In this article series, we take a deep dive into the South African Conduct of Financial Institutions (COFI) Bill — a major financial sector regulatory reform – one theme at a time.

COFI was drafted in conjunction with the Financial Sector Regulation Act (FSRA), the two pillars of the Twin Peaks regulatory reform. The Twin Peaks regulatory reform is a response to financial system weaknesses identified by the 2008 Global Financial Crisis, such as the systemic risks of large insurers and inappropriate market conduct practices.

The FSRA has already been implemented. The FSRA introduced the Twin Peaks regulatory framework, bringing into existence two regulators for the industry. The first regulator is the Prudential Authority (PA) responsible for the prudential regulation of financial institutions, while the second is the Financial Sector Conduct Authority (FSCA) responsible for regulating market conduct.

COFI represents a major overhaul of how financial institutions will be regulated in South Africa. Currently, different financial institutions are regulated by different legislation. COFI will involve shifting to a harmonised, principles-based conduct regime focused on customer outcomes, transparency and inclusion. COFI also provides for a single licensing and supervision framework and stronger enforcement and standards across the financial sector. Its implementation will unfold over several years and reshape regulatory expectations for financial institutions and consumers alike.

National Treasury has indicated that COFI will be finalised in 2026. COFI has recently been adop­ted by Cab­inet for sub­mis­sion to Par­lia­ment.

Purpose and Application: Part 1

In this article, we consider the scope and application of COFI.

Application

COFI applies to all “financial institutions”, a term defined broadly to include banks, insurers, retirement funds, investment managers, collective investment schemes, credit providers, payment service providers and a wide range of other entities involved in the provision of financial products or services.

Critically, COFI is not concerned with the form of an institution, but with the activities it performs. In other words, under COFI, it is not what you are, but what you do that counts.

Purpose and regulatory approach

The purpose of COFI is to strengthen market conduct regulation across the financial sector by introducing a single, overarching legal framework governing how financial institutions behave and treat customers. To achieve this, COFI seeks to eliminate the current fragmented conduct regime, which is spread across multiple, and often overlapping, pieces of legislation. In its place, COFI introduces a harmonised, activity-based framework that applies consistently across the financial sector.

Breadth of application

COFI’s wide scope is a deliberate feature. By applying common conduct standards across all financial activities, the framework aims to ensure that customers receive consistent levels of protection, regardless of the type of institution with which they engage.

However, this breadth has also attracted meaningful industry concern. Stakeholders have noted that COFI’s application to a wide range of financial activities may extend regulatory oversight into areas that were previously lightly regulated or unregulated, for example, the introduction of a licensing category for “corporate advisory services”, which appears to capture activities typically associated with investment banking — including the arrangement of debt and equity issuances and advisory services in relation to mergers and acquisitions. While the framework appears to contemplate the ability for certain counterparties to “opt out” of protection, this nonetheless represents a significant expansion of regulatory scope into activities involving sophisticated, non-retail clients. This raises a broader policy question as to whether COFI’s extension into these areas is appropriately calibrated, given that such clients are not traditionally regarded as vulnerable.

A further concern relates to the replacement of sector-specific legislation (such as FAIS) with a single, cross-sectoral framework. While harmonisation reduces fragmentation, it may also obscure important differences between sectors and business models.

COFI incorporates the principle of proportionality, recognising that regulatory requirements should be applied in a manner that is appropriate to the size, nature and complexity of a financial institution. In theory, this should ensure that smaller providers — such as independent financial advisors — are not subject to the same expectations as large, complex institutions. In practice, however, the application of proportionality remains uncertain in certain respects. COFI makes use of concepts such as “governing body” and “corporate culture”, which are not always clearly defined and may not translate easily to smaller firms or new market entrants. This creates a degree of ambiguity as to how such entities are expected to comply with COFI’s conduct expectations.

Practical implications

COFI’s broad scope means that its impact will be felt across the entire financial sector, including by entities that may not currently be subject to comprehensive conduct regulation.

Given the scale of reform, COFI will be implemented on a phased basis. Transitional arrangements will allow financial institutions time to align with the new framework, including the move to activity-based licensing. That being so, in anticipation of COFI’s implementation, financial institutions should assess whether their activities fall within the scope of COFI and map existing products, services and business lines to the activity-based framework.

Importantly, entities that are not currently regulated — or that are only lightly regulated — should consider whether COFI will introduce new licensing and compliance obligations.

While there is uncertainty as to how certain aspects of COFI will be implemented in practice, what is clear is that COFI represents a material expansion in both the scope and depth of conduct regulation.

Early engagement and preparation will be key to navigating this transition.

The post Mind the Conduct: A Guide to COFI appeared first on Werksmans Attorneys.

Many businesses assume that once a customer has consented to direct marketing, they may continue contacting that customer unless the consent is expressly withdrawn. South Africa’s updated direct marketing regime may challenge this assumption. Where a customer has expressly consented to receive direct marketing but later registers a pre-emptive block on the National Opt-Out Registry (the “Registry”), businesses face a difficult question: should the earlier consent or the later Registry entry prevail? The question is becoming increasingly important following recent amendments to the Consumer Protection Act Regulations, 2011 (the “CPA Regulations”), which operationalise the Registry and which the National Consumer Commission (the “NCC”) has indicated will commence practical registration and implementation processes in July 2026. South African law does not yet clearly prescribe a hierarchy between prior express consent and subsequent pre-emptive block in every scenario. Pending clearer regulatory or judicial guidance, the issue should be managed as both a legal interpretation question and a data-governance risk.

Why this matters operationally

For many companies, consent and opt-out records are fragmented across business units, legacy platforms, outsourced call centres, CRM systems, loyalty databases, and third-party lead-generation arrangements.

A customer’s marketing status may be recorded in multiple parallel datasets reflecting historical contractual consent, marketing preferences, channel-specific opt-outs, POPIA objections, customer‑service suppressions, and external opt-out registry requirements. (For ease of reading, this article refers generally to “customers”, while using “consumers” where the CPA is being discussed and “data subjects” where POPIA is being discussed.) One system may show that a customer previously consented to direct marketing, while another may show a later channel-specific opt-out.

Businesses will therefore need rules for dealing with conflicts between earlier consent, later Registry-based opt-outs, POPIA objections and channel-specific marketing campaigns. If a customer appears on the Registry, but remains marked as having “consented” to direct marketing, which instruction will prevail? How should the business treat customers who gave prior express, and sometimes written, consent before registering a pre-emptive block on the Registry? How should customer databases be cleansed where consent records, channel-specific opt-outs, POPIA objections and Registry suppressions conflict? How should third-party lead-generating databases be assessed before use? What audit trails must exist to demonstrate that the business has a lawful basis for sending direct‑marketing communication?

Until this hierarchy is clarified, direct marketers will need to implement a clear governance position that can be applied across systems, channels, and third-party data sources.

The CPA position

Section 11 of the CPA, headed “The Right to Restrict Unwanted Direct Marketing”, prescribes consumers’ rights in respect of direct marketing. In terms of this section, consumers have the right to refuse direct marketing, require that it be discontinued, or pre-emptively block unwanted marketing. The amended CPA Regulations give practical effect to this by recognising a pre-emptive block registered on the Registry established by the National Consumer Commission (“NCC”). This section also prohibits direct marketing to any person who has requested that direct marketing be discontinued or has registered a pre-emptive block.

In terms of the CPA Regulations (as amended), a “pre-emptive block” means “registering a block on the opt-out registry established by the Commission … to prevent any unwanted electronic communication from direct marketers”.

The use of the word “unwanted” is notable. It leaves room for the argument that direct marketing sent within the scope of a consumer’s specific, informed, and current consent is not “unwanted” direct marketing. On that view, a later Registry entry should not automatically override all prior or subsequent consent in every circumstance. However, this interpretation is not risk-free and would have to be weighed against the express prohibitions in the amended CPA Regulations.

The amended CPA Regulations strongly suggest that pre-emptive blocks are intended to have practical force. The CPA Regulations expressly prohibit a direct marketer from marketing any goods or services directly to any consumer who has registered a pre-emptive block. They also oblige a direct marketer to remove, from its direct‑marketing databases, the people who have registered pre-emptive blocks. The overall structure of the CPA regime appears designed to enable a consumer to (a) block direct marketing from a particular direct marketer by sending an opt-out message to that direct marketer; or (b) block direct marketing without having to opt out repeatedly from multiple marketers individually by registering a pre-emptive block on the Registry.

