparency and service continuity.

At its core, the Regulations impose a hub‑and‑spoke compliance model in which every direct marketer must register on the opt‑out registry and must renew that registration annually on the anniversary date by paying the prescribed renewal fee, thereby ensuring that only current, identified entities interface with consumers for direct marketing. Each direct marketing communication must enable the recipient to identify the name, electronic address, physical address and contact number of the direct marketer, and any communication transmitted to a recipient’s device must itself be identifiable, which elevates transparency and traceability across channels. The marketer must ensure that information kept on the opt‑out registry is up to date, must be identifiable even on public platforms, and may not disseminate electronic communication from a public platform where the originator is unidentifiable, which closes anonymity loopholes in social or messaging contexts. A categorical prohibition is placed on direct marketing to any consumer who has registered a relevant pre‑emptive block, and marketers may not contact any consumer for purposes of direct marketing unless the marketer is registered on the opt‑out registry, which together create both a substantive contact bar to protect opted‑out consumers and a procedural registration gate for all outbound marketing activity. Crucially, marketers must remove from their databases all data of persons who have registered a relevant pre‑emptive block by “cleansing” such data monthly with the Commission, translating the opt‑out registry into a recurring data‑hygiene obligation rather than a one‑off scrub.

For marketing teams, the immediate implication is that registration on the NCC’s opt‑out registry is now a gatekeeping requirement for any direct marketing contact, and failure to register forecloses lawful outreach regardless of consent arrangements a marketer may believe it holds, because contact is prohibited unless the marketer is registered.  Transparency rules requiring identification of the marketer and contact details in every electronic communication, and prohibitions on unidentifiable dissemination from public platforms, will make it harder for bad actors to hide behind generic handles or anonymous broadcasts when engaging in promotional outreach. From a consumer‑experience perspective, universal public access to register pre‑emptive blocks, combined with Commission website guidance and uptime communication commitments, creates the infrastructure necessary for scale adoption of opt‑out protections, which should, in practice, reduce unsolicited electronic marketing as registry coverage expands.

Organisations engaging in any form of direct marketing should register on the NCC opt‑out registry without delay, and templates for electronic communications should be updated immediately. Consumers who wish to cease unsolicited electronic marketing can complete the Annexure O form to register a pre‑emptive block and should keep their registry information current to maintain effective protection, in line with Commission guidance available on its website.

The message is clear: responsibility for curbing unsolicited direct marketing is now distributed through a concrete CPA compliance machinery anchored by the NCC’s opt‑out registry, and marketers must adapt their processes immediately to the new rule set.

The post Do not call me I’ll call you …… South Africa’s 2026 CPA Amendment Regulations: operationalising the national opt‑out regime for direct marketing and shifting day‑to‑day anti‑spam responsibility to the National Consumer Commission appeared first on Werksmans Attorneys.

The decision in Trustees, Inkwazi Trust v Skema Holdings Proprietary Limited [1] is a measured but firm application of section 131 of the Companies Act 71 of 2008 (the “Companies Act”). It demonstrates how the existing principles will be applied where business rescue is invoked in response to sustained creditor pressure. What emerges clearly is that access to business rescue is not automatic. The Court will interrogate, at the outset, whether the statutory requirements have been properly met on the evidence provided in the application.

Section 131(4)(a) of the Companies Act 71 of 2008 provides that, after considering an application, a court may place a company under supervision and commence business rescue proceedings if it is satisfied that the company is financially distressed, or has failed to pay over any amount in terms of an obligation under or in terms of a public regulation or contract with respect to employment-related matters, or that it is otherwise just and equitable to do so for financial reasons, and that there is a reasonable prospect of rescuing the company.

In this case, the enquiry turned on whether Skema Holdings was financially distressed and whether such a prospect had been established. The Court reaffirmed that this is not a superficial exercise. While an applicant is not required to prove that rescue will succeed, there must be a proper factual foundation demonstrating a realistic and workable pathway to that outcome. Assertions that a restructuring is possible, or that value exists within a broader commercial structure, are insufficient without supporting detail. The enquiry is forward-looking, but it must be grounded in objective, ascertainable facts.

A central issue was the manner in which the applicants framed Skema Holdings’ position within the broader group of companies. Considerable reliance was placed on group-level value, including property holdings and operational activities said to exist elsewhere in the structure. The Court rejected this approach. It made it clear that the enquiry under section 131 is confined to the affairs of the company before it. The existence of value, operations or employment within the group does not, without more, establish that the company itself is capable of rescue.

Once that distinction is applied, the deficiencies in the applicants’ case become apparent. The Court was not satisfied that Skema Holdings was shown, on the founding papers, to conduct a meaningful operational business. The position regarding the “axle business”, which was relied upon as evidence of ongoing activity, was not clearly articulated at the outset. The explanation as to how that business remained attributable to Skema Holdings, only emerged after it had been challenged in opposition. This, in the Court’s view, pointed to a case that evolved in response to criticism rather than one that was properly formulated from inception.

The same difficulty arose in relation to the asset base. The proposed rescue depended materially on immovable properties, yet many of these were held by subsidiaries and were encumbered. The founding affidavit did not set out how those assets could be lawfully accessed or deployed for the benefit of Skema Holdings. Although further explanations were provided in subsequent affidavits, they did not adequately address the constraints posed by ownership structures and secured creditor rights. The Court was not persuaded that value located within the group could simply be translated into a workable rescue for the company itself.

This fed directly into the assessment of the proposed rescue strategy. The applicants relied on a combination of allegations of property realisation and prospective funding to address the company’s indebtedness. However, the evidence put up consisted largely of indicative proposals and transactions that were incomplete or conditional. The implementation of the rescue strategy depended on future events, including the cooperation of creditors and the conclusion of further agreements. The Court accepted that business rescue is inherently forward-looking, but emphasised that the proposed plan must be supported by evidence demonstrating that it can be implemented. On the facts, that threshold was not met.

The reliance on employment considerations did not alter this conclusion. While the preservation of employment is a recognised objective of Chapter 6 of the Companies Act, the employees relied upon were not shown to be employees of Skema Holdings itself. Their positions were linked to other entities within the group. As a result, the broader impact on employment did not establish that the company before the Court had a viable business capable of rescue.

The manner in which the case was advanced also weighed against the applicants. A series of supplementary affidavits were filed in response to issues raised by the respondents, introducing material that was not contained in the founding papers. Although the Court admitted this material, it emphasised that an applicant must stand or fall by its founding affidavit. The incremental development of the case was relevant in assessing whether a coherent factual basis for rescue existed at the time the application was launched. The Court found that it did not.

Timing was a further consideration. The application was launched after the winding-up proceedings had been argued and judgment reserved. While business rescue may, in principle, be invoked at any stage, the Court emphasised that timing remains relevant in assessing the bona fides of the application. In the context of the evidential shortcomings identified, the timing supported the inference that the application was, at least in part, aimed at delaying the consequences of liquidation.

On the evidence before it, the Court held that the applicants had not established a reasonable prospect of rescuing Skema Holdings. The company’s financial position, the absence of a clearly established operational business, and the reliance on assets and transactions not shown to be within its control, undermined the rescue case. The proposed plan was contingent and insufficiently substantiated.

The application was dismissed, as was the strike-out application, with costs awarded against the applicants.

The judgment underscores the importance of a properly substantiated business rescue application. A business rescue application must demonstrate, on the papers, that the company itself has a viable business and a plan that is capable of implementation. Reliance on group value, anticipated transactions or future cooperation will not meet that standard.

[1] Trustees, Inkwazi Trust v Skema Holdings (Pty) Ltd [2026] ZAKZDHC (13 April 2026).

The post Business Rescue Applications Under Scrutiny: business rescue orders are not there for the taking! appeared first on Werksmans Attorneys.

But the industrial reorganisation now underway around artificial intelligence is arguably the most consequential structural shift for competition policy since the rise of the digital platform economy in the 2010s. It is also submitted that in some respects it is more challenging, because it is happening faster, across more sectors simultaneously, and with a degree of vertical integration that makes traditional market definition genuinely difficult.

After studying the PitchBook’s December 2025 AI Outlook: The Great Competition Wars Have Begun [1], a research report analysing various sectors, presenting unusually granular evidence of where capital, market share, and M&A activity are concentrating, we deemed it of sufficient insight to pen this article.

Our aim with this thought piece is to equip boards, general counsel, and deal teams with a clear assessment of where the competition law risk actually lies, not where the headlines suggest it does.

The Shape of the Problem: Who Controls What, and Why It Matters

The AI economy is not one market. It is a stack, and competition concerns differ sharply depending on which layer you occupy.

