The Films and Publications Act establishes that commercial online distributors have to register with the Film and Publications Board (FPB) as distributors. A commercial online distributor is defined as a "distributor in relation to films, games and publications which are distributed for commercial purposes using the internet". The Act penalises failing to register with the FPB as a distributor with a fine of 150,000 rands (USD 9,300).
On 1 March 2022, a 2019 amendment came into force, which extended the mandate of the FPB to include online games, films, and publications. However, even before this amendment, all distributors, including commercial online distributors, although not expressly mentioned in the Act, had to register with the FPB.
On the other hand, in November 2020, the FPB finalised revisions to the tariff structure that would require online streaming services to pay a licensing fee per film and per series season that they offer. The previous structure involved payment of a flat fee. It is reported that after some initial resistance, all major content distributors, including Google, Apple, Netflix, and the South African company MultiChoice, registered with the FPB and paid license fees.

The South African Bureau of Standards (SABS) implements a program for the issuance of Certificates of Compliance (CoCs) for Electromagnetic Interference/Compatibility (EMI/EMC) of electrical and electronic goods, including an annual non-refundable fee paid by manufacturers for each CoC, fees for registering factories, and fees for model name changes. The program also requires manufacturers to have EMI/EMC testing done at SABS-verified third-party labs. If testing is required from an independent lab that is not SABS verified, the manufacturer must request that the lab be verified through SABS at the expense of the lab. Ultimately, the regulation is meant to ensure that all electronic equipment entering South Africa meets the required quality-performance standards. However, it is reported that some industry stakeholders have raised concerns that the five-fold increase in certification costs, the additional administrative burden, and the lack of resources in South Africa to support the procedure might extend the time to market for quickly evolving and obsolescing information and communication technology products. South Africa still accepts test results from International Laboratory Accreditation Cooperation-certified labs. Still, SABS also conducts a comprehensive review of the test results to ensure that the product meets South African EMC standards. The protracted review can take up to 18 months to complete, during which time the product may become obsolete.
Section 3 of the National Regulator for Compulsory Specifications Act, 2008 (Act No. 5 of 2008) establishes the National Regulator for Compulsory Specifications (NRCS) and empowers it to regulate the compulsory specifications of any product or service in South Africa. In addition, Section 35 of the Electronic Communications Act 36 of 2005 requires that the telecom authority approves digital products before they are used in the country.

According to Art. 29 of the Electronic Communications and Transaction Act, the Director-General of the Department of Communications must establish and maintain a register of cryptography and record the following particulars in respect of providers, such as the name and address of the cryptography provider, a description of the type of cryptography service or cryptography product other particulars as may be prescribed to identify and locate the cryptography provider or its products or services adequately. Moreover, according to Section 40 of the ECA, a foreign cryptographer must be registered with the Department of Communications as such prior to rendering cryptography services and supplying cryptography products in (or to persons in) South Africa. This registration obligation applies to foreign cryptography providers rendering their services or selling their products in South Africa.

According to Art. 5 of Directive No. 1 of 2020, the National Payment System Act, card issuers must be participants in the domestic clearing system. Additionally, domestic merchants must use local card acquirers, and foreign card issuers are prohibited from issuing domestic cards for domestic transactions unless they are also participants in the domestic clearing system. A clearing system participant is defined as a bank, a mutual bank or a cooperative bank, a designated clearing system participant, or a branch of a foreign institution, as contemplated in the NPS Act, and a member of the payment system management body (Payments Association of South Africa is the payment system management body recognised by the South African Reserve Bank, in terms of the National Payment System Act, to organise, manage and regulate the participation of its members in the payment system). On the other hand, card issuer means a clearing system participant and a member of a card scheme that has entered into a contractual relationship with a cardholder, in terms of which a card is issued to effect a payment, withdraw cash or transfer funds. Lastly, a card acquirer is defined as a clearing system participant and a member of a card scheme that enters into a contractual relationship with a merchant and the card issuer for the purpose of accepting and processing card transactions.