The Registry is therefore intended to create a centralised mechanism through which consumers can broadly signal that they do not wish to receive unwanted direct‑marketing communications. This is where the consent issue becomes significantly more complicated. Neither the CPA nor the amended CPA Regulations expressly or comprehensively address whether express consent for direct marketing can override a subsequent Registry entry.

The omission is significant because many organisations already rely on broad contractual or digital consent mechanisms. Consumers routinely “agree” to receive direct-marketing communications when opening accounts, downloading apps, entering competitions, or subscribing to services.

This lack of clarity is therefore not merely theoretical. It creates a real compliance, governance, and evidentiary challenge for businesses, especially those with large customer databases and legacy marketing systems.

The POPIA position

POPIA does not resolve the issue. In broad terms, section 69 of POPIA regulates direct marketing by means of unsolicited electronic communications and generally requires consent unless the existing-customer soft opt-in applies.

POPIA also recognises ongoing control by data subjects: data subjects who have provided prior consent may withdraw their consent at any time. Data subjects may also object to the processing of their personal information for direct‑marketing purposes.

POPIA therefore regulates the lawful processing of personal information, while the CPA regulates unwanted direct marketing from a consumer-protection perspective. Although the two regimes overlap substantially, in practice, they regulate different things and do not fit together neatly. It is therefore unclear how the exercise of rights under one statute affects rights and obligations under the other.

POPIA adds another layer to the difficult questions that arise under the CPA. It is unclear what role pre-emptive blocks under the CPA will play under the POPIA framework. Will registration on the Registry be treated as a withdrawal of earlier direct-marketing consent, an objection to processing, or a separate CPA-based suppression instruction?

Key unresolved questions

The current interaction between the CPA and POPIA creates several unresolved questions that affect business operations, including:

• Whether a pre-emptive block automatically constitutes withdrawal of prior consent.
• Whether a marketer may continue relying on consent obtained before a Registry entry.
• Whether a later and more specific consent can revive marketing after registration.
• Whether the answers to these questions differ for existing customers and prospective customers.

From a governance perspective, this creates a difficult compliance position for businesses attempting to design defensible direct marketing frameworks in advance of likely enforcement activity.

The regulatory position is also split across regimes. The CPA framework and the Registry are administered by the NCC and are aimed at addressing the consumer’s right to restrict unwanted direct marketing.  POPIA, on the other hand, regulates the processing of personal information and places specific limits on unsolicited electronic direct marketing. A single marketing campaign may therefore raise both consumer-protection and data‑protection issues, particularly where internal consent records, POPIA objections and pre-emptive block‑based suppressions are not aligned.

The timing and nature of the consent may also matter. Consent obtained before a customer registers a pre-emptive block may become difficult to rely on if the later Registry entry is treated as a broader suppression instruction. Consent obtained after registration may present a different question, particularly where it was recently obtained, is channel-specific and auditable. The law does not yet provide a comprehensive answer to this hierarchy issue, which is why businesses should distinguish between historical consent, post‑registration consent and broad bundled consent captured through standard customer journeys.

Comparative international frameworks indicate that laws often expressly clarify whether and when prior consent operates as an exception to do‑not‑contact registry protections. Certain countries, such as Canada, Australia, and the United States, expressly recognise consent-based exceptions to do‑not‑contact restrictions, although the scope and operation of those exceptions differ materially across regimes. The amended CPA Regulations currently do not provide equivalent clarity regarding the relationship between prior consent and later pre-emptive‑block based suppression rights.

What should you do in the meantime?

Pending clarification of the hierarchy between direct-marketing consent, pre-emptive blocks and POPIA opt-outs, businesses should consider adopting the following controls:

1. Screen marketing databases against the Registry before campaigns, and repeat that screening monthly in line with the amended CPA Regulations.
2. Reconcile Registry matches against internal consent records, channel-specific opt-outs, POPIA objections, customer-service suppressions, and legacy marketing preferences.
3. Apply a default suppression rule where the customer appears on the Registry unless there is a properly documented and supportable basis for continuing to market to that customer within the relevant channel and scope.
4. Require exceptions to be approved and documented with reference to the wording, date, source, scope, and channel of the consent relied on.
5. Allocate responsibility for suppression management to a defined business owner supported by legal, compliance, marketing operations, and data governance, rather than allowing consent status to be managed inconsistently across marketing, sales, customer service, compliance, and outsourced call centre teams.
6. Treat third-party lead lists as high-risk data assets and do not use them unless the origin, wording, scope, date, and transferability of the relevant consent can be verified before use, and the data have been screened against the Registry and other applicable suppression requirements.
7. Retain an audit trail showing how conflicts between consent records, Registry status and POPIA objections were identified, escalated, and resolved.

Until clearer regulatory or judicial guidance emerges, businesses engaging in direct marketing may need to adopt more conservative suppression frameworks. In practice, this may require organisations to treat pre-emptive block-based suppression rights as potentially overriding historical consent records unless the business can demonstrate a well-documented and defensible basis for continuing to market within the relevant channel and scope.

The post Your customer consented to direct marketing – but can you still contact them after they have registered on the National Opt-Out Registry? appeared first on Werksmans Attorneys.

South African labour law is often discussed through the lens of employee protection. That is unsurprising. The Labour Relations Act, the Basic Conditions of Employment Act, and the raft of constitutional rights underpinning workplace regulation were all designed to address historical inequality and imbalance in the employment relationship. Yet, somewhere in the modern discourse, a dangerous misconception has emerged: that employers are little more than passive participants in their own businesses, stripped of the ability to manage risk, enforce standards, and protect commercial sustainability.

That is not the law.

The modern employer retains extensive rights recognised by statute, contract, and the courts. Those rights matter. Without them, businesses cannot function effectively, workplaces become unmanageable, and ultimately jobs themselves are placed at risk.

At the centre of the employer’s rights framework lies a simple principle: employers are entitled to run their businesses efficiently, profitably, and safely. The Constitutional Court and Labour Appeal Court have repeatedly recognised that managerial prerogative remains a foundational component of labour law. While employers must exercise that prerogative fairly and lawfully, the law does not require employers to tolerate misconduct, underperformance, insubordination, incompatibility, operational inefficiency, or conduct that undermines trust.

Too often employers are advised as though every disciplinary process is merely an obstacle course designed to avoid litigation. That mindset fundamentally misunderstands the purpose of workplace discipline. Discipline is not punishment for punishment’s sake. It is a legitimate operational mechanism intended to preserve standards, accountability, and workplace order.

An employer has the right to expect honesty from employees. That principle remains one of the most strongly protected interests in South African labour jurisprudence. Courts consistently recognise that dishonesty strikes at the heart of the employment relationship because it destroys trust. Once trust is irreparably damaged, continued employment may become intolerable irrespective of the employee’s length of service or prior record.

Similarly, employers are entitled to demand acceptable performance standards. Poor work performance processes are not acts of victimisation. They are lawful mechanisms intended to assist employees to meet operational requirements. The law does not require employers to indefinitely carry employees who are unable or unwilling to perform at the required standard, provided that fair procedures are followed and reasonable assistance is offered.

The same applies to incompatibility and workplace harmony. Senior employees in particular occupy positions requiring collaboration, leadership, and strategic alignment. Where an employee creates conflict, undermines management, damages workplace cohesion, or becomes fundamentally incompatible with the organisation’s culture or leadership structure, employers are entitled to intervene. Courts have increasingly recognised incompatibility as a legitimate basis for dismissal where the employment relationship has become unsustainable.

Importantly, employers also have the right to protect confidential information, customer connections, intellectual property, and competitive advantage. In an era where employees can move between competitors with unprecedented ease, restraints of trade and confidentiality obligations remain critical commercial tools. Courts will not enforce unreasonable restraints, but they continue to uphold legitimate protections where proprietary interests are genuinely at risk.

Operational requirements dismissals are another area where employer rights are frequently misunderstood. Retrenchment is not unlawful merely because it is unpopular. Businesses are entitled to restructure operations, reduce costs, introduce technology, outsource functions, or redesign reporting structures in pursuit of sustainability and efficiency. The law requires meaningful consultation and procedural fairness — not business paralysis.

Perhaps most overlooked of all is the employer’s right to workplace safety and risk management. Employers carry statutory obligations under health and safety legislation, regulatory frameworks, and common law duties of care. Those obligations necessarily include the right to investigate misconduct, suspend employees where appropriate, restrict access to systems or sites, and take decisive action where operational or reputational risks arise.

There is also a growing trend in modern labour disputes where every managerial decision is framed as retaliation, victimisation, or constructive dismissal. Courts, however, continue to distinguish between genuine unlawful conduct and ordinary workplace management. Employees do not acquire immunity from accountability simply because grievances have been raised or protected disclosures have been made. Employers remain entitled to manage performance, discipline misconduct, and protect operational integrity, provided those actions are not motivated by ulterior or unlawful purposes.