At the base sits the compute and datacentre layer, where the global build-out for AI infrastructure is approaching one trillion dollars annually. That figure alone tells us something important about barriers to entry: this is not a market that a well-funded startup can meaningfully contest from scratch. The capital requirements are enormous, the lead times for power and cooling infrastructure are measured in years, and the physical constraints, grid capacity, permitting, energy supply, are binding in ways that no amount of venture capital can overcome quickly. Clean energy integration, grid management, and distributed energy resource management are becoming necessary complements to datacentre scale, and the players best positioned to secure those inputs are, unsurprisingly, the ones who already have them.

Above compute sit the foundation models. This is the layer that, we submit, presents the most acute competition concerns. PitchBook’s data confirms what practitioners have long suspected: foundation model providers have captured the bulk of AI deal value, capital formation remains “heavily concentrated” around a limited number of large-scale model builders, and these providers are “becoming the default infrastructure for a growing share of enterprise AI workloads“.  Their scale, model performance, and integration depth give them what the report describes as “clearer business durability than most application-layer startups“.

The economic logic is straightforward and familiar from prior platform cycles: as inference becomes a recurring utility service, as workflows increase usage density, and as enterprises lock into multiyear computing platform commitments, switching costs compound and the installed base becomes progressively harder to displace.

For competition lawyers, the language of “default infrastructure” and “multiyear platform commitments” should trigger immediate recognition. These are the structural preconditions for dominance, not necessarily dominance today, but the kind of durable market power that, once established, is exceptionally difficult to unwind through ex post enforcement alone.

Above the model layer are the application, and sector-specific layers, where the dynamics differ but are no less important. Here, the PitchBook analysis reveals a pattern of rapid adoption by sector incumbents who are acquiring AI capabilities to defend entrenched positions, in healthcare, agriculture, cybersecurity, enterprise software, and e-commerce, among others. The competitive risk in these sectors is that AI will entrench the advantages of those who already control distribution, data, and customer relationships.

Barriers to Entry: The New Moats

We have spent years advising clients on what constitutes a durable barrier to entry. The AI cycle introduces some familiar moats in new guises, and at least one that is genuinely novel.

Data. The PitchBook report is emphatic that durable advantage in AI rests on “unique data moats” and deep integration into enterprise workflows. In enterprise SaaS, the marketing and analytics niches are “saturated with undifferentiated tools,” and the startups that lack proprietary data and workflow ownership face rapid commoditisation.  In fintech, the CFO stack exhibits the same pattern: without proprietary data, domain depth, or workflow ownership, products converge on similar automation use cases and pricing pressure erodes margins. In agtech, the major crop science companies, Corteva, Bayer, Syngenta, have built precision platforms (Granular, Climate FieldView, Cropwise) that integrate machine and imagery data at scale, creating what the report calls “the default enterprise solution” while marginalising independents that lack integration into these dominant ecosystems. These are barriers: the more data a platform accumulates over time, the more formidable they become.

Compute and energy. We have already noted the trillion-dollar infrastructure build-out. What deserves emphasis is that access to compute is not simply a function of money. GPU supply is constrained. Energy capacity is constrained. Cooling technology is still maturing. The firms best positioned to secure these inputs are those with existing data centre footprints, long-term energy contracts, and the balance sheets to make speculative capacity commitments years in advance. Building a next-generation database or vector store is described by PitchBook as “a capital-intensive R&D endeavour requiring patient, long-term capital“. Warehouse robotics deployment remains “expensive, limiting the domain to leaders such as Amazon and Walmart“.  We submit that in each instance, the barrier is not merely financial; it is also structural.

Distribution. In code generation, the dominant incumbents, Microsoft’s GitHub Copilot and Cursor, enjoy “unparalleled data and distribution advantages,” a combination that the report expects will lead to “widespread commoditization and value destruction for undifferentiated startups“. In e-commerce, answer engines and platform partnerships are re-routing product discovery in ways that advantage the owners of those channels. Across the stack, AI models are consumed via APIs, making the infrastructure to secure, monitor, and scale those interfaces “a non-negotiable, high-growth layer“.  Whoever controls the API layer controls the terms on which downstream innovation occurs, a distribution chokepoint that competition authorities will need to understand in technical detail.

Vertical Integration and the Risk of Foreclosure

The AI supply chain runs, in simplified terms, from chip manufacturers through cloud and compute providers, through model developers, down to application-layer companies and end users. At each handover point, there is a potential for vertical leverage, and the PitchBook evidence suggests that consolidation incentives are strong at every junction.

Consider the pattern across sectors:

In cybersecurity, AI protection capabilities are being rapidly absorbed by incumbent security platforms through M&A. The PitchBook report notes that the outlook for 2026 and 2027 “remains strong in aggregate, though dominated by incumbent-led acquisitions rather than by standalone startups,” and that the opportunity for independent startups “is narrowing as these features become standard across application and cloud security suites“. Once model-defence features are bundled into broader platform offerings, the incentive to disfavour third-party alternatives through licensing terms, API design, or marketplace placement is well understood in competition law.

In healthcare, second-tier AI scribe companies are expected to be acquired “at highly discounted valuations” by electronic health records incumbents or larger healthcare IT platforms. The EHR market is oligopolistic, Epic and Oracle Health dominate distribution, and the embedding of native AI scribing functions directly into these platforms creates a classic vertical foreclosure risk for independents that depend on EHR integration to reach clinicians.

In agriculture, Corteva, Bayer, Syngenta, and John Deere have vertically integrated precision agriculture platforms that connect directly to farmers, bypassing traditional retailer agronomists. Seven major retailers control approximately 60 to 90 per cent of crop input sales, and digital advisory is now embedded in the platforms of the crop majors themselves. Independent drone-based monitoring startups face what amounts to a distribution foreclosure problem: without integration into these dominant ecosystems, they cannot reach the customer base at scale.

In e-commerce, the emergence of LLM-native ad networks, the opening of Amazon’s DSP and SSP infrastructure as a service, and the shift to answer engines as the primary discovery layer together represent a rewiring of the commerce stack that incumbents are best placed to shape. Consumer-facing, domain-specific search platforms face “structural headwinds in attribution and monetization as horizontal platforms such as ChatGPT and Perplexity integrate commerce functionalities“.

At the model layer itself, the prospect of enterprises locking into multiyear platform commitments creates the most systemic lock-in risk. Where those commitments bundle compute, safety tooling, agent management, and application accelerators into a single relationship, the switching costs can become prohibitive in practice even if they are not insurmountable in theory. Volume-based discount ladders and committed-spend rebates, familiar from cloud markets, are the mechanism through which this lock-in is likely to deepen.

The self-preferencing risk is real. Where a platform owner operates at both the model layer and the application layer, or controls both the inference utility and the safety/governance stack that wraps around it, the incentive to advantage affiliated products through scheduling priority, API design, or pricing structure is obvious. These are not speculative harms; they are the same theories that have sustained enforcement in digital platform markets, transposed to a new industrial context.

Merger Control: Speed, Serial Acquisition, and the Nascent Competition Problem

We turn now to what is, in our view, the most pressing institutional challenge: whether existing merger control frameworks can keep pace with the tempo of AI-driven consolidation.

The PitchBook evidence paints a vivid picture. The report describes a “platform war” in which incumbents are “driven to acquire” point solutions to “plug immediate GenAI and security gaps,” with acquisition characterised as “the fastest route to market“.  This language matters because it describes a strategic logic, defensive ecosystem consolidation, that is precisely the kind of conduct that merger control exists to scrutinise.

Serial acquisitions are the dominant pattern in several sectors as detailed in the PitchBook report. In agtech, 2025 exits occurred “entirely through M&A” (38 transactions) and buyouts (five transactions), with zero IPOs. The acquirers are Corteva, Bayer, Syngenta, John Deere, consolidating digital and autonomous capabilities.  In cybersecurity, AI protection is undergoing rapid consolidation through acquisition by major security vendors. In healthcare, PE-owned healthcare IT companies are driving AI-capability acquisitions, with R1 RCM’s acquisition of Phare Health cited as a recent example. In enterprise software, incumbents such as GitLab and Atlassian “must acquire these point solutions to plug immediate GenAI and security gaps“.

Each of these transactions, taken individually, may fall below jurisdictional thresholds or appear competitively benign. Taken cumulatively, they can neutralise an entire stratum of nascent competition. This is the serial acquisition problem that competition authorities in the UK, EU, and US have been discussing for years but have yet to address with fit-for-purpose tools. The AI cycle may force the issue.

Kill acquisitions present a related but distinct concern. Where an incumbent acquires a startup not to integrate its technology but to prevent it from becoming a competitive threat, the competitive harm is the loss of future rivalry. The difficulty, as always, is evidentiary: proving that the target would have become a meaningful competitor absent the acquisition requires counterfactual analysis that courts and regulators find inherently speculative. The PitchBook data provides at least a circumstantial basis for concern: the report repeatedly identifies sectors where startups are commercially maturing, gaining traction with enterprise customers, and then being absorbed by the very incumbents whose market positions they threaten.

