Authored By: Nolwazi Mdhluli
University of South Africa
Abstract
As Artificial Intelligence (AI) transforms the financial sector rapidly, South Africa faces the challenges of leveraging its benefits while mitigating associated risks. This article explores the imperative need for AI regulatory frameworks in South Africa, specifically in the high-risk sector of finance, highlighting potential benefits of regulated AI and risks posed by unregulated AI. It examines international AI regulatory aspects including the European Union’s AI Act, and discusses the importance of accountability and liability. This article analyses South Africa’s legislatives frameworks and recent developments. The article contributes to the ongoing discussion on AI regulation in South Africa, providing insights into the intricacies of regulating AI in the financial sector.
Introduction
Artificial Intelligence (AI) refers to a range of advanced technologies, including machine learning and natural language processing, with the potential to profoundly impact individuals, societies, and environments.1
Artificial Intelligence has brought about rapid change into the legal scene, unlike past inventions such as the printing press, computers, the internet and smartphones. Law has been able to withstand technological revolution for long, however artificial intelligence has proven to have the potential to directly affect the legal profession globally, it is a powerful force in need of regulation immediately as delays are likely to cause serious repercussions.2 Not to start this article on a negative note, it is noteworthy that AI possess significant challenges and risks, its benefits in the legal profession are undeniable and warrant acknowledgement.
The effective implementation of AI can generate significant advantages, including increasing access to legal information to individuals by utilisation of AI-driven chatbots and virtual assistants.3 AI has the potential of assist attorneys save time and costs through document automation tools while AI powered research tools enable a rapid analysis of vast legal databases, providing attorneys with unprecedented insights.4
As the adage goes, ‘with great power comes great responsibility.’Similarly, with AI’s immense potential comes a corresponding need for regulatory frameworks that can effectively mitigate its risks and challenges while ensuring efficient integration of AI. The rapid metamorphosis of AI necessitates swift regulatory action to pre-empt potential legal issues that could arise in the absence of clear guidelines.
AI Regulatory Frameworks in the Financial Sector
AI inventors dream of having unlimited control and freedom to explore the depths of AI and its impact to the global market, however such freedom pose a foreseeable risk and disaster amongst the intertwined systems of finance, data science and human interactions. 5 Truby et al. argued that as AI continues to develop the need for transparency at a macro level is ever necessitated as AI systems become more complex, it may become difficult for laymen to understand the underlying processes making transparency a crucial aspect of AI regulation.6
Further arguing the need of AI regulations at a micro level, indicating “regulatory pain points” summarised as:
“Bias and discrimination in financial decision making, model risk management based on data set and consequent liability and cybersecurity, data privacy and transparency in data sources”7
The article emphasizes regulation on these key issues as they bring foreseeable challenges such as unfair treatment of certain groups of individuals through perpetuating biases, systemic liability due to AI-driven decisions thus destabilizing financial markets globally, compromise sensitive data that could lead to lack of trust in financial institutions.8 The regulation of AI in the financial sector possesses the ability to promote fairness, stability, trust, mitigate risk and financial crime, and ensuring that AI is used responsibly and for the benefit and safety of all.
Financial sector legislative frameworks
The financial sector in South Africa stands to benefit from the integration of AI. However, despite these benefits, a significant challenge remains, in instances where AI commits errors, omissions, or other malfunctions, attributing legal accountability proves difficult due to the lack of a single comprehensive legislation governing AI liability in the country. Instead, accountability is addressed through fragmented pieces of legislative frameworks, which are often inadequate for addressing the complexities of AI related issues.9
The South African financial regulatory framework is based on a Twin Peaks model established by the Financial Sector Regulation Act 9 of 2017 (FSRA). The term “Twin Peaks” refers to the regulatory framework that separates oversight of the financial sector into two distinct areas, each handled by an independent regulator.10 Namely the Prudential Authority (PA) and Financial Sector Conduct Authority (FSCA), the former regulator focuses on ensuring the safety and soundness of financial institutions, monitoring their financial stability and risk management in the interest of customers,11 the latter regulator concentrates on business conduct, overseeing how financial institutions interact with customers and ensuring they adhere to fair practices and regulatory requirements.12 Regulations aimed at preventing misuse of currency for illegal activities, money laundering and terrorist activities are regulated through the Prevention of Organised Crime Act 121 of 1998 (POCA), the Financial Intelligence Centre Act 38 of 2001 (FICA), and the Protection of Constitutional Democracy against Terrorist and Related Activities Act 33 of 2004 (CDTRA).13 The use of AI for critical functions like audits, credit certifications, and identity verifications pose substantial risks if not properly monitored and efficiently regulated. Through the lack of effective oversight, AI could facilitate a range of criminal activities, underscoring the importance of robust risk management frameworks, as mandated by section 7 and 8(1) of the Financial Advisory and Intermediary Services Act 2002 (FAIS).14 Section 71(1) of the Protection of Personal Information Act 4 of 2013 (POPIA) protects individuals from automated decision-making by ensuring they aren’t subjected to decisions made solely by algorithms or machines that have significant legal consequences, without human oversight or intervention giving financial services consumers protection in situations where AI-driven decisions might impact them.