None of this means employers are above the law. Far from it. Fairness remains the cornerstone of South African labour relations. But fairness is reciprocal. The employment relationship is not designed to operate exclusively for the benefit of one side.

Healthy workplaces depend upon balance. Employees are entitled to dignity, fairness, and protection from arbitrary treatment. Employers are equally entitled to accountability, productivity, loyalty, and operational stability.

The most effective organisations are not those paralysed by fear of litigation. They are those that understand their rights, exercise them consistently, and implement fair but decisive management practices.

The post Employers have rights too: Rebalancing the modern workplace appeared first on Werksmans Attorneys.

In September 2024, we published an article examining whether Government was aligned in its approach to enabling the rapid deployment of electronic communications networks and facilities, highlighting a persistent disconnect between national policy objectives and municipal implementation, particularly in the context of the Standard Draft By-Laws for Deployment of Electronic Communications Facilities (“Draft By-Laws“), gazetted on 24 February 2023. We identified several specific deficiencies in those By-Laws, including the undefined scope of “persons” to whom they apply (notwithstanding section 7 of the Electronic Communications Act’s (“ECA“) prohibition on providing services without a licence), the compounding of wayleave approval timelines to in excess of 90 working days, and the imposition of unclear ongoing charges under the proposed Municipal Land Use Agreements. We also noted that, despite national government’s stated commitment to rapid deployment, only three municipalities had incorporated the Draft By-Laws into their wayleave by-laws.

The publication of the Draft Policy Direction by the Minister of Communications and Digital Technologies in March 2026 (“Draft Policy”), followed by ICASA’s Draft Rapid Deployment Regulations (“the Regulations”) on 10 April 2026, signals a coordinated attempt to translate policy ambition into an operational regulatory framework. The Draft Policy had already directed ICASA to prescribe regulations addressing the manner, costs of and time within which a decision for access must be made, the implementation and publication of decisions made in terms of a dispute resolution procedure, and how reasonable compensation must be determined. The Draft Policy and the Regulations now seek to give detailed effect to those earlier directives.

A Shift from Policy Fragmentation to Regulatory Alignment

The Draft Policy explicitly gives effect to the 2023 National Policy on the Rapid Deployment of Electronic Networks and Facilities (“the National Policy“) by ensuring more efficient access to land, both public and private, for broadband infrastructure. This builds on the broader objectives of the SA Connect policy, which recognised that the lack of always-available, high-speed and high-quality bandwidth negatively impacts upon South Africa’s development and global competitiveness.

Importantly, the Policy Direction does not operate in isolation. It directs ICASA to develop a regulatory framework that addresses key structural inefficiencies, including unnecessary duplication of infrastructure, inconsistent access to public servitudes and infrastructure, the absence of a centralised infrastructure database, and the lack of effective dispute resolution mechanisms. ICASA’s Draft Regulations are therefore the operationalisation of the Draft Policy, providing the procedural detail that has historically been absent.

Standardisation of Access and the End of Informal Deployment Practices

A significant contribution of the Draft Regulations is the formalisation of land access procedures under section 22 of the ECA, which empowers ECNS licensees to enter upon any land, construct and maintain electronic communications networks or facilities, and to alter or remove their electronic communications facilities, with due regard to applicable law and the environmental policy of the Republic. As interpreted by the Constitutional Court in City of Tshwane Metropolitan Municipality v Link Africa (Pty) Ltd and Others [2015] ZACC 29, the right under section 22 entitles licensees to select and access premises, provided this is done in a civilised and reasonable manner, including giving reasonable notice and consulting with the property owner. Where licensees previously relied heavily on these statutory rights of entry — often resulting in disputes, as is evident from recent cases such as Metrofibre Networks (Pty) Ltd v Independent Communications Authority of South Africa and Others [2024] ZAGPPHC 919 (11 September 2024) – the Regulations now impose a structured process requiring prior approvals from relevant authorities, mandatory consultation with landowners and affected communities, and the conclusion of an access agreement governing entry, installation, and compensation.

This reflects a deliberate move towards procedural fairness and transparency, addressing one of the key criticisms in our earlier analysis, namely, the absence of uniform engagement standards. Practically, the procedures for approval remain a concern at local authority level. Section 24 of the ECA requires ECNS licensees to give 30 working days’ notice to any local authority or person owning or responsible for the care and maintenance of any street, road or footpath. As we noted in our earlier article, the cumulative effect of obtaining prior approvals from all relevant authorities before submitting an application could extend the effective approval period to in excess of 90 working days, a concern which remains relevant under the new framework.

Infrastructure Sharing and the Move Toward a Coordinated Network Economy

The Draft Policy places particular emphasis on reducing duplication of infrastructure, including by encouraging access to existing facilities and public infrastructure. This is reinforced in the Draft Regulations through obligations to cooperate with other licensees and provisions for trench sharing and co-build arrangements, marking a transition from a competitive build model to a more coordinated, efficiency-driven deployment environment.

The Emergence of a National Infrastructure Database

A central pillar of both the Draft Policy and the Draft Regulations is the establishment of a centralised Geographic Information System (GIS) database. The Draft Policy envisages a database populated by licensees with information on new and existing infrastructure, while the Draft Regulations go further by prescribing detailed data submission requirements, bi- annual reporting obligations, and the inclusion of forward-looking investment plans. A significant development. The absence of reliable infrastructure data has historically contributed to repeated trenching, accidental damage to existing networks, and inefficient allocation of resources. The GIS framework introduces a foundation for evidence-based regulation and coordinated planning, aligning South Africa with international best practice.

Reconfiguring Property Rights Through Compensation and Process

The Draft Policy’s emphasis for reasonable compensation to landowners where deployment activities cause damage, aligns with the National Policy requirement that compensation charged by property owners ought to be reasonable, proportionate to the disadvantage suffered, and may not enrich the property owner or exploit the licensee. Consistent with the ECA, which provides that licensees are only obligated to pay the reasonable expenses incurred as a consequence of the construction, alteration or removal of electronic communications facilities and networks, the Draft Regulations introduce a structured compensation framework requiring good faith negotiations, consideration of market value and demonstrable loss, and compensation for both physical damage and loss of use of land.

Notably, ICASA does not prescribe compensation amounts, instead facilitating a process aimed at achieving a “just and equitable balance” between the interests of licensees and landowners. This approach reflects a careful constitutional balancing exercise recognising the importance of broadband infrastructure while safeguarding property rights.

Dispute Resolution

Both the Draft Policy  and the Draft Regulations recognise the absence of effective dispute resolution as a major impediment to deployment. The Draft Policy  contemplates early declaration of disputes, possible suspension of deployment activities, and referral of compensation disputes to courts. The Draft Regulations give effect to this through a tiered dispute resolution framework requiring negotiation, mediation within a prescribed period, and escalation to ICASA, arbitration, or courts. This provides much-needed clarity and predictability, although the potential suspension of deployment pending dispute resolution could introduce delays if not carefully managed.

Persistent Challenges: Municipal Alignment and Implementation Risk

However, notwithstanding these advances, the Draft Policy itself acknowledges that only a fraction of municipalities have adopted the Draft By-Laws. Inconsistent wayleave processes at local authority level remain a significant obstacle. The success of the Draft Regulations will therefore depend heavily on municipal cooperation, alignment of by-laws with the national framework, and the administrative capacity of local authorities. Absent this alignment, there remains a risk that regulatory standardisation at national level may not fully translate into practical efficiency on the ground.

Conclusion: A Turning Point—But Not Yet a Resolution

The Draft Policy and Draft Regulations represent the most comprehensive attempt to date to address the structural barriers to rapid deployment in South Africa. They reflect a clear shift toward procedural standardisation, coordinated infrastructure planning, and balanced protection of property rights.

However, the ultimate question remains one of implementation. The framework is now considerably more coherent, but its success will depend on whether it can overcome the same challenges that have historically hindered rapid deployment, particularly at municipal level. What is clear, however, is that Government is now moving in a more unified direction. The disconnect we previously identified may not yet be fully resolved, but it is, at the very least, being actively addressed.

The post From policy direction to regulation: Is South Africa finally achieving rapid deployment? appeared first on Werksmans Attorneys.