We do not suggest that every AI acquisition is anticompetitive. Many will be genuinely pro-competitive, accelerating diffusion and enabling product improvement. But the industrial dynamics documented in the PitchBook report, defensive acquisition strategies, ecosystem lock-in, and serial consolidation by a small number of strategic buyers, provide a strong case for authorities to invest in improved monitoring, refined nascent competition tools, and the willingness to deploy interim measures where integration risks creating irreversible structural harm.

Sector-Specific Flashpoints

The competition risks are not uniform across the economy. Some sectors warrant particular attention, either because AI adoption is especially rapid or because the pre-existing market structure amplifies concentration dynamics.

Healthcare. The combination of oligopolistic EHR incumbents, regulatory barriers to entry, high switching costs, and the foundational nature of ambient scribe technology creates a high-risk environment for vertical foreclosure. The anticipated absorption of independent scribe companies into EHR platforms will concentrate the clinical workflow layer around a very small number of providers. In medtech, AI-powered imaging and smart implants are gaining traction, and incumbents are already acquiring remote monitoring platforms, Philips acquiring BioTelemetry, UnitedHealth acquiring Vivify Health, suggesting a pattern of vertical integration that could foreclose independent device and diagnostics innovators.

Enterprise software. The displacement of legacy analytics and BI platforms by agentic AI and natural language querying is a genuine paradigm shift, moving from dashboard navigation to conversational, in-workflow insights delivery. The incumbents that own the system of record, the CRMs, ERPs, and data warehouses that enterprises cannot easily replace, are strongly incentivised to acquire emergent AI search, compliance, and automation tools to keep customers captive. Whether that integration is conducted on open, non-discriminatory terms or through proprietary interfaces designed to lock out rivals will determine the competitive outcome.

E-commerce and advertising. The shift to answer engines as the primary product discovery mechanism is already measurable: Adobe Analytics reports a tenfold increase in referral traffic from answer engines, with Google conceding low-value queries.  As OpenAI, Anthropic, and others seek scaled monetisation, LLM-native ad networks will emerge as a logical extension of the platform, with Amazon’s and Walmart’s retail media businesses providing the template. The risk is that a small number of answer engine operators will control the default pathways for commercial traffic in the same way that search engines did in the prior era, with the same attendant risks of self-preferencing, exclusionary conduct, and opaque ranking decisions.

Agriculture. This is a sector where vertical integration is already far advanced. Corteva, Bayer, Syngenta, and John Deere between them control precision agriculture platforms, digital advisory, crop input distribution, and equipment data pipelines.  The PitchBook report states that independent drone-based crop monitoring faces value destruction risk as more than 50 competitors offer commoditised solutions while the major platforms “maintain powerful industry moats by integrating machine and imagery data at scale“.

Cybersecurity. AI protection for models and applications is both a growth market and a consolidation market. The 2025 acquisition wave, by SentinelOne, Palo Alto Networks, and other major vendors—signals sustained appetite for model-defence capabilities, with M&A identified as the most likely exit path for emerging vendors.  The bundling of AI protection into broader platform suites is efficient, but it also risks foreclosing innovative niche solutions if platform APIs or marketplace placement disfavour third-party integrations post-acquisition.

Regulatory Adequacy and Emerging Theories of Harm

We should be candid about the limits of the evidence base. The PitchBook report is an investment and industry analysis, not a regulatory assessment. It does not catalogue specific enforcement actions by the CMA, the European Commission, or the DOJ and FTC, and we have not supplemented it with external enforcement data for the purposes of discussion. Any definitive assessment of agency responsiveness would require a broader evidentiary foundation.

That said, the market dynamics documented in the report have clear implications for the adequacy of existing frameworks.

Abuse of dominance and self-preferencing. The structural features of the foundation model layer, default infrastructure status, API-mediated access, inference-as-utility pricing, and multiyear platform commitments create fertile ground for discriminatory conduct. Where a platform owner controls both the inference utility and adjacent layers (safety tooling, agent orchestration, application accelerators), selective degradation of access for rivals can effectuate a margin squeeze that is invisible in headline pricing but decisive in competitive outcome. The evolution from single-shot inference to autonomous, multistep agent workflows will create new chokepoints around scheduling, memory allocation, and tool access that do not map neatly onto existing precedent. These are novel theories of harm in form, though cognate to established non-discrimination and refusal-to-deal doctrines in substance.

Essential facilities. We raise this with appropriate caution, because the legal threshold for essential facilities claims is high in all jurisdictions. But the PitchBook evidence on compute and energy constraints, trillion-dollar infrastructure, constrained GPU supply, grid capacity limits, suggests that access terms for capacity-constrained inputs will be competitively determinative in some markets. Where a small number of vertically integrated providers control GPUs, data centre space, and on-site generation, the analytical conditions for an essential facilities enquiry may be met.

Practical Implications

For companies at bottleneck layers. If you operate at a chokepoint in the AI stack, foundation models, compute, developer platforms, EHR systems, and precision agriculture platforms, you should expect regulatory scrutiny of your API terms, bundling practices, default settings, and data-access policies. Sensible risk mitigation includes transparent, stable, and non-discriminatory API terms; documented interoperability commitments; and governance structures that separate upstream access decisions from downstream competitive incentives.

For acquirers. Serial acquisition strategies in sectors such as cybersecurity, healthcare IT, and agtech are accumulating competitive significance even where individual transactions fall below notification thresholds. Internal documents, integration planning materials, and board presentations that describe acquisitions in terms of ecosystem defence, competitive neutralisation, or market foreclosure will be discoverable and will inform the analysis. Transaction teams should be briefed accordingly.

For startups and investors. The PitchBook evidence suggests that the exit environment in many AI subsectors is overwhelmingly M&A-driven, with strategic acquirers dominating. Where the acquirer is an incumbent with an existing dominant position, the transaction will attract greater scrutiny. Founders and their advisers should factor merger control risk into exit planning earlier than is conventionally the case, particularly in sectors where the buyer universe is narrow.

Concluding Observations

We do not think the sky is falling. The existing toolkit of competition law, abuse of dominance, vertical agreements, and merger control is conceptually adequate to address the risks we have described. The theories of harm are, in most cases, familiar ones applied to new industrial facts.

What concerns us is timing. The AI cycle is moving faster than prior platform cycles, the capital commitments are larger, and the vertical interdependencies are deeper. The window between the emergence of a competitive threat and its absorption by an incumbent is narrowing, and once multiyear platform commitments, default infrastructure status, and ecosystem lock-in have taken hold, the practical scope for ex post remediation shrinks considerably.

The law is not unsettled in its principles. It is unsettled in its application to the specific industrial facts of the AI stack, inference pricing, API-level discrimination, agent orchestration, and the competitive significance of sovereign capital. These are the areas where novel theories of harm are most likely to emerge, and where early engagement with regulators, careful compliance design, and thoughtful transaction structuring will deliver the greatest returns.

Food for thought.

[1] 2026-artificial-intelligence-outlook-the-great-competition-wars-have-begun.pdf (accessed 10 April 2026)

The post The AI Arms Race and what it means for Competition Law: A new era or new focus appeared first on Werksmans Attorneys.

I am presently reading Noah M Kenney’s Governing Intelligence: Law, Privacy, Security, and Compliance,[1] and it has given me genuine cause to reflect, which I suspect was precisely the author’s intention. The book lands at a time when South Africa has published its own Draft National Artificial Intelligence Policy,[2] opening a public comment period on what is intended to become the foundational instrument for AI governance in this jurisdiction.

The timing is fortunate. Kenney’s central thesis, that AI governance must be understood and implemented as a structured, layered, interdependent system, throws into sharp focus both the ambitions and the shortcomings of South Africa’s Draft Policy.

What follows is an attempt to read the Draft Policy through the organising framework at the heart of Kenney’s text, the AI Governance Stack, and to consider whether South Africa’s proposed approach is structurally adequate for the task it sets itself.

The AI Governance Stack as an Organising Discipline

Kenney’s AI Governance Stack is a five-layer operational model, drawn from a decade of practical implementation work across regulated industries.[3] Built from the base upward, it comprises:

• Layer 1 (Data Governance) constituting data inventory, quality management, bias assessment, provenance tracking, and consent mechanisms;
• Layer 2 (Model Governance) focusing on architecture review, fairness testing, robustness evaluation, interpretability, and model documentation;
• Layer 3 (System Integration Governance), considering integration architecture, pipeline security, cascading failure analysis, human-AI interaction design, and boundary condition testing;
• Layer 4 (Control and Monitoring Governance) addressing access controls, performance monitoring, anomaly detection, incident response, and deployment governance; and
• Layer 5 (Audit and Evidence Governance) calling for documentation standards, evidence preservation, audit mechanisms, regulatory reporting, and stakeholder communication.[4]

The framework’s real force lies in its insistence on cascading dependency.