Kgaole et al. argued that financial planners in South Africa have a fiduciary duty and regulatory obligation when providing financial advice to clients, which becomes complex when AI is deployed. According to FAIS, advice includes any recommendations or guidance of financial nature provided to clients, and when AI is used to perform tasks through chatbots and virtual assistants this can be seen as delegated authority, where the system executes instructions based on its programming. However due to nature of AI in South Africa being unregulated there is significant potential of the question of liability and accountability being raised in cases of errors or omissions, in such instances who would be held responsible or accountable for the error?
Kgaole et al. cited Novelli et al. indicating that consequences and liabilities for decisions made by AI lie with the programmers, authors, or creators who developed the system, as well as the legal entity executing the decision making process. Emphasizing the importance of monitoring AI in these critical functions.
Due to the unregulated and evolving nature of AI regulation there is a need to clarify who bears the burden of liability and accountability for AI-driven decisions. Responsibility and accountability have distinct meanings. Responsibility refers to the individual obligation of programmers for designing and implementing a system or process. In contrast, accountability lies with the legal entity that deploys the system. The legal entity remains accountable for the system’s actions and outcomes, ensuring transparency and addressing any errors or issues that arise.15
Regulating AI is crucial for establishing clear guidelines on liability and accountability, which would significantly ease the work of legal practitioners. Currently, the lack of comprehensive regulations creates uncertainty, making it challenging to determine who is liable and accountable for AI-driven decisions. Recent experience in South African courts, is the potential of AI chatbots generating fabricated cases which can compromise the legal integrity of legal proceedings.16 With clear regulations, lawyers would be able to more easily identify who bears responsibility for AI-related errors or omissions, determine the accountable party, and guide appropriate charges or penalties. This clarity would promote trust, stability, and fairness in the use of AI systems, ultimately making it easier for legal practitioners to navigate complex AI related cases.
International AI Regulation
Given the global nature of AI development and deployment, international AI regulation is the next logical step in ensuring that accountability and liability are consistently applied within the South African financial Sector. The Constitution of the Republic of South Africa 1996 emphasizes on adaptability, innovation, and protection of rights, which could provide a framework for addressing the complex issues surrounding AI’s integration into South African law. Section 39(2) mandates that court and related bodies consider international and foreign law when interpreting legislation to align with the spirit, purpose, and objectives of the Bill of Rights.17 Section 39(3) provides for the granting of additional rights by common law or other legislation, as long as they align with the Constitutional provisions.18
Many jurisdictions globally have been hesitant to implement AI regulatory frameworks into law, fearing that stringent regulations could hinder their competitiveness in the AI innovation landscape, with the European Union’s AI Act being a notable exception.19
European Union AI act
The Artificial Intelligence Act was endorsed by the European Parliament on the 13th of March 2024, it is considered the worlds first comprehensive AI law, although opinions differ on its comprehensiveness. The act focuses on strengthening rules around data quality, transparency, human oversight, and accountability, while also addressing ethical questions and implementation challenges on various sectors.20 Some argue that it is primarily a product safety law that does not fully address liability and accountability,21 while South African legal scholar Daniel van der Merwe argues that certain principles in the EU AI Act might be influenced by the inquisitorial system of criminal procedure commonly used in many European countries. In contrast to, countries like South Africa, the United Kingdom, and the United states of America which use the accusatorial system. Suggesting that these differing legal systems might impact how AI regulatory principles are applied or translated into practice.22
Towards a unified approach to AI
The absence of a global regulatory framework has the potential to result in a haphazard approach to regulation of AI which may lead to inconsistent rules and standards23 This could lead to a patchwork of regulations, hindering growth and innovation and undermining effective governance. Despite there being an international agreement on the principles governing AI, the principles developed were; safety and security, accountability, transparency and explainability in the implementation and utilization of AI. It is yet to be determined whether AI inventors and user will voluntarily comply with these principles.24 The United Kingdom is adapting a flexible regulatory framework approach to AI, seeking to balance oversight with the need to foster innovation and avoid stifling the development of AI technologies.25 However, a unified AI regulatory framework can allow for jurisdictional adaptations while maintaining consistency with the common principles. Continuous monitoring and evaluation will be curial to ensure the framework remains effective and relevant. By taking a collaborative approach, it is possible to create a harmonised AI regulatory framework that respects the differences between legal systems while promoting consistency and effectiveness. This is crucial to the financial sector as AI systems can have significant impact on financial stability, consumer protection, and market integrity. Regulatory frameworks can help ensure that AI systems used in financial sectors adhere to the AI principles, places clear liability and accountability, mitigates risks and facilitates innovation while protecting customers.