South Africa’s Minister of Trade, Industry and Competition has, in a notice, published revised merger notification thresholds and filing fees under the Competition Act 89 of 1998 (“Competition Act“), effective 1 May 2026. The updated thresholds raise the turnover and asset values that determine whether a transaction is classified as a small, intermediate, or large merger, meaning that some deals which previously required mandatory notification may now fall below the filing threshold. At the same time, the filing fees payable on intermediate and large merger notifications have been increased. These changes will be relevant to any business contemplating M&A activity with a South African dimension from 1 May 2026 onwards.

What has changed?

Merger notification thresholds

The Competition Act requires parties to notify the Competition Commission (“Commission“) of mergers that meet prescribed turnover and asset thresholds. These thresholds have been adjusted upwards as set out in the table below; the underlying calculation methodology, which tests the combined position of the acquiring and transferred firms as well as the position of the transferred firm alone, measured “in, into or from” the Republic, remains unchanged.

In broad terms, the classification works as follows:

• a transaction that falls below either limb of the lower threshold is a small merger and is not subject to mandatory notification;
• a transaction that meets both limbs of the lower threshold but falls below either limb of the higher threshold is an intermediate merger, notifiable to the Commission; and
• a transaction that meets both limbs of the higher threshold is a large merger, notifiable to both the Commission and the Competition Tribunal (“Tribunal“).

Filing fees

The fees payable on filing a merger notification have also been increased, as follows:

Effective date

Despite the notice being published on 8 May 2026, both the revised thresholds and the new filing fees take effect retrospectively from 1 May 2026. The notice does not include any transitional provisions, so the new regime will apply to notifications lodged on or after that date.

Practical implications for clients

Notification obligations

The increase in the lower thresholds is substantive, the combined threshold has risen from R600 million to R1 billion, and the transferred firm threshold has doubled from R100 million to R200 million. Transactions that would previously have been classified as notifiable intermediate mergers may now fall below the lower threshold and qualify as small mergers exempt from mandatory notification. Conversely, the uplift in the higher thresholds from R6.6 billion to R9.5 billion (combined) and from R190 million to R280 million (transferred firm) means that some transactions previously classified as large mergers may now fall into the intermediate category, with corresponding procedural and timing benefits.

Deal structuring and timetabling

For transactions currently in the pipeline, parties should reassess their merger control analysis against the new thresholds. Where the revised thresholds affect a deal’s classification, there may be implications for whether the transaction requires notification to the Commission, alternatively notification to the Commission and approval by the Tribunal, the anticipated review timeline, and the overall transaction timetable.

But more important at this moment in time, since the new thresholds came into operation on 1 May 2026, filing fees could very well be refundable or deal teams should expect an amended invoice!

Transaction budgets

The increased filing fees, R220,000 for an intermediate merger and R735,000 for a large merger, should be factored into transaction cost estimates for deals expected to be notified from 1 May 2026 onwards.

Retained call-in power

It is important to remember that even where a transaction falls below the mandatory notification thresholds and is classified as a small merger, the Commission retains the power to require notification within six months of implementation. Parties to transactions that narrowly fall below the new thresholds should continue to assess whether a voluntary notification may be prudent.

Contact us

If you have any questions about how these changes may affect a planned or ongoing transaction, or if you would like assistance with a merger notification assessment, please contact a member of our competition team. We would be happy to assist.

The post South Africa: Merger Notification Thresholds and Filing Fees Increase from 1 May 2026 appeared first on Werksmans Attorneys.

A recent judgment handed down by Nyathi J in Maralco Business Advisors CC t/a Maralco Plant Services v GMK Civils Proprietary Limited [1], serves as an important reminder that liquidation proceedings are not a debt-collection mechanism where the underlying indebtedness is genuinely disputed.

The matter concerned an application for the final winding-up of GMK Civils Proprietary Limited on the basis that the company was allegedly unable to pay its debts as contemplated in section 344(f), read with section 345(1)(c), of the Companies Act 61 of 1973. The applicant alleged that the respondent was indebted to it in the amount of R817 994.50 arising from a plant rental facility allegedly concluded on a thirty-day basis and supported by a certificate of balance.

The respondent opposed the application on several grounds. Central to its defence was that its sole director neither concluded nor authorised the alleged facility agreement relied upon by the applicant. The respondent further contended that, even on the applicant’s own version, the alleged agreement was void for uncertainty because it failed to record an essential term, namely the rental rates or a mechanism by which such rental rates could be determined. On this basis, the respondent argued that the invoices relied upon by the applicant could not establish the indebtedness alleged.

The Court ultimately dismissed the winding-up application with costs, reaffirming the long-established principle set out in Badenhorst v Northern Construction Enterprises Proprietary Limited [2], namely that liquidation proceedings should not be used to enforce payment of a debt that is bona fide disputed on reasonable grounds.

Importantly, Nyathi J did not merely accept a generic allegation of dispute. The Court carefully analysed the nature of the disputes raised and found that they constituted substantive contractual disputes incapable of proper determination in motion proceedings seeking liquidation relief.

The applicant relied heavily on a certificate of balance clause as prima facie proof of indebtedness. However, the Court drew an important distinction between proof of indebtedness and proof of liability itself. Nyathi J held that while a certificate of balance may constitute prima facie proof according to its terms, it cannot conclusively establish liability where the validity and enforceability of the underlying agreement are themselves credibly challenged.

In particularly strong language, the Court held that “a certificate cannot bootstrap validity”. This is a significant statement for commercial litigants and insolvency practitioners alike. Certificate of balance clauses are routinely relied upon in commercial litigation and insolvency proceedings, particularly in matters involving facilities, running accounts, or credit agreements. The judgment makes it clear that the evidentiary value of a certificate remains dependent on the existence of a valid contractual foundation.

The Court further held that the respondent had raised a bona fide dispute on reasonable grounds regarding both authority and certainty of essential terms. In relation to authority, the respondent’s sole director squarely denied signing or authorising the agreement. Although the applicant argued that the documents emanated from the respondent’s offices, that services had been rendered and accepted, and that part-payments had been made from time to time, the Court held that these considerations did not permit the respondent’s version to be rejected on the papers.

Nyathi J specifically referred to the principles set out in Plascon-Evans Paints Ltd v Van Riebeeck Paints [3] and held that the respondent’s version could not be rejected as far-fetched or untenable.

The Court also rejected the applicant’s reliance on section 20(7) of the Companies Act 71 of 2008, which permits a person dealing with a company in good faith to presume that the company has complied with all formal and procedural requirements. While the Court accepted that this may be a relevant consideration at the level of “commercial probability”, it nevertheless found that the issue of authority remained genuinely disputed on the papers.

Equally significant was the Court’s treatment of vagueness and certainty of contractual terms. The respondent argued that the alleged agreement failed to specify either a fixed rental amount or an ascertainable mechanism by which the rental could be determined. The Court found that this was not a contrived defence. Instead, it constituted “a substantive contractual contest unsuited to motion liquidation proceedings”.

The judgment repeatedly emphasises the limited role of winding-up proceedings in the resolution of contractual disputes. Nyathi J noted that winding-up proceedings are not designed to resolve material disputes concerning the existence of indebtedness and reaffirmed that where a debt is bona fide disputed on reasonable grounds, the creditor’s remedy lies in action proceedings.

Perhaps the most striking passage in the judgment appears in paragraph 19, where the Court stated that contested issues of authority, contract formation, and essential terms should be ventilated by way of action proceedings “with oral evidence and discovery, not the blunt instrument of corporate death by winding-up”.

That phrase captures the policy rationale underpinning the Badenhorst principle. Liquidation proceedings carry severe commercial consequences and are not intended to operate as procedural leverage in ordinary commercial disputes.

Notably, however, the Court stopped short of criticising the applicant’s conduct as abusive or vexatious. Nyathi J accepted that the applicant had relied on a documentary trail, invoices, and a certificate of balance, “often invoked in commerce”. The Court accordingly refused to grant punitive costs and instead ordered costs on the ordinary party-and-party scale.

The judgment serves as a timely reminder that creditors considering liquidation proceedings must carefully assess the underlying contractual foundation of their claims before invoking the insolvency process. Disputes relating to authority, contract formation, certainty of essential terms, or enforceability may well render liquidation proceedings inappropriate, even where invoices have been rendered, services performed, and partial payments made.

For insolvency practitioners and commercial litigants alike, the judgment is a reaffirmation that the Badenhorst principle remains firmly embedded in South African insolvency law, and that the courts will continue to guard against the use of winding-up proceedings as a substitute for ordinary action proceedings.

[1] Maralco Business Advisors CC t/a Maralco Plant Services v GMK Civils (Pty) Ltd (2026) ZAGPPHC (20 April 2026).

[2] Badenhorst v Northern Construction Enterprises (Pty) Ltd 1956 (2) SA 346 (T).