Each layer of the Kennedy AI Governance Stack creates the foundation for the one above it, and points out that a governance failure at Layer N cannot be fully remediated at Layer N+1.[5]  This is not simply an architectural preference. It is a testable operational claim: piecemeal governance, attending to audit whilst neglecting data quality, or monitoring without model documentation, will produce governance that is structurally unsound, no matter how many resources are thrown at it.[6] This is in fact true for any form of regulatory compliance.

The practical upshot, which Kenney demonstrates through a detailed walkthrough of an AI credit decision system, is that each layer must have exactly one primary organisational owner and that governance must be sequenced to follow the dependency chain.[7] Done properly, the Stack transforms governance from a set of aspirational commitments into something closer to an executable specification, with defined requirements, thresholds, decision rules, and verification criteria.[8]

South Africa’s Draft Policy: Ambition Without Architecture

There is much to celebrate in the Draft Policy. It is rightly anchored in the Constitution of the Republic of South Africa, 1996, and expressly provides that AI must not be used to violate the rights enshrined in sections 9 (equality), 10 (human dignity), 14 (privacy), 16 (freedom of expression), and 33 (just administrative action), amongst others.[9] It identifies the Protection of Personal Information Act 4 of 2013 (POPIA), the Cybercrimes Act 19 of 2020, and the Promotion of Access to Information Act 2 of 2000 as part of the legislative architecture within which AI governance must operate.[10] It goes further still, proposing the establishment of a National AI Commission, an AI Ethics Board, an AI Regulatory Authority, an AI Ombudsperson Office, a National AI Safety Institute, and an AI Insurance Superfund modelled on the Road Accident Fund.[11]

These are serious institutional commitments that should not be dismissed. But when one measures them against the operational specificity of the Governance Stack, a conspicuous gap opens up. The Draft Policy proceeds largely at the level of principles and institutional mandates. It sets out six key principles of responsible AI, fairness, reliability and safety, privacy and security, inclusiveness, transparency, and accountability, and proposes embedding these across the AI lifecycle.[12] It calls for “sufficient explainability” and “sufficient transparency” in high-risk systems.[13] It contemplates risk-based classification, drawing some inspiration from the European Union AI Act.[14]

What it does not do is specify the operational infrastructure through which any of these principles can be enforced. One looks in vain for anything equivalent to the Stack’s requirement that organisations maintain data catalogues with provenance records documenting origin, transformations, and lineage, or its mandatory quality thresholds, completeness at 95 per cent, accuracy at 98 per cent for labelled data, cross-source consistency at 90 per cent, below which data must not be used for model training without documented exception approval.[15] Cascading failure analysis, circuit breaker requirements for systems with downstream dependencies, boundary condition testing protocols, none of these features.[16] The Policy’s reference to “AI-specific data governance frameworks that ensure provenance, quality control, and interoperability of datasets” reads as aspiration, not specification.[17]

Key Tensions and Risks

Three tensions in the Draft Policy deserve close scrutiny.

The first concerns accountability. The Draft Policy’s treatment of it is structurally incomplete. It provides that “organisations must take responsibility for the outcomes of their AI systems” and that “accountability must ultimately point to an attributable official or entity.”[18] That is necessary, but it is not enough. Kenney’s point is that diffuse accountability is the primary organisational failure mode in AI governance. The remedy is to assign determinate accountability at each Stack layer: data stewards at Layer 1, ML engineering leads at Layer 2, platform and infrastructure teams at Layer 3, security and operations teams at Layer 4, and compliance and legal teams at Layer 5.[19] Without that degree of granularity, the Draft Policy’s accountability requirement risks becoming what Kenney aptly terms a “compliance fiction”, formally satisfied but operationally hollow.

The second tension arises from the Draft Policy’s reliance on POPIA as the primary data governance instrument for AI, which is, at best, partial. POPIA’s conditions for lawful processing, including purpose limitation (section 13), minimality (section 10), and security safeguards (section 19), were simply not designed with the demands of AI training data in mind. The friction between data minimisation and the data-hungry requirements of machine learning model training, which Kenney identifies as a fundamental governance challenge under the analogous provisions of the GDPR,[20] is not acknowledged in the Draft Policy. Nor does the Draft Policy grapple with how section 71 of POPIA, which governs automated decision-making, will interact with the proposed AI Ombudsperson’s jurisdiction or the AI Regulatory Authority’s audit mandate.[21]

The third tension is regulatory fragmentation. The Draft Policy proposes an elaborate institutional architecture involving the DCDT, ICASA, the Information Regulator, the Competition Commission, the South African Reserve Bank, and the Financial Sector Contingency Forum, among others.[22] Kenney’s argument on this point is direct: the Governance Stack provides a unified architecture through which organisations can satisfy the requirements of multiple regulators by means of a single layered governance system, rather than maintaining separate compliance programmes for each.[23] Without a unifying operational framework, the Draft Policy’s multi-regulator model risks imposing precisely the kind of compliance fragmentation that the Stack was designed to resolve.

A Considered View

What, then, should organisations operating in or entering the South African market actually be doing?

It is submitted that the Draft Policy should be treated as a signal of regulatory direction, not as a governance blueprint. Its principles are sound and its institutional ambitions are genuine. But the operational gap between principle and implementation is wide, and organisations that wait for the regulatory apparatus to mature before building their own governance frameworks will find themselves badly exposed. If the EU AI Act teaches us anything, and Kenney documents this in considerable detail, it is that compliance costs compound rapidly when governance is retrofitted rather than designed in from the outset.[24]

Organisations would be well advised, now, to map their AI systems against the five layers of the Governance Stack, assign primary ownership at each layer, and begin building the documentation, testing, and monitoring infrastructure that any competent regulator will eventually demand.[25] They should ensure that their data governance practices satisfy POPIA’s existing requirements whilst also anticipating the more demanding standards that the Draft Policy foreshadows.[26] And they should engage meaningfully with the public comment process, not merely to protect commercial interests, but to press for the kind of operational specificity that separates effective governance from well-intentioned aspiration.

If Kenney’s book can be reduced to a single proposition, it is that governance must be engineered, not merely declared.[27]

South Africa’s Draft Policy has declared its intentions. The engineering remains to be done.

[1] Kenney NM Governing Intelligence: Law, Privacy, Security, and Compliance (Digital 520 2026).

[2] Draft South Africa National Artificial Intelligence (AI) Policy (March 2026) published in GG 54477 of 10 April 2026.

[3] Kenney (n 1) page 22.

[4] Kenney (n 1) page 22-25.

[5] Kenney (n 1) page 18-19; see also page 25 (“Failure at any layer cascades upward; governance cannot be implemented piecemeal”).

[6] Kenney (n 1) page 30.

[7] Kenney (n 1) page 26-28.

[8] Kenney (n 1) page 30.

[9] Constitution of the Republic of South Africa, 1996, section 9, 10, 14, 16, 33; Draft AI Policy (n 2) page 8.

[10] Protection of Personal Information Act 4 of 2013; Cybercrimes Act 19 of 2020; Promotion of Access to Information Act 2 of 2000; Draft AI Policy (n 2) page 7.

[11] Draft AI Policy (n 2) page 26–27.

[12] Draft AI Policy (n 2) page  62.

[13] Draft AI Policy (n 2) page 35–36.

[14] Draft AI Policy (n 2) page 36; cf Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024 laying down harmonised rules on artificial intelligence (EU AI Act).

[15] Kenney (n 1) page 23, 27.

[16] Kenney (n 1) pages 24, 32–33.

[17] Draft AI Policy (n 2) page 53.

[18] Draft AI Policy (n 2) page 58.

[19] Kenney (n 1) page 20, 26.

[20] Kenney (n 1) page 258; see also Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data (GDPR) art 5(1)(c).

[21] POPIA section 71; Draft AI Policy (n 2) page 72, 26.

[22] Draft AI Policy (n 2) page 28, 61.

[23] Kenney (n 1) page 123, 154.

[24] Kenney (n 1) page 26; see also Regulation (EU) 2024/1689 (EU AI Act).

[25] Kenney (n 1) page 22, 26–28.

[26] Draft AI Policy (n 2) page 55–56; POPIA section 10, 13, 19.

[27] Kenney (n 1) page 30.

The post The AI Governance Stack and South Africa’s Draft National AI Policy: An Operational Gap in Search of a Framework appeared first on Werksmans Attorneys.

On 10 April 2026, South Africa’s Department of Communications and Digital Technologies published its Draft National Artificial Intelligence Policy and opened a sixty-day public comment window.

At eighty-six pages, the document covers an extraordinary amount of ground, everything from supercomputing infrastructure to the digitisation of indigenous languages.

If your company develops, deploys, or procures AI systems with any connection to South Africa, you need to be reading this document carefully. And you need to be paying attention to what it doesn’t say as much as what it does.

