Act no: 71 of 2008

Type: Mix (Rules-based with principle-guided governance)

Purpose: Provides for the incorporation, registration, organisation and management of companies in South Africa, aiming to encourage transparency, accountability, and corporate governance.

All companies incorporated or registered under this Act, including profit and non-profit companies, state-owned entities, private companies, and public companies” [Section 8]

Public companies, State-owned enterprises, Private companies, Directors and company officers, Auditors, and company secretaries.

• Duty of Directors to Act with Care and Skill: Directors must act with the degree of care, skill and diligence that may reasonably be expected of a person carrying out the same functions [Section 76(3)(c)].
• Retention of Company Records: Companies must keep accurate records, in electronic or physical format, as part of their statutory obligations [Section 24].
• Access to Company Records: Stakeholders have rights to access certain records, which must be maintained in a manner that supports timely and secure access [Section 26].
• Secure Electronic Communication: Documents or notices transmitted electronically must be in a form that allows printing and does not mislead or reduce delivery probability [Section 6(10)–(11)].

The Companies Tribunal may impose administrative fines for breaches, including non-compliance with record-keeping or disclosure requirements [Section 175].

False statements, reckless conduct, or interference with enforcement processes may attract criminal liability [Section 214].

The Commission may issue compliance notices or refer serious breaches to court [Sections 171–174].

Trust in an organisation and its brand can be significantly damaged, leading to the potential loss of customers, contracts, and licence eligibility.

CyberProfiler: Your External Vulnerability Scan

Performs a safe, external scan of your public digital footprint to detect security weaknesses visible to attackers.

• Support Directors’ Duty of Care: Helps directors fulfil their oversight duties by identifying cybersecurity exposures that could pose operational or reputational risks [Section 76(3)(c)].
• Safeguard Access to Records: Strengthens the perimeter against breaches that might affect access to or integrity of electronic records [Section 24].
• Mitigate Exposure of Electronic Records: By identifying internet-facing vulnerabilities, CyberProfiler helps reduce the risk of unauthorised access to company records stored electronically [Section 24].
• Protect Availability of Online Records: Supports business continuity by flagging exposed systems that may compromise the availability of electronic disclosures or filings [Section 6(11)].

DMARC: Stop Email Spoofing and Protect Your Brand

Enforces domain-based email authentication to block spoofing, stop phishing, and boost email deliverability.

• Secure Electronic Notices: Enhances the authenticity of company communications, reducing risk of misdelivery or impersonation in electronic notices [Section 6(10)].
• Protect Stakeholder Communications: Reduces risk of fraud and impersonation in communications sent under the company name [Section 6(10)].

• Information Regulator: https://inforegulator.org.za/popia/
• Michalsons: Link to the Act in the form of a website: popia.co.za
• Michalsons: POPIA offenses, penalties and administrative fines: Michalsons Blog

(Links verified and active as of May 2025)

Where appropriate, we link to Michalsons’ expertly maintained legal resources and plain-language explanations. We gratefully acknowledge their role in making South African legislation more accessible and understandable.