POPIA and AI: a guide for South African business: a clear, fact-based explanation for South African organisations — with osFoundry as an example and dgm as an independent partner.

dgm is an independent integration partner for osFoundry — it is not affiliated with osFoundry’s maker (OS LLC) and has not yet completed an integration project for any client.

POPIA is South Africa’s main data-protection law and it is decisive for AI projects. Here is what matters.

POPIA in brief

Personal information you handle is governed by the Protection of Personal Information Act 4 of 2013 (POPIA), which has been fully in force since 1 July 2021, and is overseen by the Information Regulator (South Africa), which administers both POPIA and the Promotion of Access to Information Act (PAIA). POPIA uses the terms responsible party and operator for what GDPR calls a controller and processor. Cross-border transfers of personal information are permitted under section 72 on one of five grounds, including adequate protection in the recipient country, binding corporate rules or the data subject’s consent. A security compromise (data breach) must be reported to the Regulator and affected data subjects as soon as reasonably possible — POPIA sets no fixed 72-hour deadline. POPIA does not impose a general data-localisation requirement, and South Africa does not hold an EU adequacy decision.

What it means for an AI project

AI systems that process personal information fall under POPIA; establish a lawful basis, minimise data, anonymise where you can and keep human oversight. Keep sensitive information out of public models. osFoundry is a model-agnostic AI orchestration platform built on a bring-your-own-key (BYOK) principle: usage-based pricing with no per-user fee, local-first and self-hostable operation, the option to pin your data region (US, EU or Japan) or to deploy it inside your own private cloud.

This article is general information and is not legal, financial or tax advice. Incentives, tax rates and regulations change; always confirm the current position with an official source (SARS, the Department of Science and Innovation, the dtic, the Information Regulator, the FSCA or the relevant authority) or a qualified adviser before you act.

You can explore the osFoundry platform to learn more.

Where dgm comes in

dgm is an independent integration partner that helps organisations in South Africa adopt the osFoundry platform — from identifying the first practical use case, to setting it up, to connecting AI to the systems you already run. dgm operates separately from osFoundry’s maker (OS LLC) and has not yet completed an integration project for any client, so everything above is a proposed service rather than a delivered outcome. If you would like to weigh up a practical first step, dgm would be glad to think it through with you. Arrange an introductory call with dgm.