The policy’s headline vision, “AI for inclusive economic growth, job creation, cost reduction, and a developing Africa“, is hard to argue with. Education, healthcare, agriculture, and public administration are flagged as priority sectors, and the policy sets out six objectives covering skills development, public-service modernisation, ethical governance, and cultural preservation.

Where things get really ambitious, perhaps overly so, is in the institutional design. The draft proposes:

• a National AI Commission,
• an AI Ethics Board,
• an AI Regulatory Authority,
• an AI Ombudsperson Office,
• a National AI Safety Institute,
• and an AI Insurance Superfund modelled on the Road Accident Fund, designed to compensate people harmed by AI-driven decisions.

The risk-based regulatory approach borrows openly from the EU AI Act, with stricter rules for high-risk applications and lighter treatment elsewhere, plus provision for regulatory sandboxes. Its six principles of:

• responsible AI,
• fairness,
• reliability and safety,
• privacy and security,
• inclusiveness, transparency, and
• accountability,

will feel familiar to anyone who has spent time considering the OECD AI Principles.  None of this is controversial. But the real question is whether the detail behind these commitments is adequate, and in relation to privacy, it is doubted.

Credit where it is due: the draft makes the right noises on data protection. It commits to harmonising AI privacy controls with the Protection of Personal Information Act (POPIA), enforcing its eight conditions for lawful processing, and embedding data protection by design and default, data minimisation, purpose limitation, and storage limitation into AI governance. It calls for Privacy Impact Assessments when sensitive information is at stake and points to POPIA’s Section 71 on automated decision-making as a transparency safeguard.

The problem is that the policy never seems to gets beneath the surface. Given the purpose limitation, in machine learning, training data is routinely repurposed across models and applications in ways that bear little resemblance to the original reason it was collected. The policy says nothing meaningful about how to handle that. Or consider data minimisation. The draft simultaneously champions minimisation and calls for a “sustained national effort to curate large, diverse datasets in AI-ready formats,” treating non-private data as a “public good“. You cannot have it both ways without explaining how you intend to square the circle, and the draft does not try.

Then there is Section 71 of POPIA. The policy rightly identifies it as relevant, but stops there. Section 71 gives individuals a right not to be subject to decisions based solely on automated processing, but it is a narrow provision. How does it interact with the broader rights of data subjects, the right to object, or the right to have personal information corrected? The policy does not explore this. When the economy considers rolling AI out across healthcare diagnostics, credit scoring, law enforcement, and public administration, that is a gap with real consequences for real people.

Working across the UK and EU data protection regimes, it does not take much effort to spot the policy’s influences and, unfortunately, its shortcomings.

The EU AI Act provides a legally binding, granular risk classification system backed by conformity assessments, post-market surveillance, and meaningful penalties. South Africa’s draft uses the same vocabulary of risk categorisation, but punts the substance, what counts as “high-risk,” “medium-risk,” or “low-risk”, to future regulations and sector strategies.  That leaves organisations in limbo, uncertain of what they actually need to do.

The rights gap is just as concerning. Under the UK GDPR and the Data Protection Act 2018, individuals have the right to meaningful information about the logic behind automated decisions, the right to human intervention, and the right to challenge outcomes. POPIA offers less, and the draft policy’s language around “sufficient explainability” and “sufficient transparency” risks entrenching a lower standard than what many multinationals already meet under UK or EU law. The word “sufficient” introduces flexibility, but it also invites interpretation by those who may not share the same commitment to individual rights.

Cross-border data flows deserve a mention, too. The policy invokes the National Policy on Data and Cloud and frames data sovereignty partly as a guard against “perpetuation of colonial-era data extraction practices“. That language resonates politically, but it needs to translate into functioning legal mechanisms. The adequacy frameworks under the UK GDPR and the EU’s standard contractual clauses are well-established tools; South Africa’s own regime for cross-border transfers under POPIA Section 72 remains comparatively undeveloped, and this policy does not move the needle.

More worrisome is the institutional design. Seven new bodies, on top of existing regulators like the Information Regulator, ICASA, and the Competition Commission, is a recipe for overlap, turf disputes, and diluted accountability. The policy acknowledges the need for a National AI Regulatory Forum to coordinate these bodies, but the governance lines remain vague. South Africa is not a country with limitless public resources. The danger is that the country will end up with impressive-sounding institutions that lack the funding, people, and political independence to do anything meaningful.

But what should organisations do now? Three things.

·       First, do not wait. Start mapping AI systems against the risk categories and ethical principles in the draft, and benchmark data protection practices against POPIA, the UK GDPR, and the EU AI Act together,  apply the highest common standard.

·       Second, respond to the consultation. The government has framed this policy explicitly as a “point of departure” and a “work-in-progress”.  Submissions that push for sharper data protection obligations, clearer risk definitions, and stronger individual rights around automated decision-making would make a genuine difference.

·       Third, keep a close eye on who ends up doing what. Whether the Information Regulator, the proposed AI Regulatory Authority, or the AI Ethics Board takes the lead on privacy enforcement will shape the entire character of South Africa’s AI governance regime.

This is a creditable piece of policy work and it reflects a serious engagement with international AI governance thinking. But good intentions are not the same as good regulation.

On the issues that matter most to individuals, privacy, data protection, the right to understand and challenge decisions made about you by a machine, the draft stays at the level of aspiration. Turning those aspirations into enforceable, practical obligations is the hard part, and it is the part that still lies ahead.

The comment window is open.

Use it.

The post Speak now or forever hold your peace. The draft AI policy has been published and parties have 60 days to comment appeared first on Werksmans Attorneys.

In our previous article published on 28 October 2025, we identified the absence of exchange control rules for cross-border crypto asset (“crypto“) transfers as being a significant regulatory gap. This followed the High Court ruling in Standard Bank of South Africa v South African Reserve Bank & Others 2025 (5) SA 289 (GP) (the “SBSA decision“) which found that the Exchange Control Regulations, 1961 (the “Exchange Control Regulations“) did not apply to crypto and that exchange control approval was therefore not required for the cross-border transfer of crypto. Although the South African Reserve Bank (“SARB“) was granted leave to appeal to the Supreme Court of Appeal (“SCA“) against the SBSA decision, legislative intervention now seems inevitable. This is confirmed by the fact that during the budget speech on 25 February 2026, Finance Minister Enoch Godongwana announced that the government will soon publish draft regulations under the Currency and Exchanges Act, 1933 to include crypto assets in the capital flow management regime and that crypto assets will be governed within the cross-border capital movement framework. This is in addition to existing regulations to combat money laundering and fraud. This article discusses this latest development.

Setting the Scene: the SBSA decision

To briefly recap, the facts in the SBSA decision are as follows: Leo Cash and Carry Proprietary Limited (a South African resident company) transferred 4,405.9783 Bitcoin (approximately R556 million) to a non-resident Seychelles-based crypto exchange. The SARB sought forfeiture of related bank-held funds, alleging the transfer referred to contravened exchange control rules. The court considered whether crypto constituted (i) money or “currency” for purposes of Regulation 3(1)(c), which prohibits payments to non-residents without exchange control approval (“Currency Payment Rule“); and/or whether crypto constituted (ii) “capital” under Regulation 10(1)(c), which prohibits the export of capital without approval (“Capital Export Rule“). The court found in the negative on both scores and the forfeiture order was set aside.

The Budget Speech Announcement

Although not very informative, additional details are provided in Annexure E (Financial Sector Update) to the 2026 Budget Review, published on 25 February 2026 alongside the Budget Speech. Under “Capital flows management framework“, it is indicated that the National Treasury will publish amendments to the Exchange Control Regulations, and that these will regulate transfers of crypto (such as Bitcoin and Ethereum) to non-residents. This was confirmed by Exchange Control Circular No. 3/2026 issued by the Financial Surveillance Department of the SARB (“FinSurv“) on 3 March 2026.

If the anticipated amendments to the Exchange Control Regulations are consistent with the recommendations made by the Intergovernmental Fintech Working Group (“IFWG“) as long ago as 2021, it is anticipated that they will place Crypto Asset Service Providers (“CASPs“) on a similar footing as authorised dealers with limited authority, requiring them to authorise crypto transfers within clients’ exchange control allowances and to report transfers to the FinSurv, although the precise mechanism will only be confirmed once the draft amendments are published.

Significance of the anticipated amendments

The anticipated amendments are expected to directly address the regulatory gap exposed by the SBSA decision. Rather than awaiting the outcome of the appeal, government has clearly opted to pursue a legislative amendment: the same approach taken by government after the decision in Oilwell (Pty) Ltd v Protec International Ltd and Others 2011 (4) SA 394 (SCA). In that instance, the Capital Export Rule was promptly amended to include intellectual property rights following the Court’s decision that the rule (as framed at the time) did not include intellectual property rights.