[3] Plascon-Evans Paints Ltd v Van Riebeeck Paints[3] (Pty) Ltd 1984 (3) SA 623 (A).

The post “Corporate Death by Winding-Up”: Pretoria High Court Reaffirms the Badenhorst Principle appeared first on Werksmans Attorneys.

“It is only the inner sanctum of a person, such as his/her family life, sexual preference and home environment, which is shielded from erosion by conflicting rights of the community.” Constitutional Court of South Africa, Bernstein and Others v Bester NO and Others (1996)

The Information Regulator’s 2025/26 Annual Performance Plan (APP) signals a firmer enforcement posture under the Protection of Personal Information Act 4 of 2013 (POPIA) and a drive to modernise the Promotion of Access to Information Act 2 of 2000 (PAIA), with immediate implications for governance, breach reporting, direct marketing, access-to-information workflows, and cross‑border transfers.
In short, businesses should expect more proactive audits and higher expectations on PAIA compliance; mandatory e‑portal use for breach notifications; tighter direct marketing controls following the April 2025 POPIA Regulations amendments; and new guidance and a sectoral code in the pipeline, including a Guidance Note on cross‑border transfers and a Code of Conduct for “gated access” environments. The Regulator intends to initiate PAIA legislative amendments in the 2025/26 period to strengthen its regulatory toolkit, while Parliament’s Committee has indicated it is awaiting broader POPIA and PAIA amendment proposals. As of 5 May 2026, organisations should prioritise closing PAIA/POPIA process gaps, preparing for sector‑focused scrutiny, and aligning cross‑border practices to forthcoming guidance.

The APP foregrounds five developments that are immediately decision‑useful for boards and executive compliance teams.

• First, the Regulator will initiate a PAIA amendment process in 2025/26 to enable it to issue regulations, modernise PAIA for the digital era, and strengthen enforcement, with the Committee explicitly signalling it awaits broader POPIA/PAIA amendment proposals; in practice, this points to a near‑term policy window in which the Regulator’s formal powers to steer PAIA compliance could expand.
• Second, the Regulator will intensify security compromise (breach) oversight by consolidating technical and legal capacity and by requiring breach notifications via its eServices portal, which has been mandatory since 1 April 2025.
• Third, direct marketing compliance moved decisively in April 2025, when amended POPIA Regulations took effect, requiring recorded telemarketing calls, strengthened consent workflows, multi‑channel objection mechanisms, and clarified complaint handling; these measures raise both operational and audit-readiness expectations.
• Fourth, the Regulator will publish a Guidance Note on transborder transfers and develop a Code of Conduct for processing at gated accesses, with a draft code to be finalised during the next cycle; these instruments will standardise expectations on cross‑border diligence and curb over‑collection at estates, offices, and retail sites.
• Fifth, enforcement trends already show a willingness to impose administrative fines and to litigate strategic questions, with significant matters in education, justice, health, local government and direct marketing, alongside an uptick in own‑initiative PAIA inspections and active use of non‑compliance notices.

Legislative reform signals for POPIA and PAIA – The Regulator’s plan to amend PAIA in 2025/26

The APP records the Regulator’s intention to initiate legislative amendments to PAIA during the 2025/26 performance period to empower it to develop and issue PAIA regulations, modernise the statute for a digital environment, and strengthen the Regulator’s enforcement powers under PAIA. This is framed as necessary to respond to persistent low compliance rates with statutory reporting and to align access‑to‑information practice with contemporary processing realities. The envisaged amendments would, if enacted, give the Regulator clearer rule‑making competence and sharper compliance levers, moving PAIA closer to the more mature sanctioning architecture already present in POPIA.

The Portfolio Committee on Justice and Constitutional Development has stated it is awaiting the Information Regulator’s submissions on amendments to the protection and access frameworks, indicating parliamentary openness to receiving consolidated proposals covering both POPIA and PAIA. This point underscores that any legislative programme will traverse the Department of Justice and Constitutional Development (DoJ&CD) channels and the normal Cabinet and parliamentary processes, with timelines therefore contingent on executive scheduling and legislative load. From a planning perspective, businesses should assume that a first tranche of proposals could be tabled shortly, with promulgation dependent on parliamentary prioritisation, and should consider making readiness assessments against the likely contours of a strengthened PAIA enforcement toolkit.

Interaction with the April 2025 POPIA Regulations amendments

While not a primary legislative change, the amended POPIA Regulations commenced on 17 April 2025 and have immediate effect on operational compliance. The amendments clarify objection and correction/deletion pathways, allow multi‑channel submissions, formalise timeframes, strengthen consent for direct marketing, and require records of telemarketing interactions to be retained and provided on request, while also refining Information Officer responsibilities and complaint handling. These changes materially raise the standard for complaint-readiness, direct marketing governance and evidence‑keeping in both public and private bodies. The Regulator has already flagged direct marketing as an area where it seeks definitive jurisprudence, including whether live telemarketing falls within POPIA’s “electronic communications” rule, reinforcing that enforcement test‑cases are part of the strategy to stabilise interpretation.

POPIA–PAIA misalignment: tensions and practical implications – Enforcement asymmetry and reporting deficits

The APP and parliamentary reporting highlight a structural gap: PAIA compliance is “honoured in breach rather than in compliance,” with only 278 of 853 public bodies submitting PAIA annual reports in 2023/24 (approximately 33%), and private body reporting compliance even lower. This enforcement asymmetry is sharpened by POPIA’s more developed sanctioning regime and active use of infringement notices, compared to PAIA’s historically weaker remedial mechanisms. The Regulator’s stated legislative intent is therefore squarely aimed at closing this gap. In practice, this means businesses can expect more frequent own‑initiative assessments and site inspections under PAIA, focusing on manuals, request processing records, refusal-ground application, and annual reporting discipline, alongside corrective directions and potential follow‑on enforcement.

Process friction: request forms, manuals and data subject access

The Regulator has formally cautioned that use of repealed PAIA “Form A” is non‑compliant; requests must be made on a form substantially corresponding to “Form 2” under the 2021 PAIA Regulations, and organisations should align manuals, request workflows and public‑facing materials accordingly. Inspectors have been testing websites and internal repositories for outdated artefacts and for incomplete section 17 registers, with findings leading to remedial action. The Regulator also expects organisations to publish a clear, internal process for data subject access under POPIA and to harmonise this with PAIA request handling so that data subjects receive a coherent experience and records are complete for audit and complaint defence.

Following the 2025 POPIA Regulations amendments, objection and correction/deletion requests may be made through a broader range of channels and without strict reliance on prescribed forms, provided the form used is substantially similar; this flexibility demands that Information Officers and service teams maintain robust intake, logging, and 30‑day outcome communication controls that mesh with PAIA timeframes and records‑management duties. The Regulator has reiterated that, notwithstanding trimming of Regulation 4 references, organisations remain responsible for up‑to‑date PAIA manuals that reflect POPIA commencement and the 2021 PAIA Regulations, and that manual currency is tested during inspections.

Breach reporting workflow and e‑portal dependencies

Since 1 April 2025, all security compromises must be reported via the Regulator’s eServices portal and no longer by email, a process change intended to improve triage and monitoring. This requirement, coupled with the Regulator’s consolidation of POPIA legal and IT expertise for breach matters, raises the bar for incident response readiness, including portal user provisioning, template data completeness, and parallel victim‑notification content and timing. With 2,374 security compromises reported in 2024/25 and a 40% year‑on‑year increase in monthly notifications in early 2025/26, the Regulator has publicly pressed organisations to invest in technical and organisational security measures and to ensure timely, accurate notifications to both the Regulator and data subjects.

Enforcement track‑record to date and priorities for 2025/26 – Sanctions, litigation and sectoral signals

The enforcement picture is now textured by both administrative fines and strategic litigation. The Department of Justice and Constitutional Development received a R5 million infringement notice in 2023 after non‑compliance with an enforcement notice linked to a 2021 ransomware incident; this is being challenged in court. This case underscores the Regulator’s willingness to deploy the upper tier of administrative sanctions and defend them judicially. In education, the Regulator issued an enforcement notice prohibiting publication of matric results in newspapers on privacy grounds and followed with a R5 million infringement notice for non‑compliance, before the High Court set aside the notices; the Regulator has applied for leave to appeal, which keeps compliance obligations live pending the appellate outcome and demonstrates an appetite to crystallise POPIA principles through precedent.

