AI Vendor Assessment for ZA

ZA-specific obligations covered

The output is anchored on the regulations that apply to AI deployments in ZA. The top frameworks cited:

• POPIA — Protection of Personal Information Act 4 of 2013 (POPIA), in force 1 July 2021legislation · In force

  Chapter 3 (Conditions 1–8) — Eight conditions for lawful processing • Section 26 — Processing of special personal information (health, biometric, child data) • Section 71 — Right to object to decisions based solely on automated processing • Section 22 — Notification to Information Regulator and data subjects

• Electronic Communications Act — Electronic Communications and Transactions Act 25 of 2002 (ECTA)legislation · In force

  Electronic communications and cybersecurity baseline

• Employment Equity Act 55 of 1998 — Application to AI in Employmentnational_law · In force

  Employers using AI in recruitment or employment decisions must ensure automated systems do not directly or indirectly discriminate on any ground listed in Section 6(1) EEA; must audit AI tools for discriminatory impact; and must ensure that final employment decisions remain subject to human review and can be explained to affected individuals and the Commission for Employment Equity.

• National Credit Act 34 of 2005 (NCA) — Automated Credit Decisionsnational_law · In force

  Credit providers using AI for credit assessments must ensure automated models comply with Section 81 NCA affordability requirements; must not use AI to facilitate reckless credit granting; must provide applicants with reasons for adverse credit decisions; and must register with the National Credit Regulator (NCR), which has authority to audit algorithmic credit decision systems for discriminatory or reckless outcomes.

How the AI Vendor Assessment approaches this

You describe the vendor (name and product or service) and your organisation's context — jurisdiction, industry, staff size, risk appetite — and choose your alignment framework: ISO/IEC 42001:2023, NIST AI RMF, or both. The tool produces a structured, evidence-based assessment ready to hand to your procurement, legal, and information-security teams.

The Executive Summary Word document is a one-page sign-off artifact — recommendation (Approved / Conditional / Rejected), top three risk flags, top three strengths, sign-off block. The detailed Excel workbook is the working assessment instrument: 30 questions across six weighted categories, with evidence guidance, regulatory call-outs, and an auto-summing scoring sheet. Both are AI-assisted drafting aids intended to accelerate review by qualified practitioners.

What you get

• ✓ Four deliverables, three jobs: Executive Summary (.docx) for board sign-off, Detailed Workbook (.xlsx) for the working scoring (with the Evidence Request List on a dedicated tab inside it), Procurement Checklist (.xlsx) for foundational readiness — no overlap, no confusion.
• ✓ Aligned to ISO/IEC 42001:2023 Annex A or NIST AI Risk Management Framework — your choice. Every question carries the framework reference and (where applicable) jurisdiction-critical regulatory call-outs.
• ✓ Excel formulas auto-sum each category total, calculate the weighted overall percentage, and surface Pass / Conditional / Reject thresholds — procurement teams don't have to re-key or re-calculate.
• ✓ Tailored to the vendor's product category, your industry, jurisdiction, and organisation size — not a generic checklist. Designed for review and sign-off by qualified procurement, legal, or information-security practitioners.

Ready to generate?

$29 · one-time — answer a 6-question intake (including jurisdiction = ZA), and download your tailored document immediately.

Also available framed for your sector → see industry-specific pages