The stated intent behind the anticipated amendments is to form part of the multi-layered approach to crypto regulation in South Africa. CASPs are already regulated under financial services and anti-money laundering legislation (including FAIS and FICA). The anticipated amendments are expected to bolster existing efforts to prevent money laundering and terrorist financing, thereby keeping South Africa off the Grey List.

One would expect the regulatory direction intimated by the Minister in February to align with the IFWG recommendations, which were quite explicit and wide ranging. If this happens, the anticipated amendments would integrate CASPs into the existing authorised dealer architecture and CASPs will be expected to administer clients’ exchange control allowances for crypto transfers and report to the FinSurv.

What This Means for CASPs

Once the anticipated amendments take effect, CASPs will likely have to report crypto transfers to the FinSurv. The precise scope and format will only be clarified once the draft amendments are published. CASPs should however already assess whether their transaction monitoring and record-keeping systems can capture the required data. CASPs should review their FAIS, FICA, and contractual frameworks, including their Risk Management and Compliance Framework, their client agreements, vendor contracts (where certain duties or services are outsourced), and privacy notices. Gaps should be identified and consideration should be given to how exchange control monitoring, reporting, and authorisations will work in practice.

What This Means for Crypto Holders

Under the proposed framework, South African residents wishing to transfer crypto assets to non-residents – including to foreign exchanges – may need to do so within their exchange control allowances. Transfers may be subject to the single discretionary allowance (R2 million per calendar year), with transfers exceeding applicable allowances presumably requiring specific SARB approval.

Crypto holders should accordingly be aware that once the anticipated amendments take effect, cross-border crypto transfers will no longer take place in a regulatory vacuum: they are expected to be subject to the same Capital Flows Management Framework that governs the movement of conventional assets and currency to non-residents.

Bringing Clarity to Crypto: Updated Final Thoughts

In our previous article, we observed that a regulatory framework addressing crypto’s exchange control treatment was “long overdue“. The 2026 Budget Speech signals that this framework is finally on the horizon.

Questions remain: It is unclear whether the anticipated amendments will bring crypto within the ambit of the Currency Payment Rule or the Capital Export Rule, alternatively whether a new purpose-built provision will be introduced. The precise obligations for CASPs and their clients are also yet to be determined. The SBSA decision remains suspended pending the SCA appeal, and the announcement of the anticipated amendments may be seen as acknowledging that the existing Exchange Control Regulations do not apply to crypto, with potential implications for the SARB’s appeal.

The regulatory direction is clear: CASPs should use the period before draft amendments are published to prepare their systems and review compliance frameworks. Crypto holders who have previously transferred crypto abroad without exchange control approval should seek legal advice before the new framework takes effect.

For assistance with your crypto needs or exchange control compliance, feel free to contact a member of our team.

The post Cracking Down or Catching Up? South Africa’s Approach to Crypto Regulation: Part 4 – Exchange Control Update appeared first on Werksmans Attorneys.

In a restructuring environment often shaped by urgency and commercial pressure, the recent judgment in Tamela Mezzanine Debt Fund I Partnership v KT Wash Detergents Proprietary Limited [1] offers a timely recalibration of first principles. It reminds practitioners, funders and stakeholders alike that business rescue is not an exercise in optimism. It is a structured, creditor-driven process that must be grounded in transparency, fairness and demonstrable commercial logic. Where those elements are absent, even a seemingly viable plan will not survive.

KT Wash entered business rescue pursuant to section 129 of the Companies Act 71 of 2008 (the “Act”). A business rescue plan was subsequently published proposing the sale of the business as a going concern. Despite this, the plan failed to secure the required statutory support, achieving only 50.73% of creditors’ voting interests, instead of the required 75%. That outcome is significant in itself, but what followed is what makes the case particularly noteworthy.

Section 153 allows of the Act provides a mechanism to intervene where a business rescue plan has been rejected. It allows a business rescue practitioner to pursue a revised plan, or an affected person to approach the court to set aside the vote as inappropriate. In doing so, it prevents the automatic collapse of the process following a failed vote and creates space for further engagement where justified.

In this instance, an application to set aside the rejection of the plan was brought by a creditor (unusually so) and not by the business rescue practitioners.

Section 153 of the Act is more commonly invoked by business rescue practitioners seeking to salvage a plan that has failed to achieve sufficient support. Here, however, a creditor, who was also a significant post-commencement financier, sought to overturn the collective decision of the creditor body. The argument advanced was that the vote rejecting the business rescue plan was “inappropriate” and should be set aside. This was premised on the basis that it undermined a viable business rescue plan that depended on their ongoing post-commencement finance. They contended that rejecting the plan was commercially irrational, as it jeopardised the rescue process and would likely result in liquidation.

The court did not accept that proposition.

Pullinger AJ approached the matter from a fundamental starting point. The enquiry was not whether the business rescue plan might have produced a better outcome than liquidation, nor whether the court would have preferred the commercial result proposed. The question was whether creditors had been placed in a position to make an informed decision when exercising their vote. On the facts, they had not.

The court found that the business rescue plan put before creditors, lacked the essential factual foundation required by the Act. It did not adequately explain how the proposed purchase price had been determined, nor did it provide a transparent valuation methodology. It also failed to substantiate the dividend outcomes that creditors could expect under the business rescue plan. In the absence of this information, creditors were effectively being asked to approve a transaction without being able to properly assess its fairness or its comparative benefit. In those circumstances, the court held that their rejection of the plan could not be said to be inappropriate.

The judgment is important for what it does not do as much as for what it does. The court did not attempt to substitute its own commercial judgment for that of the creditors. It did not seek to repair or supplement the deficiencies in the plan. Nor did it treat section 153 of the Act as a mechanism to salvage a proposal that had not met the required evidentiary threshold. Instead, it affirmed that business rescue remains, at its core, a creditor-driven process. Where creditors are not given sufficient information to evaluate a plan, they are entitled to reject it, and the court will be slow to interfere with that decision.

From a commercial perspective, the implications are clear. Business rescue plans must do more than present an attractive outcome. They must be capable of withstanding scrutiny. This requires a level of detail and transparency that enables creditors to interrogate the proposal and make an informed decision. Valuations must be explained, assumptions must be defensible, and the distributional consequences must be clear. Absent this, even a plan that appears viable in principle may fail in practice.

The judgment also reinforces the position of creditors within the restructuring framework provided by Chapter 6 of the Act. Their role is not passive. The statutory voting regime places real power in their hands, and this decision confirms that the courts will respect the exercise of that power, where it is grounded in rational commercial reasoning. At the same time, the case serves as a caution to creditors who seek to take a more interventionist approach. Even a significant funder, as a creditor, cannot rely on the court to override the collective will of creditors where the underlying plan is deficient.

Importantly, the dismissal of the application did not bring the business rescue proceedings to an end. The adjourned meeting is to be reconvened, at which creditors may table a motion requiring the business rescue practitioners to prepare and publish a revised plan. In the event that no such motion is tabled, the business rescue practitioners will be obliged to file a notice terminating the business rescue proceedings. For now, the company remains under supervision, and the success of the process will depend on whether creditors elect to pursue a revised plan and, if so, whether such plan secures the requisite support.

The broader message is clear. Business rescue is, at its core, a creditor-driven process. Approval cannot be assumed, and it cannot be compelled. Where creditors do not support a plan, the process does not bend to accommodate it – it resets. The process now returns to creditors, who will determine whether a revised plan is to be pursued. If a revised plan is proposed and secures the requisite support, the company may yet be restructured. Failing that, the business rescue practitioners will be obliged to terminate the proceedings in accordance with the Act.

—————————————————————————————————————————————–

[1] Tamela Mezzanine Debt Fund I Partnership v KT Wash Detergents (Pty) Ltd & Others [2026] 1 All SA 215 (GJ).

The post Business Rescue at the Crossroads: When Creditors Draw the Line appeared first on Werksmans Attorneys.

The present dire state of public healthcare in the Gauteng Province has been widely publicised, with access to treatment being a central theme. In terms of section 27 of the Constitution of the Republic of South Africa, 1996 (Constitution), all persons have a right to access healthcare services, and the State is obliged to take reasonable legislative and other measures, within its available resources, to achieve the progressive realisation of this right. In other words, the State must take reasonable steps, within its available resources, to expand access to healthcare over time.

However, barriers to access in public healthcare facilities are rife, giving rise to two notable recent legal challenges in Gauteng. In both of these cases, the applicants sought to compel the State to take certain steps to protect and promote section 27 rights by way of positive (mandatory and structural) interdicts.

