South Africa's Draft AI Policy Just Made Your Choice of Legal Tech a Compliance Decision

On 10 April 2026, the Department of Communications and Digital Technologies gazetted South Africa's Draft National AI Policy. It was 86 pages long. It proposed seven new oversight bodies. It borrowed the EU's risk-based vocabulary but left the most important definitions - including what counts as "high-risk" AI - for later.

On 27 April, Minister Malatsi withdrew it. News24 revealed that the document's reference list contained fictitious academic citations - hallucinated sources that appear to have been generated by AI and included without anyone checking them. At least six of the 67 references either didn't exist or couldn't be found in any recognised academic database.

A government policy on AI, undone by AI. The irony writes itself.

But here's what the withdrawal doesn't change: every substantive obligation the draft pointed to already exists in law. POPIA's data-processing conditions, the Legal Practice Act's professional duties, King IV's governance expectations, and the courts' increasingly clear position on AI-generated output - none of that was created by the draft, and none of it disappeared when the draft was pulled.

If anything, the withdrawal is the draft's most powerful proof of concept. The policy called for "vigilant human oversight" over AI. The department that wrote it didn't apply that standard to its own work. Minister Malatsi said it himself: "This unacceptable lapse proves why vigilant human oversight over the use of artificial intelligence is critical."

The firms that can evidence that control will win clients. The firms that can't will face uncomfortable questions from regulators, insurers, and the courts. And the AI tools those firms choose will determine which side of that line they're on.

The withdrawal didn't just embarrass the DCDT. It became a live, high-profile case study in exactly the failure mode the draft was trying to prevent.

Consider the sequence: officials used AI to help draft a policy document. The AI generated plausible-sounding academic citations that didn't exist. Nobody verified them. The document passed through multiple layers of internal review. Cabinet approved it - twice (25 March and 1 April). President Ramaphosa signed off. The Government Gazette published it. It took investigative journalists at News24, not the department's own quality processes, to catch the problem.

That sequence is not unique to the government. It is the exact failure pattern that every law firm using AI faces every day. Swap "policy document" for "heads of argument." Swap "Cabinet" for "senior partner." Swap "Government Gazette" for "court filing." The mechanism is identical: AI generates confident-sounding output, nobody verifies, and the reputational damage lands on the person or institution whose name is on the cover page.

The courts have already shown what happens when this pattern reaches the bench. In Parker v Forsyth N.O. (2023), the court cautioned that technological efficiency must still be tempered by independent reading - lawyers cannot simply parrot unverified chatbot output. Mavundla v MEC (January 2025) and Northbound Processing v SA Diamond & Precious Metals Regulator (June 2025) reinforced the message with sanctions. We've reviewed these cases in detail in a previous report.

The DCDT just learned the same lesson, at national scale, in public. The question for every law firm is whether it wants to learn it the same way.

The draft has been withdrawn. A revised version will follow - the DCDT is expected to revise and reissue for public comment, though no timeline has been provided. When it returns, the substantive provisions - the risk-based classification, the POPIA alignment, the institutional architecture, the human oversight requirements - will almost certainly remain. They reflect international consensus, not one department's invention.

More importantly, the obligations the draft made explicit don't depend on the draft at all.

POPIA Is Already Your AI Governance Framework

The draft confirmed what was already true: POPIA's existing rules - purpose limitation, data minimisation, security safeguards, and the section 71 protections against automated decision-making - apply directly to every AI tool you use.

That means every prompt you type, every document you upload, every client file you feed into an AI system is a regulated information flow under POPIA. Not a casual productivity input. Not a quick shortcut. A data-processing activity that needs to comply with the eight conditions for lawful processing.

As Werksmans' Ahmore Burger-Smidt pointed out, POPIA's conditions - purpose limitation under section 13, minimality under section 10, security safeguards under section 19 - were not designed with AI training data in mind. The draft didn't resolve that tension. Its withdrawal doesn't make it disappear.

Human Oversight Isn't Optional - and We Just Watched What Happens Without It

The draft required predetermined human intervention points for critical automated decisions, plain-language notifications when people are affected by AI systems, and an "attributable responsibility" principle: someone - a named person or entity - must be accountable for every AI-assisted output.