At the municipal and private‑sector level, the Regulator has imposed administrative fines on Blouberg Municipality (R500,000) for unlawful online disclosure of an employee’s personal information and on FT Rams Consulting (R100,000) for non‑compliance with an enforcement notice in a direct marketing matter; both unpaid fines have prompted recovery proceedings, signalling follow‑through. Lancet Laboratories paid a R100,000 infringement notice after failing to notify both the Regulator and affected data subjects of security compromises, highlighting the Regulator’s focus on breach notification failures in health‑adjacent processing. The Regulator has also settled a high‑profile transparency dispute with WhatsApp over its 2021 privacy policy update, securing commitments to enhance information for South African users and seeking to make the settlement an order of court, an example of negotiated compliance outcomes in platform contexts.

In PAIA enforcement, the Regulator has issued notices compelling disclosure in matters such as Swartkops Sea Salt, with litigation pending, and has broadened use of non‑compliance notices to drive procedural discipline, including correct form usage and manual currency across sectors. This, combined with public notices to Information Officers and a growing cadence of own‑motion assessments, indicates that PAIA oversight is shifting from reactive complaint handling to structured, proactive compliance testing.

2025/26 enforcement focus areas reflected in the APP and oversight reports

The APP ties resourcing and indicators to stricter enforcement and modernisation. The Regulator will reconfigure internal units to concentrate technical and legal breach‑handling skills, expand PAIA compliance assessments of public and private bodies, and monitor prior‑year assessment recommendations to closure. These moves are supported by programme indicators that increase targets for own‑initiative PAIA assessments and follow‑up monitoring, and that set timeliness standards for complaints resolution and mediation. In POPIA, indicators include completions of complex and simple complaints within prescribed timeframes and the progression of a Code of Conduct for gated access processing. The focus on “gated access” reflects substantial public concern about over‑collection at secured estates, office parks and retail premises, an area with high visibility and reputational risk for property, retail, and community management sectors.

Forthcoming guidance and codes of conduct – Guidance Note on transborder information flows

The APP confirms that the Regulator will issue a Guidance Note on Transfer of Personal Information Outside the Republic, influenced by instruments such as the AfCFTA Digital Trade Protocol and AU Digital Transformation Strategy, and aimed at empowering responsible parties to conduct cross‑border commerce in a manner consistent with POPIA’s eight processing conditions. This will be advisory but will set out expected diligence, including transfer impact assessment concepts and appropriate safeguard selection. Businesses should therefore anticipate alignment with mainstream international practice, including accountability for ensuring comparable protection at destination.

Given global reference points, organisations should expect the Guidance Note to reflect approaches similar to the EU’s GDPR Chapter V, UK ICO guidance and Canada’s accountability model under PIPEDA, including reliance on contractual safeguards, risk assessments focused on access by public authorities, and enhanced transparency around foreign processing. This comparative perspective is useful for multinational compliance harmonisation ahead of publication.

Code of Conduct for processing at gated accesses

The Regulator will develop a Code of Conduct on the processing of personal information at gated accesses in response to concerns about over‑processing at controlled entry points. The APP sets the 2025/26 output as a draft code developed and approved, with finalisation in 2026/27, providing a clear horizon for stakeholder engagement and internal readiness work. The code will be issued as a Regulator‑initiated instrument, reflecting the intention to standardise proportionality, data minimisation, retention, and security expectations across estates, office parks, campuses and retail sites.

What should be top of mind for business now

Breach readiness and portal compliance

From 1 April 2025, breach notifications must be lodged via the Regulator’s eServices portal; failure to use the portal, incomplete submissions, or delays risk procedural non‑compliance and potential enforcement. With monthly notifications rising by 40% in early 2025/26, boards should satisfy themselves that incident response playbooks embed portal workflows, that user credentials and backups are in place, and that data subject notification templates meet POPIA’s specificity and timeliness requirements.

Direct marketing governance and call recording

The April 2025 POPIA Regulations amendments require strengthened consent artefacts for electronic direct marketing, recorded telemarketing calls with records available to data subjects on request, and multi‑channel, no‑fee objection mechanisms. Organisations should audit consent capture, retention and revocation flows, ensure automated and live telemarketing scripts are aligned, train call‑centre and sales teams, and calibrate complaint‑handling timeframes to the Regulations. The Regulator’s stated intent to test whether live telemarketing is an “electronic communication” under section 69 underscores the need for conservative compliance and robust evidence‑keeping.

PAIA discipline: manuals, forms, registers and annual reporting

Given low sectoral compliance and heightened inspection activity, organisations should verify that PAIA manuals reflect POPIA commencement and the 2021 Regulations, that Form 2 is used consistently for requests, that section 17 request registers are up‑to‑date, and that the PAIA annual report is submitted by the Regulator’s expected window. Parliamentary oversight notes indicate a submission period between 1 April and 30 June for the 2024/25 reporting year, with online submission via the eServices portal and pre‑requisite registration of the organisation and its Information Officer. Where the Companies and Intellectual Property Commission (CIPC) links are used, businesses should be alert to visible non‑compliance flags on public platforms and associated commercial implications.

Cross‑border transfers: anticipate the Guidance Note

Ahead of the Regulator’s Guidance Note, organisations should map cross‑border flows, identify transfer tools in use, and socialise internal expectations that POPIA accountability applies extraterritorially through contracts and oversight of processors. The likely direction of travel mirrors EU/UK practice: adequacy‑style determinations are not in play in South Africa, so emphasis will rest on contractual safeguards, risk assessment of destination regimes, and transparency to data subjects about foreign processing and potential public authority access.

Gated access processing: prepare for a stricter code

Property, retail, education, healthcare and corporate campus operators should monitor the Code of Conduct process and undertake pre‑emptive reviews of entry‑point collection practices, minimising collection to what is strictly necessary, securing storage, shortening retention, and eliminating bulk ID scans and open visitor logs. Early movement here will reduce retrofit cost when the code is finalised and signal good faith in public consultations.

Conclusion

The Information Regulator’s 2025/26 APP and related oversight materials point to an assertive but pragmatic regulatory agenda: enforce where harms are acute or systemic, modernise PAIA so it functions credibly alongside POPIA, and provide guidance and codes to standardise expectations in contested processing environments.

For business, the practical imperatives are clear. Treat PAIA as an enforcement priority, not a formality; institutionalise the April 2025 POPIA Regulations across direct marketing and complaints; operationalise the breach e‑portal; prepare cross‑border frameworks that can absorb the forthcoming Guidance Note; and remediate high‑visibility over‑collection at gates and entry points ahead of the code.

Uncertainty remains around precise legislative timelines, as Cabinet and parliamentary scheduling will drive how quickly PAIA amendments progress, and around how appellate courts will resolve live POPIA interpretive disputes, such as identifiers in result publication and the scope of “electronic communications.” These uncertainties are not reasons to delay compliance investment; rather, they reinforce the need for conservative, well‑documented practices that will survive audit and litigation. Stakeholder engagement opportunities will arise around the Code of Conduct and the Guidance Note, and well‑prepared organisations can help shape workable, sector‑sensitive standards while demonstrating leadership to boards, customers and regulators alike.

The post South Africa’s Information Regulator: What the 2025/26 Annual Performance Plan means for Business (as presented to the Portfolio Committee on 5 May 2026 appeared first on Werksmans Attorneys.

The decision in Wheatley v Commission for Conciliation, Mediation & Arbitration & others (2026) 47 ILJ 997 (LC) provides a pointed reminder of the limits of urgent litigation in the Labour Court, and of the professional obligations resting on legal representatives who invoke it. At its core, the judgment is less about the underlying dispute and more about the disciplined application of procedural principle — and the consequences of departing from it.

The applicant approached the Labour Court on an urgent basis following a ruling by a CCMA commissioner refusing legal representation at arbitration. The relief sought was wide-ranging: the setting aside of the ruling, an order permitting legal representation, the removal of the commissioner, a directive compelling the CCMA to investigate and report to the court, and the remission of the matter for a de novo hearing. But the court found the application to be fundamentally flawed.  First, the relief sought was legally unsustainable. The Labour Court does not determine, at first instance, whether legal representation should be permitted in CCMA proceedings. That discretion is expressly conferred on the commissioner in terms of the CCMA Rules. An attempt to secure such an order directly from the court reflects a misunderstanding of the statutory framework.

Second, the application was procedurally defective. The applicant sought to review and set aside the commissioner’s ruling without placing the record of proceedings before the court, notwithstanding the clear prospect of factual disputes. As the court emphasised, the absence of the record in such circumstances is not a mere technical irregularity, but a substantive impediment to the proper adjudication of the matter.

