🇿🇦 South Africa · AI Risk Register

AI Risk Register for ZA

A structured AI risk register delivered in two formats — Excel (.xlsx) for live editing inside your risk-management workflow, and Word (.docx) of the same register for board sign-off. Both contain the same sector-specific AI risks, 5×5 likelihood × impact scoring, mitigations per risk, named owners, and regulatory cross-references.

ZA-specific obligations covered

The output is anchored on the regulations that apply to AI deployments in ZA. The top frameworks cited:

  • POPIA — Protection of Personal Information Act 4 of 2013 (POPIA), in force 1 July 2021legislation · In force

    Chapter 3 (Conditions 1–8) — Eight conditions for lawful processing • Section 26 — Processing of special personal information (health, biometric, child data) • Section 71 — Right to object to decisions based solely on automated processing • Section 22 — Notification to Information Regulator and data subjects

  • Electronic Communications Act — Electronic Communications and Transactions Act 25 of 2002 (ECTA)legislation · In force

    Electronic communications and cybersecurity baseline

  • Employment Equity Act 55 of 1998 — Application to AI in Employmentnational_law · In force

    Employers using AI in recruitment or employment decisions must ensure automated systems do not directly or indirectly discriminate on any ground listed in Section 6(1) EEA; must audit AI tools for discriminatory impact; and must ensure that final employment decisions remain subject to human review and can be explained to affected individuals and the Commission for Employment Equity.

  • National Credit Act 34 of 2005 (NCA) — Automated Credit Decisionsnational_law · In force

    Credit providers using AI for credit assessments must ensure automated models comply with Section 81 NCA affordability requirements; must not use AI to facilitate reckless credit granting; must provide applicants with reasons for adverse credit decisions; and must register with the National Credit Regulator (NCR), which has authority to audit algorithmic credit decision systems for discriminatory or reckless outcomes.

How the AI Risk Register approaches this

You select jurisdiction, industry, and risk appetite. The tool produces a register pre-populated with 12 to 18 AI risks relevant to your sector — each already scored on a 5×5 matrix with suggested mitigations.

You receive the same register in both .xlsx and .docx formats: the spreadsheet for live editing and ongoing risk-committee work, and the Word document for paper sign-off and board appendices. Add organisation-specific risks, adjust scores, assign owners, and set review cadence — the starting point is a credible draft, not a blank template.

What you get

  • Arrives as a working spreadsheet — not a PDF — so it fits straight into your risk workflow.
  • Each risk carries the regulatory obligation it maps to, so reviewers can trace the "why" without re-researching.
  • Bias considerations drawn from published evidence relevant to your sector, surfacing failure modes that generic templates miss.
  • Designed to be signed off by a qualified risk owner — the output does not replace that review, it accelerates the drafting stage.

Ready to generate?

$29 · one-time — answer a 6-question intake (including jurisdiction = ZA), and download your tailored document immediately.

Generate Risk Register

Also available framed for your sector → see industry-specific pages

AI-assisted drafting aid. The output references ZA regulation but is not legal advice. Have a qualified legal, compliance, or regulatory professional review before implementation.