Health data governance in South Africa: a clear, fact-based explanation for South African organisations — with osFoundry as an example and dgm as an independent partner.

dgm is an independent integration partner for osFoundry — it is not affiliated with osFoundry’s maker (OS LLC) and has not yet completed an integration project for any client.

Health information is among the most sensitive data categories in South Africa. Here is what to know before adding AI in healthcare.

The rules

Health information is special personal information under POPIA and needs extra safeguards; medical devices and Software as a Medical Device (SaMD) are regulated by the South African Health Products Regulatory Authority (SAHPRA), which issued a communication on AI and machine-learning medical devices (MD08) in September 2025 applying its existing risk rules. Keep diagnostic AI under human oversight and out of public models; South Africa has no horizontal AI law.

What it means for AI

Keep diagnostic AI under human oversight and out of public models, and use anonymised data where possible. osFoundry pins your data region to the US, the EU or Japan, supports local-first inference on your own device, and lets you self-host it in your own AWS, Azure or Google Cloud account (BYO Cloud). osFoundry has an EU managed region but no managed region inside South Africa. The honest difference from many markets is that South Africa does have in-country hyperscaler regions — AWS Africa (Cape Town) af-south-1, Microsoft Azure South Africa North in Johannesburg, Google Cloud africa-south1 in Johannesburg and Oracle Cloud Johannesburg — so keeping data on South African soil is achievable by self-hosting osFoundry in one of those regions or in a local data centre, or by running it local-first. Note that the US CLOUD Act can compel a US-owned provider to produce data it controls regardless of where that data physically sits, which is why some organisations prefer self-hosting or local-first for their most sensitive workloads.

This article is general information and is not legal, financial or tax advice. Incentives, tax rates and regulations change; always confirm the current position with an official source (SARS, the Department of Science and Innovation, the dtic, the Information Regulator, the FSCA or the relevant authority) or a qualified adviser before you act.

You can explore the osFoundry platform to learn more.

Where dgm comes in

dgm is an independent integration partner that helps organisations in South Africa adopt the osFoundry platform — from identifying the first practical use case, to setting it up, to connecting AI to the systems you already run. dgm operates separately from osFoundry’s maker (OS LLC) and has not yet completed an integration project for any client, so everything above is a proposed service rather than a delivered outcome. If you would like to weigh up a practical first step, dgm would be glad to think it through with you. Arrange an introductory call with dgm.