Everywhere this tree says "keep the data in the country," the reason is one statute: the Protection of Personal Information Act 4 of 2013 — POPIA. It sets eight conditions for lawful processing, singles out special personal information for near-prohibition, and — the part that governs every AI decision — runs a cross-border transfer test in section 72. Every time you send a document to a US-hosted model, you are making a section 72 call, whether you know it or not. This leaf is the law itself, read for the AI era: the conditions, the transfer test, the operator agreement, and the policy that keeps a firm on the right side of it.
POPIA — the Protection of Personal Information Act 4 of 2013 — is South Africa's comprehensive data-protection law. It commenced on 1 July 2020 with a one-year grace period, so it has been fully enforceable since 1 July 2021. It is broadly GDPR-shaped in structure without being identical, and it is now actively enforced by an independent regulator, not a paper commitment.
Two roles run through everything. The responsible party determines the purpose and means of processing personal information — the GDPR "controller." The operator processes personal information on the responsible party's behalf under a mandate — the GDPR "processor." An AI vendor that processes your documents is almost always an operator, and that relationship has to be papered (see §05). Oversight sits with the Information Regulator (South Africa), which investigates complaints, conducts assessments, issues enforcement notices, and can impose administrative fines.
Every residency claim elsewhere on the tree — Copilot in SA, Dataverse, the Keep the Data Home briefing, the Legal AI leaf — is ultimately a POPIA argument. This node is the statute those leaves are reasoning from, so the residency posture they describe has a legal spine, not just a preference.
POPIA does not turn on "consent" alone — that is the most common misconception. Lawful processing means satisfying all eight conditions for the processing you are doing. An AI workflow has to clear every one of them.
| # | Condition | What it demands |
|---|---|---|
| 1 | Accountability | The responsible party must ensure the conditions are met — it stays liable even when an operator does the work. |
| 2 | Processing limitation | Process lawfully, minimally, with a justification (consent, contract, legal obligation, legitimate interest) — only what's necessary. |
| 3 | Purpose specification | Collect for a specific, explicit, lawful purpose; don't keep records longer than needed for it. |
| 4 | Further processing limitation | New uses must be compatible with the original purpose — the trap when data collected for one thing is fed to an AI tool for another. |
| 5 | Information quality | Keep personal information complete, accurate, and up to date for its purpose. |
| 6 | Openness | Be transparent — maintain documentation and notify data subjects about the processing. |
| 7 | Security safeguards | Secure the integrity and confidentiality of personal information; ensure operators do too, in writing. |
| 8 | Data subject participation | Data subjects can access, correct, and delete their information. |
Section 26 defines special personal information and prohibits processing it unless a specific exception applies (s.27) — consent, a legal claim, a public-interest research basis, and a few others. The categories are: religious or philosophical beliefs, race or ethnic origin, trade-union membership, political persuasion, health or sex life, biometric information, and criminal behaviour. Children's personal information gets its own heightened protection (ss.34–35).
This matters acutely for legal work and for AI. A litigation file routinely contains health data, criminal-behaviour information, and biometric identifiers; an HR matter contains trade-union and health data. Feeding that into an AI tool is not just processing personal information — it is processing special personal information, which starts from a prohibition and needs an exception plus every one of the eight conditions. The bar is higher, and "we had consent to store it" is not automatically consent to process it through a third-party model abroad.
Section 72 restricts transferring personal information to a third party outside the Republic. Sending a prompt containing personal information to a model hosted in the US or the EU is such a transfer. It is lawful only on one of these bases — and you must be able to name which one.
| Basis | When it applies |
|---|---|
| Adequacy | The recipient is subject to a law, binding corporate rules, or a binding agreement that provides substantially similar protection to POPIA. Note: unlike the EU, POPIA has no published adequacy whitelist — you assess and document it yourself. |
| Consent | The data subject consents to the specific transfer, informed of the risks. Real, specific consent — not a blanket clause buried in terms. |
| Contractual necessity | The transfer is necessary to perform or conclude a contract with the data subject, or a contract concluded in the data subject's interest between the responsible party and a third party. |
| Benefit of the data subject | The transfer is for the data subject's benefit, consent isn't reasonably practicable, and it would likely be given if it were. |
Every s.72 basis is a documentable but contestable position — a regulator or a court can disagree with your adequacy assessment or your reliance on consent. The one posture that removes the question entirely is not making a cross-border transfer at all: keeping inference and storage inside South Africa. That is exactly why the tree's residency leaves point at southafricanorth, africa-south1, or on-prem — not because in-country is always cheaper, but because it turns a section 72 argument into a non-event.