South Africa’s Recent Developments on AI Regulation
South Africa is at a critical point in shaping the future of artificial intelligence (AI), navigating the need to unlock its potential benefits while mitigating its associated risks and challenges. As the world accelerates its adoption of AI. South Africa is proactively developing a robust regulatory framework designed to promote responsible AI development safeguard citizens well-being, and advance national strategic interests.
Current legislative framework
South Afrrica’s existing legislation, notably the Protection of Personal Information Act (POPIA) which ensures AI systems handle personal data responsibly and securely, Consumer Protection Act 68 of 2008 (CPA) protects consumers from unfair practices related to AI-driven services, and Electronic Communications and Transactions Act 25 of 2002 (ECTA) regulating AI’s roles in digital transactions and communications these legislative frameworks aim to regulate AI use in areas such as data protection and privacy, consumer rights and electronic transactions.26
The South African Department of Communications and Digital Technologies took the first step towards developing AI regulatory frameworks by issuing the South African National Artificial Intelligence Policy Framework’ document in August 2024.27 While the framework is still under evaluation with ongoing public consultations, the frameworks key objectives are to promote responsible innovation of AI, foster human-centred AI, Ensure transparency and accountability, develop sectorial strategies, and build capacity. The Framework is aligned with international principles and best practices for AI development and regulation. 28 The framework is yet to draft and enact comprehensive AI legislation that establishes clear mechanisms for enforcing liability and accountability, and address sector specific risks and opportunities.29
Conclusion and Recommendations
The regulation of Artificial Intelligence (AI) in South Africa is crucial to leveraging its benefits and associated risks. Although development is still underway, the current legislative framework provides a solid foundation in managing and addressing issues arising from the deployment of AI.30 A comprehensive AI regulatory framework is necessary to address the potential issues that may arise, the National Artificial Intelligence Policy Framework is a step in the right direction, aligning international principles and best practices, meanwhile the regulatory bodies in the financial sectors are capable of effectively managing AI-related issues, pending the full deployment of the National Artificial Intelligence Policy Framework, which will provide clear regulations for AI usage in the sector.31
Pending the full enactment of the National Artificial Intelligence Policy Framework several interim measures can be implemented to enhance AI governance and regulation in the financial sector. The measures are;
- Regulatory bodies should provide clear guidance on liability and accountability, in cases of errors and omissions to facilitate the efficient handling of related legal matters. • Regular assessment of AI systems performances, identify areas of improvement and ensure they align with regulatory requirements.
- And Court Regulatory bodies should create strict guidelines on the use of AI in court proceedings.
Bibliography
Journals
Chitimira Howard “An exploration of the current regulatory aspects of money laundering in South Africa” 2021 Journal of Money Laundering Control, Emerald Group Publishing Limited, Vol.24(4),
Chitimira H and Mavhuru L “A Comperative Analysis of the Desing and Implementation of the Twin Peaks Model of Financial Regulation in South Africa and Australia” PER / PELJ 2024(27) – DOI http://dx.doi.org/10/17.159/1727-3781/2024/v27i0a17256
Kgaole, Thupane Justice, and Odeku, Kola. (2023). An analysis of legal accountability for artificial intelligence systems in the South African financial sector. De Jure Law Journal, 26(1),191-205. https://doi.org/10.17159/2225-7160/2023/v56a14
Marwala Tshilidzi. “AI And The Law- Navigating The Future Together”’, United Nations University, UNU Centre, 2024-02-13.