In particular, and just over a year ago, on 27 March 2025, the Gauteng Local Division of the High Court, Johannesburg, in Cancer Alliance v Member of Executive Council for Health Gauteng Province and Others^[1] (Cancer Alliance), granted an order which required the Gauteng Department of Health (GDoH) to devise and implement a plan to provide radiation oncology services to cancer patients on a backlog list at two Gauteng hospitals. Following the court order, however, and despite initial optimism regarding the impact of the ruling, the Supreme Court of Appeal (SCA) subsequently granted the GDoH leave to appeal the High Court’s decision. As a result, the execution of the judgement and order in Cancer Alliance has been suspended pending the outcome of the appeal – an issue which itself became the subject of extensive legal debate between the parties.[2]

Another recent instance in which the the Gauteng Division of the High Court, Johannesburg, was called upon to enforce the State’s obligation to facilitate access to healthcare, by way of a positive interdict, was in the matter of Treatment Action Campaign and Others v Facility Manager, Yeoville Clinic and Others[3] (TAC v Facility Manager). This matter, which was decided on 4 December 2025, arose as a result of the recent trend of vigilante groups blocking access to public clinics in the Johannesburg inner city by anyone not in possession of a valid South African identity document. The applicants in the matter sought an interdict compelling the provincial health authorities to develop and implement measures to prevent these groups from blocking access to the relevant clinics. This interim interdict was sought pending an application for a final order directing that the aforementioned measures be put in place throughout Gauteng.

In its decision, the court found that both the provincial health authorities and the South African Police Service (SAPS) had neglected to take action against the vigilante groups and to remove barriers to entry at the clinics. As a result, the court concluded that the authorities were failing in their constitutional and statutory duties.

Remarkably, the provincial health authorities argued that they had completely outsourced their constitutional and statutory responsibilities in respect of the relevant clinics to the City of Johannesburg (CoJ). The court, however, found that the service level agreement on which the authorities had sought to rely in this regard in fact provided for co-operation between the GDoH and the CoJ, and (as one would expect) did not permit the authorities simply to abrogate their responsibilities to promote access to healthcare in the province – responsibilities which arise from both section 27 of the Constitution and section 3 of the National Health Act No. 61 of 2003.[4]

As a result, the court found that the requirements for an interim interdict were met in the circumstances.[5] Ultimately, therefore, the court found that it was under a duty to grant effective relief to the applicants, and persons seeking access to the inner-city clinics, in order to remedy the State’s shortcomings. The court, accordingly, ordered the provincial health authorities and SAPS to –

• take reasonable measures to ensure safe, unhindered access to the clinics;
• remove unauthorised persons obstructing access to the relevant clinics;
• station trained security personnel at access points to the clinics; and
• file a report with the court, within 10 court days of the order, setting out the actions taken to comply with the order.

The SAPS were, in turn, ordered to provide all necessary assistance to the clinics to ensure compliance with the order.

The Cancer Alliance and TAC v Facility Manager decisions demonstrate that mandatory and structural interdicts have the potential (when implemented) to be effective tools for safeguarding and enforcing the constitutional right to access to healthcare. In both cases, the courts recognised that where the State fails to take reasonable steps to fulfil its constitutional obligations, judicial intervention may be necessary to compel action. In both matters, the interdicts required the State to implement concrete measures to ensure access to healthcare. In this way, mandatory interdicts serve as a practical tool to transform the right to access to healthcare into tangible outcomes for vulnerable individuals who depend on the public healthcare system.

Whilst the developments in Cancer Alliance highlight some of the limitations of mandatory interdicts in compelling urgent state action (particularly in circumstances involving acute healthcare needs), the courts’ willingness to grant positive interdicts in these recent cases nevertheless demonstrates a broader judicial obligation to ensure that the State’s constitutional duty to provide access to healthcare is not rendered meaningless by administrative inaction.

[1]        2025 ZAGPJHC 136 (27 March 2025).

[2]        In this regard, on 5 August 2025, Cancer Alliance lodged an urgent application, in terms of section 18 of the Superior Courts Act No. 10 of 2013, seeking an order that the High Court’s decision in Cancer Alliance was interim in nature and, therefore, should remain operational and enforceable against the GDoH. This argument proved successful before Dippenaar J on 20 August 2025. The judgement was, however, appealed by the GDoH and ultimately overturned on 5 December 2025 by a full bench of the High Court. In its decision, the appeal court found that Dippenaar J inter alia –

• failed to deal meaningfully with the requirement to consider the prospects of success of the GDoH’s pending appeal;
• erred in finding that the patients on the backlog list would suffer irreparable harm if the order was not granted; and
• erred in finding that the GDoH would not suffer irreparable harm if the decision were to be made immediately enforceable notwithstanding the pending appeal.

[3]        2025 ZAGPJHC 1256 (4 December 2025).

[4]       The court further held that the SAPS was failing in its duties under section 205(3) of the Constitution to prevent crime and secure law and order, which required that the police play an active role in crime prevention beyond merely receiving and acting on complaints from the public – which the SAPS argued was the full extent of its responsibility in respect of the blockading of clinics by the vigilante groups.

[5]        The court granted the interim interdict on the basis that –

• persons seeking healthcare services at the relevant inner-city clinics had a clear prima facie right to the final relief sought, which derived from the Constitution and statute;
• the harm posed by the vigilante groups to persons seeking healthcare services at the clinics was severe and ongoing;
• the balance of convenience favoured the applicants, as the provincial health authorities and SAPS did not argue that they were unable to address the harm but simply (and, according to the court, incorrectly) that they were under no obligation to do so; and
• the only suggested remedial alternative to the interdict sought – that is, reporting unlawful activity to the police – had not been successful.

The post Courts Enforcing The Right Of Access To Healthcare In Gauteng appeared first on Werksmans Attorneys.

In a much-needed victory for hard-pressed consumers, the National Credit Regulator (“NCR”) has recently published a non-binding opinion (“NCR’s Opinion”), throwing a lifeline to those consumers that are required to pay premiums for mandatory credit life insurance. The NCR’s Opinion highlights the inconsistent industry practices in calculating mandatory credit life insurance premiums, and the real financial impact this has on consumers. The NCR has now given guidance: consumers should be paying progressively lower premiums for mandatory credit life insurance, as the debt owed to credit providers decreases.

South Africa’s credit market depends on a careful balance: it needs to enable access to finance, whilst simultaneously protecting consumers from unfair or excessive costs. One area where that balance has been under strain is the pricing of mandatory credit life insurance – a product intended to safeguard both borrowers and lenders when unexpected events occur.

The problem: two interpretations, two very different outcomes

At the centre of the issue lies a technical but important ambiguity in the Final Credit Life Regulations 2017 (“the Regulations“) issued under the National Credit Act (“NCA“).

The NCA itself is clear. Section 106(1) provides that credit life insurance must, at any point in time, not exceed the consumer’s outstanding obligations under a credit agreement. In simple terms, as a borrower pays down their debt, the mandatory credit life insurance cover (and therefore its cost) should reduce accordingly.

However, things become murkier when one looks at the Regulations, and in particular Regulation 3(1), which seeks to prescribe the maximum cost of mandatory credit life insurance that a credit provider may charge under section 106(1) of the NCA. Inexplicably, Regulation 3(1) provides two means of interpreting the manner of calculating the cost of mandatory credit life insurance –

1. The ‘first interpretation’ seemingly permits insurers to calculate the premium based on the deferred amount at the inception of the credit agreement, and to apply that premium for the entire duration of the agreement. In other words, premiums are calculated at the start of the credit agreement, when the outstanding debt is greatest, and do not decrease as the debt is paid down.  As such, consumers are likely to continue paying higher premiums, even as their debt reduces (as a result of their monthly payments), effectively resulting in consumers paying for mandatory credit life insurance cover in excess of the maximum statutory tariff amounts.
2. The ‘second interpretation’ permits premiums to be calculated on the deferred amount from time to time under the credit agreement. In other words, the premium is calculated on what should be a gradually reducing balance that is owed by the consumer over time: as the overall debt decreases (due to the consumer’s payments), so does the amount of the premium.

This seemingly technical distinction has significant consequences that affect consumers in the real world. Throughout the term of a credit agreement, the divergence between these two approaches can give rise to substantial additional costs for consumers, with particular detriment to lower-income consumers who rely most on credit. More concerningly, inconsistent interpretations (and thus practices) across the industry mean that different credit providers are charging different premiums for the same insurance cover. This means that consumers may pay vastly different premiums for the same products, without knowing that they are doing so, or why.

The differing approach obviously has wider implications. Where regulatory clarity is absent, inconsistent industry practices tend to become entrenched. In this case, it has resulted in different credit providers earning different insurance premiums for the same mandatory credit life insurance products which should be subject to the same statutory maximum tariffs, giving them a competitive advantage from a practice that seems to clash directly with the provisions of s106(1) of the NCA. This has created uneven competition between market participants, and incentives for aggressive or opportunistic interpretations, leading to the inevitable erosion of trust in financial products.

This undermines one of the key objectives of the NCA, namely, the fair, consistent and transparent treatment of consumers.