When an AI vendor processes personal information for you, it is your operator, and POPIA (ss.20–21) requires a written mandate: the operator must process only with your knowledge or authorisation, treat the information as confidential, and establish and maintain the security safeguards condition 7 demands. Crucially, accountability does not transfer — you remain the responsible party and remain liable if the operator leaks or misuses the data. Outsourcing the processing does not outsource the risk.
In practice this is a specific due-diligence checklist before any legal-AI tool goes near a matter: a signed operator/data-processing agreement, a named sub-processor list (where does it actually run?), the security posture in writing, breach-notification obligations, and a clear answer to the section 72 question above. This is the same "design the access model in week zero" discipline the Forward Deployed Engineer leaf names — here it is a statutory requirement, not just good practice.
A firm or company can't ask every lawyer to run a section 72 analysis per prompt. POPIA has to be compiled down into an AI-use policy — a small set of rules that keep the eight conditions and the transfer test satisfied by default.
The load-bearing decisions, each traceable back to a POPIA condition: which tools are approved (and where they process — the s.72 gate); what may and may not be pasted in (special personal information and privileged material default to "no" without an approved, in-country tool); whether a transfer basis is documented for any tool that processes abroad; who the Information Officer is (POPIA requires one, registered with the Regulator, accountable for compliance); and how a processing impact is assessed before a new AI workflow goes live. Written once, it lets a lawyer act quickly and stay compliant, instead of guessing per matter — the legal-domain version of "the backlog is the interface."
The point of the policy is not to say "no to AI." It is to make "yes" safe and fast: an approved, in-country tool for anything touching personal or privileged information, a documented transfer basis for anything else, and a named person accountable for both. Without it, every enthusiastic lawyer with a browser is an unmanaged section 72 exposure.
The section 72 test resolves, in practice, into a short set of rulings. The conservative reading is the defensible one in a regulated matter.
southafricanorth or on-prem does the job, the transfer question is one you never have to answer.POPIA is not consent-based like some readings of GDPR. Consent is one justification among several, and it's fragile — it must be voluntary, specific, and informed, and it can be withdrawn. Building an AI workflow on "we got consent" alone usually fails one of the other seven conditions.
You can outsource the processing to an AI vendor; you cannot outsource accountability (condition 1). If the operator breaches, the responsible party answers to the Regulator and the data subject. The operator agreement manages the risk; it does not transfer it.
Unlike the EU's published adequacy decisions, POPIA leaves adequacy for you to assess and document per recipient. That's more work and more exposure — you own the judgement that a US vendor's protections are "substantially similar," and you may be wrong.
Data lawfully collected for one purpose (say, onboarding) cannot simply be repurposed to train or prompt an AI tool for something else. Condition 4 requires the new use to be compatible with the original purpose — a check most "let's feed it to the model" initiatives skip.
Every responsible party has an Information Officer (by default the head of the organisation), who must be registered with the Information Regulator and is accountable for compliance. It is not an optional title, and an unregistered one is an early, visible failure.
POPIA is close enough to the GDPR that a GDPR programme transfers most of the way — the same lawful-basis logic, the same controller/processor split, the same data-subject rights. But the edges differ and the differences matter for AI. POPIA's cap on administrative fines is R10 million (versus the GDPR's percentage-of-turnover model), it adds criminal liability for certain offences, it has no adequacy whitelist, and it protects the personal information of juristic persons (companies), not only natural persons — a South African quirk with no GDPR equivalent.
The enforcement reality has shifted from theoretical to live. The Information Regulator, fully operational since mid-2021, has moved from guidance to action — enforcement notices, assessments, and the machinery to fine. Treating POPIA as a box-ticking exercise that no one checks is the posture that ages worst; a documented AI-use policy and a real transfer basis are what a regulator's first question looks for.
POPIA is the legal substrate under the tree's entire residency argument. Every "keep the data home" claim resolves here.
Read the Act and the Regulator, not summaries — this is a domain where a paraphrase can be wrong in a way that matters.