The DCDT's own experience just demonstrated why. The attributable-responsibility principle doesn't need a policy document to apply to your firm. It's already embedded in your professional duties: supervision, competence, confidentiality, and the exercise of independent judgment. The withdrawal simply made the consequences of ignoring those duties more vivid than any policy paper could.

Privilege Is Still on the Line

This remains the issue the draft didn't address - and the one that should keep litigators awake, regardless of the policy's status.

Cliffe Dekker Hofmeyr's analysis concludes that inputting privileged material into a public-facing AI platform likely constitutes disclosure to a third party - which could destroy privilege entirely. They cite SAA SOC v BDFM Publishers and the recent US ruling in United States v Heppner (February 2026).

Webber Wentzel's Kim Rew and Tristan Marot made the parallel case: a practitioner who inputs client information into a consumer AI platform without adequate contractual safeguards risks breaching their duty of confidentiality, regardless of whether privilege is ever formally tested in court.

The practical question is blunt: does your AI tool train on your inputs? If yes, or if you don't know, you have a privilege problem. No policy document - drafted, withdrawn, or reissued - changes that calculus.

The draft was a policy document, not legislation. It created no direct penalties. Its withdrawal changes the regulatory timeline, but enforcement pressure is coming from directions the draft never controlled.

• The courts. The Parker/Mavundla/Northbound line of authority is active case law, not policy. Courts are sanctioning AI-hallucinated citations today. The DCDT just experienced the reputational version of the same failure. Your firm's version would arrive in a costs order, a professional conduct complaint, or a client walking out the door. Dive into these cases in more detail in our recent analysis.
• POPIA. The Information Regulator already has the tools to investigate AI-related data processing complaints. Section 71 automated decision-making protections, section 19 security safeguards, and section 72 cross-border transfer rules are law. They don't depend on any AI policy.
• Your clients. Sophisticated corporate clients are already asking their law firms: what AI are you using, where does our data go, and can you prove human review? After watching the government's AI policy collapse because nobody checked the references, those questions will only get more pointed.

The withdrawal creates a window. When the revised draft returns, these are the gaps the profession should push to close:

• Define "high-risk." The original draft used the EU AI Act's risk-based vocabulary - unacceptable, high, medium, low - but never defined the thresholds. Burger-Smidt put it directly: South Africa "uses the same vocabulary of risk categorisation, but punts the substance ... to future regulations and sector strategies." The revised draft needs to do better.
• Address legal practice explicitly. Unlike the EU AI Act, which classifies AI used by judicial authorities as high-risk, the South African draft did not mention legal practice as a distinct category. The profession should advocate for explicit treatment in the revised version.
• Resolve the institutional architecture. Seven new bodies were proposed. The withdrawal is an opportunity to streamline before the structures are embedded.
• Create a privilege-safe operating framework. The draft created audit, transparency, and contestability mechanisms but never addressed how they coexist with legal professional privilege. This is the single most important gap for the profession to address when the comment window reopens.

The withdrawal doesn't change South Africa's direction - only the pace. The most useful framing for practitioners: South Africa is adopting EU rhetoric with UK architecture and NIST operational scaffolding.

• EU AI Act: Binds directly, carries penalties of up to 7% of global turnover, and explicitly classifies legal and judicial AI as high-risk. South Africa's draft classified nothing yet.
• UK approach: Distributes authority across existing sectoral regulators without a single AI statute. South Africa is doing something similar but proposed six or seven new bodies on top of existing regulators - trading the EU's legal clarity for what critics warn is fragmentation without adequate resourcing.
• NIST AI RMF: Explicitly named in the now-withdrawn gazette, provides the operational logic: Govern, Map, Measure, Manage. It's voluntary in the US. In South Africa, compliance will eventually become compulsory through sector-specific regulation.

For firms doing cross-border work, the practical implication doesn't change: your international clients will increasingly expect you to meet EU-grade governance standards, whether or not South African law technically requires it.