Truby, R. Brown and A. Dahdal, ‘Banking on AI: mandating a proactive approach to AI regulation in the financial sector”, Law and financial markets review, pp. 1-11, 2020
Roberts, Cowels, Hine, Mazzi, Tsamando, Taddeo and Floridi “Achieving a ‘Good AI Society’: Comparing the Aims and Progress of the EU and the US” (2021) 27 Science Engineering Ethics
Snail S and Morige M “Towards Drafting Artificial Intelligence (AI) Legislation in South Africa” 2024 Obiter 161-179
Van der Merwe D “A Local, Continental (African) and International Overview of the Law as it Relates (or Tries to Relate) to Artificial Intelligence (AI)” PER / PELJ 2024(27) – DOI http://dx.doi.org/10.17159/1727-3781/2024/v27i0a18498
Case law
Parker v Forsyth NNO and Others (1585/20) [2023] ZAGPRD (29 June 2023) Official Websites
Ryszard Lisinski, “Regulation of Artificial Intelligence in South Africa: Progress, Challenges and the Road Ahead” 10 June 2025, Fluxmans https://www.fluxmans.come/article/ai regulation-south-africa#:~:text=The%20current%20legislation%2C%20most%20notably,%2C%20privacy%2 2C%20and%20concumer%20rights.
Legislature
Consumer Protection Act 68 of 2008
Terrorist and Related Activities Act 33 of 2004
The Constitution of the Republic of South Africa 1996
Financial Sector Regulation Act 9 of 2017
Prevention of Organised Crime Act 121 of 1998
Protection of Personal Information Act 4 of 2013
1Roberts, Cowels, Hine, Mazzi, Tsamando, Taddeo and Floridi “Achieving a ‘Good AI Society’: Comparing the Aims and Progress of the EU and the US” (2021) 27 Science Engineering Ethics
2 Snail S and Morige M “Towards Drafting Artificial Intelligence (AI) Legislation in South Africa” 2024 Obiter 161-179
3 Marwala Tshilidzi. “AI And The Law- Navigating The Future Together”’, United Nations University, UNU Centre, 2024-02-13.
4 Marwala T, “AI And The Law-Navigating The Future Together”, United Nations University
5J. Truby, R. Brown and A. Dahdal, ‘Banking on AI: mandating a proactive approach to AI regulation in the financial sector”, Law and financial markets review, pp. 1-11, 2020
6J. Truby, R. Brown and A Dahdal
7J Truby R Brown and A Dahdal
8J Truby R Brown and A Dahdal
9 Kgaole, Thupane Justice, and Odeku, Kola. (2023). An analysis of legal accountability for artificial intelligence systems in the South African financial sector. De Jure Law Journal, 26(1),191-205. https://doi.org/10.17159/2225-7160/2023/v56a14 191-205
10 Chitimira H and Mavhuru L “A Comperative Analysis of the Desing and Implementation of the Twin Peaks Model of Financial Regulation in South Africa and Australia” PER / PELJ 2024(27) – DOI http://dx.doi.org/10/17.159/1727-3781/2024/v27i0a17256
11 Kgaole, T.J and Odeku K (2023) 191-205
12 Kgaole T.J and Odeku K (2023) 191-205
13 Chitimira Howard “An exploration of the current regulatory aspects of money laundering in South Africa” 2021 Journal of Money Laundering Control, Emerald Group Publishing Limited, Vol.24(4), p 789-805
14 Kgaole T.J and Odeku K (2023)
15 Kgaole and Odeku
16 Parker v Forsyth NNO and Others (1585/20) [2023] ZAGPRD (29 June 2023)
17 Constitution of the Republic of South Africa, 1996
18 Kgaole and Odeku (2023)
19 J. Truby, R. Brown and A. Dahdal, ‘Banking on AI: mandating a proactive approach to AI regulation in the financial sector”, Law and financial markets review, pp. 1-11, 2020
20 Snail and Morige obiter 161-179
21 Snail and Morige 2024 Obiter 161-179
22 Van der Merwe D “A Local, Continental (African) and International Overview of the Law as it Relates (or Tries to Relate) to Artificial Intelligence (AI)” PER / PELJ 2024(27) – DOI http://dx.doi.org/10.17159/1727- 3781/2024/v27i0a18498 p 14.
23 Mota Makore, 2024 pp 15
24 Mota Makore ST “Regulating Artificial Intelligence to Advance Financial Inclusion in South Africa” pp. 14
25 Mota Makore ST pp. 13
26 Ryszard Lisinski, “Regulation of Artificial Intelligence in South Africa: Progress, Challenges and the Road Ahead” 10 June 2025, Fluxmans https://www.fluxmans.come/article/ai-regulation-south africa#:~:text=The%20current%20legislation%2C%20most%20notably,%2C%20privacy%22C%20and% 20concumer%20rights.
27 Haroon Aziz, “ A step towards advancing AI governance in South Africa” February 1st 2025, DE Rebus
28 Ryszard Lisinski, 2025
29 Lisinski 2025
30 Kgaole and Odeku
31 Kgaole and Odeku
