Table of Contents

South Africa: Highlights of the National Data and Cloud Policy, 2024

South Africa is on the cusp of harnessing the power of data and cloud technologies in economic growth. This is why in line, with the Electronic Communications Act of 2005, the Department of Communications and Digital Technologies of South Africa unveiled the National Data and Cloud Policy on May 31, 2024. The policy is aimed at promoting the country’s digital economy by enhancing data security, quality public service delivery, economic growth, among others. The Policy sets a system that enables private sectors to own and operate data centers.

Here are the highlights of the new Policy.

1. Scope: the Policy has a broad scope. It applies to the government parastatals, public and private enterprises, individuals, data controllers and processors.[1]

2. Data sovereignty and security: data generated or processed within the country will be stored in a reliable storage system in the country. Such data will have a high level of security from cyber-attacks as required under the Protection of Personal Information Act (POPIA).[2] Processing of data will be in accordance with data laws in the country.

3. Cloud Infrastructure: The Policy allows for all government IT services to be hosted in the cloud thereby creating interoperability within government departments. The cloud services will be decentralized to allow private sectors to build their own infrastructure.[3] In other words, owning data centers will not be restricted to the government alone. This boosts innovation within the economy.

4. Improved service delivery: Utilizing such an improved technology will create a high level of productivity and quality service to the public. Both government and private businesses can leverage technology to boost productivity and trust.

5. Control of data centers: The Policy emphasizes that data centers providing services to the Government must be situated in the country. It also outlined the responsibilities of data centers in South Africa. This includes but not limited to: [4]

a. Data centers must comply with environmental legislation and building by-laws.

b. Display their operational license or certification to their customers.

c. To ensure uninterrupted operations and reduce reliance on national grids, priority should be given to data centers establishing their own sources of electricity and water.

Implementation of the Policy

The State Information Technology Agency (SITA) will be the responsible authority with the mandate of sourcing data infrastructure and cloud services for the government. It will also ensure the development and monitoring of service level agreements that guarantee secure data and cloud services.

Other structures will be established to advise on the development of frameworks relevant to the policy’s implementation. This includes the Data Advisory Council and Data Cloud Technical Implementation Task Team.[5]

With the new Policy on board, businesses will have a more secured and regulated environment to mitigate risks associated with data breaches and cyber-attacks. With a decentralized system, there are better opportunities cloud service providers will explore to expand business. However, while utilizing the opportunity the new Policy gives, businesses must comply with the Policy, incorporate data protection and data security into commercial contracts.


[1] Article 11 of the National Policy on Data and Cloud, 2024.

[2] Article 4 as cited above

[3] Article 14.1 as cited above

[4] Article 15.1.6 of the National Policy on Data and Cloud, 2024

[5] Article 17 of the National Policy on Data and Cloud, 2024

Stay updated on legal news here.

Follow LineaBlu on LinkedIn here

Share on socials

Facebook
Twitter
LinkedIn