Third, the choice of remedies was misplaced. Instead of seeking to compel production of the record, the applicant pursued a declaratory order that its absence constituted a “gross irregularity”. The court reiterated that a gross irregularity must arise in the conduct of the arbitration proceedings themselves, not in subsequent administrative processes. Similarly, the attempt to compel the CCMA to conduct an investigation and report to the court was rejected on the basis that the CCMA, as an independent statutory body, must be afforded the opportunity to address complaints through its own internal mechanisms before judicial intervention is sought.

The application for the commissioner’s recusal was equally untenable. No prior request for recusal had been made to the commissioner. More fundamentally, the Labour Court does not have jurisdiction to order the recusal or removal of a commissioner at first instance. Any challenge to a commissioner’s refusal to recuse must arise within the context of a review.

Overlaying these deficiencies was the issue of urgency. The court found that any urgency was self-created. There had been a material delay in launching the application, coupled with an attempt to impose compressed timelines on the respondents — including an organ of state — without proper justification. The court reaffirmed that urgent proceedings are not to be used to circumvent ordinary processes or to place respondents at an unfair procedural disadvantage.

In the result, the court exercised its discretion to dismiss the application, rather than merely striking it from the roll, on the basis that it constituted an abuse of process.

The most significant aspect of the judgment, however, lies in the costs order. The court ordered that the applicant’s attorney pay costs de bonis propriis. While such orders are reserved for exceptional circumstances, the court found that the conduct of the litigation demonstrated a marked degree of incompetence, gross negligence and recklessness, coupled with a failure to properly engage with the applicable rules and legal principles.

The judgment underscores an important professional principle: legal representatives are not passive conduits for their clients’ instructions. They are required to exercise independent judgment and to ensure that proceedings are conducted in accordance with the law and the rules of court. Where this duty is disregarded, the consequences may extend beyond the client to the practitioner personally.

The post Urgency misconceived: A cautionary note on process, principle and professional responsibility appeared first on Werksmans Attorneys.

Digital taxation has moved from policy debate to regulatory reality. Governments across the world are implementing measures aimed at taxing revenue generated within their markets by digital businesses, regardless of their physical presence. These measures, including VAT on electronic services, digital services taxes and withholding-based mechanisms, are changing how digital commerce operates.

The rapid growth of the digital economy has fundamentally altered how goods and services are traded across borders. Businesses can supply digital products, services, and platforms into markets without establishing a physical presence in those markets, thus enabling unprecedented levels of cross-border e-commerce.

While digital taxes are often framed as a fiscal issue, their real impact is commercial. They are reshaping pricing, participation, and competitiveness in cross-border e-commerce markets, with implications for both multinational platforms and local businesses.

The economic logic behind digital taxes

Traditional international tax systems were designed around physical presence. A company paid tax in a country where it had offices, employees or tangible operations. The digital economy disrupted that model in ways that are now well understood, but still not fully resolved.

Social media platforms monetise user data without maintaining local offices. Streaming services generate subscription revenue from users across many countries. Online marketplaces facilitate transactions between buyers and sellers in countries where the platform itself may have no legal entity.

As digitalisation accelerated, governments became increasingly concerned about base erosion and profit shifting, loss of tax revenue, perceived inequities between local and foreign companies, and growing political pressure to tax large multinational technology firms.

Digital taxes have emerged as a response to these concerns. They are intended to both capture revenue and create parity between domestic and foreign businesses. However, in doing so, they inevitably change the underlying economics of how digital services are supplied across borders.

Global context: the OECD framework

The global response to digital taxation has been shaped in large part by the work of the Organisation for Economic Co-operation and Development (OECD).

Through its BEPS 2.0 initiative, the OECD has introduced a two-pillar framework. Pillar One seeks to reallocate taxing rights of large multinationals profits to markets where their goods or services are used, while Pillar Two introduces a global minimum corporate tax rate of 15%.

147 countries have committed to elements of this framework, although implementation remains complex and uneven. In the meantime, countries have continued to introduce unilateral or regional digital tax measures in their own markets.

For businesses, this creates a layered environment: global rules are emerging, but local regimes remain highly relevant and, in many cases, decisive.

The adoption of digital services taxes in Africa

Direct digital services taxes, i.e. turnover-based levies on gross revenue from digital services supplied by non-residents, remain relatively limited in Africa compared to VAT-based approaches.

A few African countries have implemented direct digital service tax regimes, including Kenya, Nigeria, Tunisia, Zimbabwe, Tanzania and Sierra Leone.

However, over 20 African countries have introduced VAT on electronic services supplied by non-resident providers, reflecting a more administratively straightforward first step in taxing the digital economy.

This shows that Africa is not creating a single model of digital taxation, but is rather experimenting with different approaches depending on administrative capacity, enforcement considerations and policy priorities.

The impact on pricing and market dynamics

One of the most immediate effects of digital taxation is on pricing.

Turnover-based digital services taxes, as well as VAT obligations on foreign suppliers, increase the cost of supplying digital services. In most cases, these costs are not absorbed entirely by the platform, but are passed on to consumers.

This is already visible across some digital services. Subscription prices, advertising costs and marketplace commissions are adjusted to accommodate digital service taxes. Although they are commercially rational, they have real implications for how businesses and consumers participate in digital markets.

The result is that digital taxes influence not only government revenue, but also consumer pricing and market demand.

For cross-border e-commerce, the effect is cumulative. Many African businesses rely on global digital platforms to reach their customers, advertise products and manage operations. As platform costs increase, so too does the cost of participating in those markets.

Cross-border e-commerce and structural friction

Digital taxes do more than increase costs. They introduce new forms of friction into cross-border trade.

The defining feature of digital commerce has been its ability to operate across borders with minimal structural barriers. Digital tax regimes are beginning to change that.

As countries introduce VAT, direct digital service taxes and withholding-based taxation of digital services, businesses must navigate:

• multiple tax regimes applied to the same transaction;
• differing definitions of taxable digital services. and
• varying compliance requirements.

This results in a more fragmented and complex cross-border environment.

From adoption to enforcement: evolving digital tax models in Africa

Beyond the question of adoption, a more important development is how digital tax frameworks are evolving in practice.

Across Africa, there appears to be a shift from relatively simple turnover-based models towards approaches that prioritise enforceability and broader jurisdictional reach.

In some cases, this involves expanding the basis on which tax is imposed. For example, Kenya’s transition from a digital services tax to a significant economic presence framework reflects a move from transaction-based taxation to a model grounded in sustained digital participation within the local market. This broadens the scope of taxable activity and introduces greater complexity in determining exposure.

In other cases, the focus is on how the digital tax is collected. For example, Zimbabwe’s move toward a withholding-based model demonstrates a different strategy, i.e., incorporating tax collection within the payment system itself. By requiring intermediaries to collect the tax at the point of transaction, the framework reduces reliance on voluntary compliance by foreign providers and significantly enhances enforcement.

Nigeria’s application of economic presence rules reflects a similar objective of asserting taxing rights over digital activity without requiring physical presence, while Tanzania’s approach demonstrates how existing income tax frameworks can be adapted to capture digital marketplace activity.

From a practical advisory perspective, these developments indicate that digital taxation in Africa has not been static, but is evolving toward models that are both more comprehensive in scope and more effective in enforcement, with direct implications for how cross-border digital services are structured and delivered.

Community and market implications

Digital taxes are often framed as a corporate tax issue. In reality, their effects are felt much more broadly.

Consumers may have to pay higher subscription prices for digital services, increased online advertising costs and, in some cases, reduced service offerings. Where platforms pass on tax costs, the impact is felt directly by users.

Small and medium enterprises are also affected. Businesses that rely on digital advertising, online marketplaces and cross-border platforms may face higher operating costs as platforms adjust pricing in response to tax obligations. At the same time, digital taxes may help level the playing field by reducing advantages enjoyed by large multinational firms.

For governments, digital taxation presents an opportunity to strengthen domestic revenue bases and support broader policy objectives, including infrastructure development and digital inclusion.

At the same time, there are legitimate concerns that these unilateral measures can create trade tensions, introduce compliance complexity and, in some cases, affect investment decisions. In practice, both perspectives have merit, particularly in emerging markets where the balance between regulation and growth is more delicate.

 Balancing competing policy objectives

For emerging markets, the central challenge lies in balancing competing priorities.

Governments want to generate revenue while continuing to attracting investment, support local innovation and ensure that digital services remain affordable and accessible. Digital taxation therefore intersects directly with digital inclusion policy and broader economic development objectives.

In the African context, this balance is particularly important. Digital markets are still developing, and policy choices in this area will have long-term implications for growth and participation.

