Legal & Risk: What Businesses Need to Watch
2026-05-26
South African and UK businesses must remain vigilant against evolving legal risks tied to data governance, corporate strategy, and regulatory compliance. Three recent developments underscore critical areas where oversight is often overlooked.
The South African Revenue Service (SARS) has dismissed recent claims of a data breach, asserting no evidence of system compromise. While SARS’s systems appear secure, the incident highlights risks for businesses under POPIA (Protection of Personal Information Act 4 of 2013). Companies interacting with government entities must ensure third-party compliance with POPIA’s data-sharing obligations, including data minimization, accountability, and breach notification protocols (POPIA Section 44). Many businesses overlook the need to document and audit data-handling processes with government agencies, risking penalties if gaps exist.
Compliance action: Review contracts with government entities to confirm alignment with POPIA’s requirements and conduct internal audits to verify encryption and data minimization practices.
Altron’s decision to withdraw from multiple mergers and acquisitions signals a growing trend of companies reassessing deals amid regulatory scrutiny. While not explicitly tied to legislation, Altron’s move underscores the importance of due diligence under the Companies Act 71 of 2008. Businesses must ensure M&A activities comply with statutory requirements, including disclosure of material information to stakeholders and adherence to merger control provisions. Overlooking due diligence risks legal exposure, especially if deals fail due to hidden liabilities or non-compliance with sector-specific regulations.
Compliance action: Strengthen M&A due diligence processes to identify regulatory, financial, and operational risks early. Ensure contracts include clauses for termination in cases of non-compliance with evolving laws.
The termination of free insurance for investors, as reported in The end of free insurance for investors (Moneyweb), may signal shifts in risk allocation between businesses and stakeholders. Companies offering investment products must now navigate insurance regulations and consumer protection laws. Under the Financial Services Conduct Act (FSCA), businesses are required to disclose insurance terms transparently, ensuring investors understand potential risks. Failure to comply could lead to disputes or regulatory action if investors claim inadequate safeguards.
Compliance action: Review insurance policies and disclosures to align with FSCA requirements. Update investor communication materials to reflect changes in coverage and liability.
---
**
** The legal interpretations of the insurance policy changes and POPIA alignment require further nuance, especially in sectors with complex data interactions or cross-border operations. A qualified legal director should assess sector-specific implications and ensure alignment with evolving regulatory expectations.