The NCR steps in to provide much-needed clarity

The NCR has now provided the necessary guidance which, can play a crucial role in promoting consistency across the industry, providing clarity to credit providers and insurers, and protecting consumers from ongoing overcharging for mandatory credit life insurance under section 106(1).

The NCR’s Opinion is premised on the long-accepted legal principles that determine how statutory ambiguities should be resolved: regulations must be interpreted in a way that is consistent with the empowering legislation (in this case, the NCA), and in light of their purpose and context, so as to avoid invalid or unlawful outcomes.

Applying these principles, the first interpretation, which fixes premiums to the original loan amount, is difficult to sustain. It conflicts with the s106(1) requirement that mandatory credit life insurance cover must track the consumer’s actual, outstanding liability.

By contrast, the second interpretation’s declining-balance approach aligns with s106(1)’s wording, the NCA’s purpose of consumer protection provisions, and the principle that consumers should not pay for unnecessary or excessive cover or be charged  for a level of risk that no longer exists.

The NCR’s Opinion comes down firmly on the side of the second interpretation. It constitutes clear guidance that those credit providers that calculate premiums on the first interpretation (and thus charge and earn higher premiums), should alter their ways. The NCR has undertaken to closely monitor the market, to determine the level of compliance with its opinion, and will take whatever steps are necessary to ensure compliance. In the future, if practices (and charges) remain inconsistent, it might be that amendment to the NCA and/or the Regulations, or even judicial clarification, is required, in order to remove all ambiguity and to fully align the NCA’s provisions under section 106(1) with those of the Regulations. Nevertheless, the NCR’s guidance is a meaningful and constructive starting point.

In an economic environment that many believe looks set to worsen, the NCR’s Opinion provides consumers with some much-needed respite from credit life insurance  costs that are excessive. The NCR’s Opinion seeks to restore coherence and fairness, and settle an ambiguity that prevailed, to the detriment of consumers and the credit life insurance industry as a whole. The NCR’s Opinion is therefore a welcome clarification: both timely and consequential.

The post NCR Throws a Lifeline to Consumers Required to Pay Premiums for Mandatory Credit Life Insurance appeared first on Werksmans Attorneys.

The proposed amendments to the Mineral and Petroleum Resources Development Act 28 of 2002 (“MPRDA“), published in May 2025, have reignited longstanding uncertainty surrounding the scope and application of section 11 of the MPRDA, particularly in relation to what constitutes a “change in the controlling interest” of a company holding a prospecting or mining right. While the amendment bill appears to signal a move towards a more interventionist regulatory approach, including the potential expansion of ministerial oversight over changes in control in mining right holders for purposes of section 11 of the MPRDA, it does so against a jurisprudential backdrop that has itself only recently begun to settle the contours of section 11 of the MPRDA.

Judgments handed down in recent years such as Mogale Alloys (Pty) Ltd v Nuco Chrome Bophuthatswana (Pty) Ltd and the Vantage Goldfields SA (Pty) Ltd v Arqomanzi (Pty) Ltd judgments have sought to broaden the definition of “controlling interest” by adopting a substance over form approach when determining if there is a change in the controlling interest of a right holder thus triggering the requirement for parties to obtain Ministerial consent under section 11 of the MPRDA.

This trajectory of a substance over form approach was adopted more recently by the Supreme Court of Appeal (“SCA“) in the Nkwe Platinum Limited and Another v Genorah Resources (Pty) Ltd and Others[1] (“Nkwe case“) which was called upon to determine if a cross border restructure would trigger the requirement to lodge a section 11 application with the Department of Mineral and Petroleum Resources (“DMPR“).

Nkwe Platinum Limited (“Nkwe“), a private company incorporated in Bermuda held a 74% undivided share in the Garatouw Mining Right through its South African subsidiary Nkwe Platinum SA Proprietary Limited (“Nkwe SA“) in a joint venture with Genorah Resources Proprietary Limited (“Genorah“) who held the remaining 26% undivided share in the Garatouw Mining Right.

Nkwe entered into an amalgamation agreement with another Bermuda-registered company in accordance with the Bermuda Companies Act[2], and following the conclusion of that amalgamation agreement, Garatouw launched an application in the High Court and sought relief on the basis of its contention that the conclusion of the amalgamation agreement resulted in the transfer of the Garatouw Mining Right, or alternatively constituted a change in control of Nkwe, without the approval of the Minister of Mineral and Petroleum Resources under section 11 of the MPRDA[3].

In light of the above, the SCA had to determine whether the conclusion of the amalgamation agreement resulted in (i) the cessation or the deregistration of Nkwe in accordance with section 56 of the MPRDA, and (ii) the transfer or disposal of Nkwe’s interest in the Garatouw Mining Right, or a change of control of the Garatouw Mining Right for purposes of section 11 of the MPRDA.

Section 56 – Nkwe cessation or deregistration?

Section 56(1)(c) of the MPRDA provides that –

“Any right, permit, or permission granted or issued in terms of this Act shall lapse, whenever –

 …

(c) a company or close corporation is deregistered in terms of the relevant Acts and no application has been made or was made to the Minister for the consent in terms of section 11 or such permission has been refused;”

The SCA concluded that Nkwe was not registered in accordance with the company laws of South Africa, and the relevant provisions dealing with registration or deregistration of companies in South Africa would thus not apply to Nkwe[4].

Section 104(1) of the Bermuda Companies Act sets out the following –

“(1) two or more companies which are registered in Bermuda, may subject to section 4A amalgamate and continue as one company: Provided that if the amalgamated company is to be a local company it shall comply with the Third Schedule”.

Nkwe, post amalgamation and in terms of Bermudan company law, shall accordingly not cease to exist and shall continue as an amalgamated entity. Chief Justice Hargun, within the Bermudan courts, confirmed this position and stated the following –

“upon issuance of a certificate of amalgamation, the property of each amalgamating company becomes the property of the amalgamated company and accordingly assets that were held by one of the amalgamated companies prior to the amalgamation become the property of the amalgamated company by operation of law and not by way of transfer or by operation of contract[5].”

The SCA held that Nkwe was accordingly not deregistered under South African company law or Bermuda company law and that Nkwe’s assets prior to the amalgamation continued to vest in Nkwe notwithstanding the amalgamation[6]. Thus, Nkwe’s undivided share in the Garatouw Mining Right had not lapsed.

Section 11 – Was section 11 triggered?

Section 11(1) of the MPRDA states that –

” (1) A prospecting right or mining right or an interest in any such right, or a controlling interest in a company or close corporation, may not be ceded, transferred, let, sublet, assigned, alienated or otherwise disposed of without the written consent of the Minister, except in the case of change of controlling interest in listed companies.”

Section 11 thus deals with the statutory requirement to obtain ministerial consent before a mining right is transferred to another person, and is “in essence, an anti-avoidance measure which is designed to prevent persons who qualify according to the criteria in the MPRDA to be granted a prospecting or mining right“.[7]

Zijin Mining Company (“Zijin“) held a 60.47% share in Nkwe prior to the conclusion of the amalgamation agreement. After the amalgamation, Zijin held a 74% share in Nkwe. Zijin accordingly remained the ultimate controlling shareholder/ majority shareholder in Nkwe both pre and post amalgamation.[8]

In was therefore accepted by the SCA that the ultimate controlling interest in Nkwe was unaffected by the amalgamation pre and post the agreement, as such there had been no transfer, or change in the ultimate controlling interest of Nkwe and amalgamation did not constitute a disposal of Nkwe’s undivided share in the Garatouw Mining Right, accordingly section 11 was not required for the amalgamation transaction[9].

Conclusion

Mining right holders must remain cognisant that a cross-border restructure of a mining right holder has the potential to trigger section 56 and/ or section 11 of the MPRDA. Unknowingly triggering these sections may have devastating effects for mining right holders, including the mining right being declared void or being deemed to have lapsed. As evidence by this judgment, this may not always been the case, but mining right holders are advised to consider the foreign law applicable to the transaction to determine if a (i) transfer of the mining right or (ii) change in the ultimate controlling interest in the mining right holder has occurred. If the cross-border restructure results in either the transfer of a mining right or a change in the ultimate controlling interest in a mining right, then it is essential that the consent of the Minister under section 11 of the MPRDA be obtained prior to the implementation of the cross-border transaction.

[1] (921/2024) [2026] ZASCA 27 (11 March 2026)

[2] Companies Act No 59 of 1981

[3] Nkwe case paragraph 4.

[4] Nkwe case paragraph 11.

[5] Nkwe case paragraph 12

[6] Nkwe case paragraph 12.

[7] MO Dale ‘South African Mineral and Petroleum Law’, issue 38 (March 2025) at paragraph 117.1.

[8] Nkwe case paragraph 14.

[9] Nkwe case paragraph 17.

The post The Impacts of Cross-Border Restructuring Transactions on Your South African Mining Right appeared first on Werksmans Attorneys.