South Africa does not implement any de minimis threshold, which is the minimum value of goods below which customs do not charge duties. However, it is reported that there is an informal threshold of USD 35.

Sections 29 and 30 of the Tax Administration Act provide for restrictions in relation to electronic business and tax records. Specifically, Section 30.1(b) requires that the records, books of account, and documents referred to in Section 29 must be kept or retained by taxpayers (or their agents) in the form, including electronic form, as may be prescribed by the Commissioner of the South African Revenue Service (SARS) in a public notice appeared in the Government Gazette No. 787.
The Public Notice provides that the electronic records must be in an acceptable form that satisfies the standards contained in the Electronic Communications and Transactions, 2002 (Act 25 of 2002); the records must be easily accessible for inspection by SARS at all reasonable times if required; and the records must be kept and maintained at a place physically located in South Africa unless otherwise authorised by SARS. However, such authorisation will only be given if, among other things, SARS is satisfied that the records can be accessed from South Africa and that their foreign location will not impair the accessibility of the records.

According to Section 72 of the Protection of Personal Information Act, a responsible party in South Africa is prohibited from transferring personal data to a third party located in a foreign country unless one of the following conditions is satisfied:
- The recipient is subject to laws, binding corporate rules, or agreements that guarantee an adequate level of data protection;
- The data subject has given explicit consent for the transfer;
- The transfer is necessary for the performance of a contract between the responsible party and the data subject, or to implement pre-contractual measures at the data subject’s request;
- The transfer is required for the conclusion or performance of a contract, in the data subject's interest, between the responsible party and a third party;
- The transfer benefits the data subject, and obtaining their consent is impracticable.

South Africa has not joined any free trade agreement committing to open transfers of cross-border data flows.

The Protection of Personal Information Act provides a comprehensive regime of data protection in South Africa. It is reported that the Act regulates a wide range of data protection-related activities. Moreover, the Act provides a broad understanding of personal information, not only by specifying that personal information might include information relating to biometric information, employment history, personal correspondence, personal opinions, pregnancy, mental health, and even the language of a person, but also by including juristic person's personal information within its scope. In 2013, the Information Regulator was established as the supervisory authority. In 2018, the Regulator published the Regulations Relating to the Protection of Personal Information, which mainly clarify administrative provisions and practical requirements. However, several sections from the Act and the Regulations, such as those regulating the processing of personal data and data subject rights, became operational in July 2020. The remaining sections of the Regulations entered into force in 2021.

According to Section 24 of the Companies Act, 2008, there is a general rule for company records outlining that any documents, accounts, books, writing, records or other information that a company is required to keep in terms of the Act and other public regulation must be kept for 7 years or longer as specified in other public regulations.

Section 17 of the Protection of Personal Information Act (POPIA) requires companies to designate an information officer and, if necessary, deputy information officers to ensure compliance with the provisions of POPIA. The role of information officer is covered by default by the head of a company.

The Electronic Communications and Transaction Act establishes a safe harbour regime for intermediaries for copyright infringements. Chapter XI of the Act (25 of 2002) details the limitation of liability for intermediaries. Specifically, Sections 74-76 of Chapter XI provide a safe harbour for intermediaries, such as internet service providers (ISPs), while Section 77 provides information about take-down.

The Electronic Communications and Transaction Act establishes a safe harbour regime for intermediaries beyond copyright infringements. Chapter XI of the Act (25 of 2002) details the limitation of liability for intermediaries. Specifically, Sections 74-76 of Chapter XI provide a safe harbour for intermediaries, such as internet service providers (ISPs), while Section 77 provides information about take-down.

According to Section 40 of the Regulation of Interception of Communications and Provision of Communication-related Information Act 70 of 2002, the buyers of SIM cards must provide valid identification (such as a passport or National ID card) and proof of residence for the SIM purchased in South Africa. The Act was amended in 2008 to include a requirement to register SIM cards in a central database.

It is reported that there is no obligation for passive infrastructure sharing in South Africa to deliver telecom services to end users. However, it is practised in both the mobile and fixed sectors based on commercial agreements.