Artificial intelligence (AI) is advancing at an unprecedented pace globally. The tremendous growth in data and rapid adoption of AI technology is reshaping industries. However, these technological developments also pose significant challenges to governance, particularly in the area of environmental, social and governance (ESG) obligations.
Image source: Freepik
As organizations integrate AI into their operations, there is an urgent need for strong and effective governance frameworks to ensure innovation meets ethical standards, regulatory requirements, and protection of stakeholder interests.
Internationally, the European Union (EU) AI Act establishes a risk-based framework for AI regulation. EU AI law prohibits harmful AI practices, imposes strict compliance obligations on high-risk systems, and mandates robust cybersecurity measures to protect AI systems and associated data. Similarly, the Organization for Economic Co-operation and Development (OECD) AI Principles have emerged as a global benchmark for the responsible use of AI.
Role of PoPIA
Although there is currently no dedicated AI legislation in South Africa, AI, data and ESG are becoming increasingly important. The Protection of Personal Information Act 2013 (PoPIA) is central to how South African organizations use AI in ESG reporting and governance.
PoPIA is South Africa’s flagship data privacy and protection law, reinforcing the principles of lawfulness, fairness, purpose limitation, data minimization and transparency. This serves as a constraint against irresponsible use of AI and as a baseline governance framework that strengthens trust in ESG reporting.
PoPIA prohibits the processing of personal information for fully automated decision-making purposes, unless such processing is under human supervision, protects the legitimate interests of the data subject, or is required or permitted by laws or codes of conduct that protect the rights of data subjects.
Importantly, individuals who are subject to a fully automated decision-making process must be provided with sufficient information to understand the methodology behind the automated decision-making and then given the opportunity to express their opinion. Interestingly, PoPIA provides that this prohibition does not apply if the automated decision-making is related to the conclusion or performance of a contract and the outcome is favorable to the data subject.
PoPIA restricts cross-border transfers of personal information by allowing such transfers only in certain circumstances (for example, where the data subject has provided explicit consent or where the recipient is subject to law, binding corporate regulations, or agreements that guarantee protections equivalent to those under PoPIA).
This limitation has practical implications for organizations that rely on cloud-based platforms as an integral part of ESG data collection and reporting. The Information Regulator has confirmed that a guidance note on cross-border transfers will be published soon. This makes compliance expectations clearer for companies using global data platforms.
While PoPIA provides a basic legal framework for the responsible use of data through AI, there is growing recognition that AI governance requires specific regulatory direction. Stakeholders are increasingly calling for AI-specific legislation to ensure ethical, transparent, and responsible implementation.
AI, data and ESG in South Africa
AI tools are now widely used for ESG data collection and reporting. As AI begins to play a greater role in the collection, analysis, and reporting of ESG metrics, boards and executives must ensure that these tools are managed responsibly. This includes incorporating appropriate human oversight and aligning with recognized ESG reporting frameworks and best practices.
king v code
Although the King Corporate Governance Code is not binding law, it remains the cornerstone of ethical leadership, transparency and sustainable value creation in South Africa. The latest version, the Draft King V Code of Corporate Governance, was released for public comment in 2025.
King V represents an evolution from King IV, with a focus on integrating ESG and technology into governance practices. It explicitly envisions oversight of AI and emerging technologies, and requires governing bodies to consider ethical use, data protection, cybersecurity, and stakeholder impact.
For South African boards, King V is reinforcing the principle that AI, data and ESG are not peripheral concerns, but integral parts of responsible corporate governance.
National AI policy
In October 2024, South Africa reached an important milestone with the publication of the National AI Policy Framework by the Department of Communications and Digital Technologies. The framework sets out a national vision for AI that is ethical, inclusive and in line with constitutional values. Identify strategic pillars such as fairness and bias reduction, transparency and explainability, human oversight, privacy protection, and environmental sustainability. This framework provides direction for future AI regulation in South Africa by aligning AI governance with ethical environmental and social objectives. This highlights that AI systems must contribute not only to economic growth, but also to social equity and environmental stewardship.
This policy is a formal first step towards the development of comprehensive AI regulation in South Africa, which could ultimately lead to the codification of these guiding principles.
AI represents the next horizon for ESG. As technology evolves, so must governance frameworks. There is a clear need for regulations that address not only AI itself, but also privacy, accountability, and data protection in AI-driven decision-making. In South Africa, the lack of a dedicated legal and regulatory framework for AI is both a challenge and an opportunity.
As AI and data continue to redefine the ESG landscape, governance must evolve in tandem with technological advancements. Although South Africa is currently reliant on instruments such as PoPIA and the King Code, we are at a pivotal moment. While national AI policy frameworks have established a promising foundation, dedicated regulation is essential to ensure that AI serves as a tool for ethical, transparent, and socially responsible governance.
The challenge now is to move from principles to practice, while establishing laws and standards that protect rights, foster innovation, and align the use of AI with broader goals of sustainable development.
Unauthorized reproduction is prohibited. © 2022.Bizcommunity.com Powered by SyndiGate Media Inc. (Syndigate.info).
