Your basket is currently empty!

Regulatory Environment: South Africa
Cybersecurity-related laws, regulations, and codes are becoming more relevant—and in many cases, compliance is now a formal expectation.
This page gives you a clear, practical overview of the Acts, Standards, and Codes that may apply to your organisation.
For each one, we show:
- What the law or standard is about
- Who it applies to
- What your main obligations are
- What happens if you don’t comply
- And where ARMD.digital’s products can help support compliance
Please note:
The summaries provided on this page reflect our own interpretations and are for informational purposes only. They do not constitute legal advice.
Understanding Different Types of Regulation
Not all regulatory instruments work the same way. Some tell you what outcomes to achieve. Others tell you exactly how to do it. Some are industry-specific frameworks that guide governance and ethical leadership.
Here’s how they differ:
Principle-Based Laws
These set broad goals or outcomes (e.g. “protect personal data”) and give organisations the flexibility to decide how to meet them.
Rules-Based Laws
These are prescriptive. They set out specific steps, controls, and procedures you must follow.
Codes
Codes are best-practice frameworks for governance, leadership, and risk management.
The King IV™ Code, for example, is mandatory for companies listed on the Johannesburg Stock Exchange (JSE), and recommended best practice for others.
Regulatory Environment: South Africa
Payment Card Industry Data Security Standard (PCI DSS) v4.0
PCI DSS v4.0 mandates enhanced security measures, including risk management, flexible control implementation, assessment, and reporting, to protect cardholder data and address evolving threats in the payment industry.
National Credit Act (NCA)
The NCA Act’s primary goal is to establish a fair and transparent credit market by regulating consumer credit and protecting consumers from unfair practices.
Electronic Communications and Transactions Act (ECTA)
The Act is a cornerstone of South Africa’s digital legislation, establishing the legal framework for electronic communications and transactions.
Consumer Protection Act (CPA)
The CPA Act aims to promote fair and sustainable consumer markets, protect consumers from unfair practices, and provide redress for those who have been harmed by such practices.
Companies Act
The Act regulates the formation, operation, and management of companies, including incorporation, registration, governance, and winding up.