The 10 June comment deadline is suspended. But the withdrawal actually gives firms more reason to act, not less. Here's why: when the revised draft returns, the profession's response will be scrutinised more closely than ever. Firms that have already mapped their AI use, hardened their controls, and developed a position on how legal practice should be treated in the regulatory framework will be ready. Firms that used the withdrawal as permission to wait will be caught flat-footed.

1. Audit your current AI use. Map every tool, every workflow, every person using AI in your firm. Separate the low-risk administrative uses from the rights-affecting legal work. You cannot govern what you haven't mapped.
2. Test your privilege exposure. For every AI tool your firm uses: does the provider train on your inputs? Where is your data processed and stored? What contractual commitments exist around data isolation? If you don't have clear answers, you have a problem that predates any policy.
3. Adopt a POPIA-aligned AI use policy. Specify: which tools are approved, what categories of information may and may not be input, who reviews AI-assisted output before it leaves the firm, and how use is logged.
4. Verify everything. This is the lesson the DCDT learned in public. Every citation, every case reference, every statutory provision that AI generates must be independently verified before it carries your firm's name. If it sounds obvious, remember that an 86-page policy document passed through Cabinet twice without anyone doing it.
5. Require human review as a structural default. Not as a suggestion. Not as guidance. As a non-negotiable checkpoint before any AI-assisted legal output reaches a client, a court, or a counterparty.
6. Prepare your submission for when the comment window reopens. The revised draft will come back. The profession's collective voice is still conspicuously absent - no statement has been issued by the Law Society of South Africa, the Legal Practice Council, or the General Council of the Bar. That vacuum needs filling. Start drafting your position now.

The withdrawal shifts the AI conversation in a way that should matter to every firm choosing its tools. The question is no longer "what's fastest" - it's "what's verifiable?"

The DCDT's experience demonstrated what happens when AI output isn't checked: a national policy document, approved at the highest level of government, was undone by citations that didn't exist. For a law firm, the stakes are the same. The failure mode is the same. The only variable is whether the tools you use are designed to prevent it.

This is the design principle behind Squire. We built it for legal professionals who need AI that works the way professional obligations require - not the way consumer chatbots happen to.

• Jurisdiction-aware intelligence. Squire is trained on South African law, regulations, and case precedents. When you ask a question, the answer reflects the legal framework that actually governs your matter - not a generic international dataset that might generate a plausible-sounding citation to a journal article that doesn't exist.
• Your data stays yours. Client inputs are not used to train our models. Documents, prompts, and queries are isolated by matter. The privilege risk that CDH and Webber Wentzel have flagged doesn't arise when the platform is designed to prevent third-party disclosure by default.
• Built for verification, not blind trust. Every output comes with traceable citations to real sources. Exportable logs, review checkpoints, matter-level permissions, and retention controls - so that when a client, regulator, or court asks how AI shaped a particular output, you have a documented, verifiable answer. Not a hallucinated one.
• Human review is structural, not optional. Squire is designed around the principle that AI generates, but lawyers decide. Every output is a starting point for professional judgment, not a substitute for it. That aligns with the standard the courts in Parker, Mavundla, and Northbound have already established - and with the lesson the DCDT just learned the hard way.

The draft policy has been withdrawn. A revised version will follow. But the obligations it pointed to are not new, and they are not suspended.

POPIA, the Legal Practice Act, King IV, and the courts have been building toward this moment for years. The draft simply made the direction unmistakable. The withdrawal, paradoxically, made the argument for disciplined AI governance more compelling than the draft itself ever could.

Treat your AI use today as though it will need to be explained tomorrow - to a client, a regulator, a court, or an insurer. Choose tools that can evidence confidentiality, human oversight, and verifiable output rather than merely promise efficiency.

That's the standard this draft was pointing toward. It's the standard the DCDT failed to meet in its own work. And it's the standard legal technology should already be meeting.

The comment period will reopen. The profession has the withdrawal window to prepare - to decide whether legal AI in South Africa is governed on terms lawyers help write, or on terms that arrive pre-assembled. Don't waste it.

Disclaimer: This article provides general legal information and commentary. It does not constitute legal advice and should not be relied upon as a substitute for consultation with a qualified attorney licensed to practise in your jurisdiction.

Researched with the assistance of AI and reviewed by Squire's legal and editorial team.