 Strategic implications

For businesses, the implications are clear. Digital taxes are not limited to large technology companies. They affect a wide range of sectors, including digital advertising, streaming and audiovisual services, gaming and betting platforms, e-commerce marketplaces, SaaS providers and data-driven platforms.

Even in countries without direct digital services tax regimes, VAT enforcement on foreign suppliers has intensified.

At the same time, unilateral digital tax measures, including those adopted in parts of the European Union, have introduced additional complexity for multinational businesses operating across multiple countries.

As a result, digital taxation must be considered as part of broader commercial and regulatory strategy. Pricing, market entry, platform design and transaction structuring all need to take into account the evolving digital tax landscape.

Conclusion

Digital taxation is reshaping the economics of cross-border e-commerce in Africa. While the adoption of direct digital services taxes remains relatively limited, the broader direction of travel is clear.

While the adoption of direct digital services taxes remains relatively limited, the broader trend is clear. African countries are expanding their ability to tax digital activity through a combination of VAT, income tax and withholding-based mechanisms.

For policymakers, the challenge is to balance revenue mobilisation and fairness with the need to promote digital inclusion and economic growth.

For businesses, the implication is that digital tax is not just a peripheral tax issue. It is a central factor in how cross-border commerce is structured, priced and executed.

Understanding and responding to these dynamics will be critical for any business seeking to operate successfully in Africa’s evolving digital economy.

The post Digital taxes are reshaping cross-border e-commerce economics in Africa appeared first on Werksmans Attorneys.

The case of Babita Deokaran, a senior official at the Gauteng Health Department who lost her life after exposing tender corruption, exemplifies the shortcomings of the current disclosure framework in providing adequate avenues and procedures through which disclosures can be made without fear of retaliation and other forms of reprisal. In response, the Department of Justice and Constitutional Development has prepared the Protected Disclosures Bill, 2026 (“the Bill“) in an attempt to address these shortcomings.

The proposed Bill aims to strengthen protection for whistleblowers, provide adequate procedures through which disclosures can be made, afford employees protection from occupational detriment and other forms of reprisal, provide for the investigation of disclosures, establish a complaints mechanism overseen by a retired judge, and provide amendments to witness protection and legal aid arrangements. In certain circumstances, it permits a court-ordered award to a qualifying discloser in defined circumstances.^[1]

Core procedural requirements and timelines

According to the Bill, an authorised person must, within five days, acknowledge receipt of a disclosure and conduct a preliminary assessment and thereafter decide, within 10 days, whether to investigate or refer the matter to another authorised person. Disclosers must be updated at least every three months. An investigation must be completed within 12 months, subject to a single extension of up to six months granted by a retired judge. Suppression or concealment of evidence by an authorised person constitutes an offence.^[2]

Confidentiality, immunity, and anti-retaliation

The Bill criminalises unauthorised disclosure of a discloser’s identity, permits courts to hear evidence in camera and require redaction of identifying information, and confers civil and criminal immunity where the discloser reasonably believed they were revealing improper conduct. It prohibits occupational detriment for employee disclosers and detrimental action against any discloser or related person, reverses the evidential burden once a protected disclosure and linked detriment are shown, and criminalises retaliation.^[3]

Witness protection, legal assistance & system oversight

The Witness Protection Act applies mutatis mutandis to disclosers and related persons, and courts and tribunals may refer indigent disclosers for legal representation at the state’s expense through Legal Aid South Africa.^[4]

The Director-General must develop and maintain an electronic central database for disclosures and include anonymised disclosure data in the Department’s annual report.^[5]

Incentive Schemes

The Minister of Justice and Constitutional Development, Mmamoloko Kubayi, has stated that the government is cautious about adopting a direct cash rewards system but is open to public proposals. Broader models, including international practices, will be considered during public consultation. As a member of the International Labour Organisation (ILO), it is important for South Africa to consider international labour standards in this respect.

International practices such as qui tam lawsuits could be a suitable model to adopt. Under such lawsuits, private individuals institute legal proceedings on behalf of the state when there is alleged impropriety concerning the submission of false claims to the government.^[6] Qui tam lawsuits under the False Claims Act (“FCA“) in the United States of America allow a party who successfully alleges an impropriety to receive a cash incentive of between 15% and 30% of the proceeds.^[7] In terms of the FCA, when the action is one which the court finds to be based primarily on disclosure of information relating to allegations or transactions in criminal, civil, administrative, or other hearings, the court may award incentives as it considers appropriate, up to 10% of the proceeds.^[8] Any person bringing such an action may additionally receive an amount for any reasonable expenses incurred, including legal fees and costs.^[9] This model is based on the premise that, but for the individual blowing the whistle, the impact and consequential result of the fraud, corruption, or other impropriety would have had more dire consequences had such individual not come forward.

The introduction of awards in the Protected Disclosures Bill relates specifically to convictions of an employer who engaged in prohibited conduct or certain improprieties in the workplace.^[10] In terms of section 18 of the Bill, an individual or individuals may receive up to 25% of the monetary sanctions imposed on the employer if the information disclosed originated from the discloser(s), was not known prior to the disclosure, and proves elements of a criminal or administrative offence which ultimately leads to a conviction.^[11]

Although this is a step forward, the award mechanism is triggered only when an employer is convicted and a monetary sanction is imposed, and eligibility turns on the nature of the discloser and the information rather than on employee status. It excludes individuals who work in the public service, persons in authority in terms of section 34 of PRECCA[12], those who provide information as part of a plea agreement or who were accomplices in the concerned offence, and persons who are law enforcement agents.^[13] These exclusions substantially curtail incentives for many public-sector insiders, including public servants.

The Need for a Specialised Whistleblowing Office

Although the proposed Bill provides avenues on which people can rely to make disclosures, the need for more secure reporting channels is evident in order to enhance the confidentiality and anonymity of bona fide disclosers. The case for a specialised office rests primarily on the advantages of independent system-wide oversight and enforcement. The lack of an independent whistleblowing protective authority or specialist whistleblowing office has been identified by the Active Citizen Movement as a critical gap in the proposed amendments to the disclosure landscape in South Africa.^[14]

Similar to South Africa’s shortcomings concerning the lack of immediate protection and reporting channels available to citizens, the United Kingdom has tabled the Protection for Whistleblowing Bill (Bill 27), which is currently before the House of Lords in Parliament. Bill 27 aims to implement two key changes to the current whistleblowing regulatory framework in the UK: firstly, expanding the protection of whistleblowers beyond workers or persons in an employment relationship; and secondly, providing for a specialised whistleblowers office that deals with complaints and disclosures.^[15]

The proposed “Office of the Whistleblower” would set minimum standards, accredit organisational schemes, provide an independent disclosure and reporting service, issue information and action notices, make redress and interim orders, and impose civil penalties, with appeals to the appropriate tribunal. A comparable institution in South Africa will complement, not replace, the Bill’s framework by enhancing independence, consistency, and enforcement across sectors. A specialised whistleblowers office would broaden the involvement of bona fide disclosers with improved physical and employment protection.

Conclusion

An enhanced disclosure system should result in more disclosures, credible safeguards and possibly reduce the current high levels of corruption. Whistleblowing is an act of constitutional bravery that should be fostered to ensure openness, transparency, and accountability. Time will tell whether the adoption of the Bill’s stronger procedures, protections, oversight, and remedies deliver these aims. The Bill is open for public comment and submissions may be made on its content on or before 14 May 2026.

[1] Section 2 read with Sections 23 and 24 of the Protected Disclosures Bill, 2026.

[2]Section 14(1)-(4), (8)-(11) of the Protected Disclosures Bill, 2026.

[3]Sections 19, 20 and 21(1)-(8) of the Protected Disclosures Bill, 2026.

[4]Sections 22 and 23 of the Protected Disclosures Bill, 2026.

[5]Sections 3(1) and 3(7) of the Protected Disclosures Bill, 2026.

[6] 31 U.S.C. § 3730(b).

[7] 31 U.S.C. § 3730(d).

[8] 31 U.S.C. § 3730(d).

[9] 31 U.S.C. § 3730(d).

[10] Section 18 of the Protected Disclosures Bill, 2026.

[11] Section 18(1) of the Protected Disclosures Bill, 226.

[12] The Prevention and Combating of Corrupt Activities Act 12 of 2004.

[13] Section 18(2) of the Protected Disclosures Bill, 2026.

[14] ACM slams proposed Protected Disclosures Bill 2026 as ‘cold comfort’ for whistle-blowers

[15] Protection for Whistleblowing Bill (HL Bill 27).

The post A safe voice or silent risk: An attempt at reforming whistleblower protection through the Protected Disclosures Draft Bill appeared first on Werksmans Attorneys.