The Protection of Personal Information Act provides a comprehensive regime of data protection in South Africa. It is reported that the Act regulates a wide range of data protection-related activities. Moreover, the Act provides a broad understanding of personal information, not only by specifying that personal information might include information relating to biometric information, employment history, personal correspondence, personal opinions, pregnancy, mental health, and even the language of a person, but also by including juristic person's personal information within its scope. In 2013, the Information Regulator was established as the supervisory authority. In 2018, the Regulator published the Regulations Relating to the Protection of Personal Information, which mainly clarify administrative provisions and practical requirements. However, several sections from the Act and the Regulations, such as those regulating the processing of personal data and data subject rights, became operational in July 2020. The remaining sections of the Regulations entered into force in 2021.

According to Section 24 of the Companies Act, 2008, there is a general rule for company records outlining that any documents, accounts, books, writing, records or other information that a company is required to keep in terms of the Act and other public regulation must be kept for 7 years or longer as specified in other public regulations.

Section 17 of the Protection of Personal Information Act (POPIA) requires companies to designate an information officer and, if necessary, deputy information officers to ensure compliance with the provisions of POPIA. The role of information officer is covered by default by the head of a company.

The Electronic Communications and Transaction Act establishes a safe harbour regime for intermediaries for copyright infringements. Chapter XI of the Act (25 of 2002) details the limitation of liability for intermediaries. Specifically, Sections 74-76 of Chapter XI provide a safe harbour for intermediaries, such as internet service providers (ISPs), while Section 77 provides information about take-down.

The Electronic Communications and Transaction Act establishes a safe harbour regime for intermediaries beyond copyright infringements. Chapter XI of the Act (25 of 2002) details the limitation of liability for intermediaries. Specifically, Sections 74-76 of Chapter XI provide a safe harbour for intermediaries, such as internet service providers (ISPs), while Section 77 provides information about take-down.

According to Section 40 of the Regulation of Interception of Communications and Provision of Communication-related Information Act 70 of 2002, the buyers of SIM cards must provide valid identification (such as a passport or National ID card) and proof of residence for the SIM purchased in South Africa. The Act was amended in 2008 to include a requirement to register SIM cards in a central database.

Section 2 of the Preferential Procurement Policy Framework Act (PPPFA) of 2000 establishes a framework for implementing preferential procurement policies in South Africa. The PPPFA requires government entities to set criteria for evaluating tenders to protect and benefit "persons, or categories of persons, historically disadvantaged by unfair discrimination on the basis of race, gender, or disability".
In order to enforce the PPPFA, the Broad-Based Black Economic Empowerment (B-BBEE) Act was passed in 2003. Under Section 10 of the Act, a certain percentage of government contracts must be awarded to black-owned businesses. However, the exact percentage is not specified in the agreement because it is formula-based. The Act uses a scorecard system to measure the level of black economic empowerment (B-BBEE) of companies. It requires that government institutions give preference to companies with higher B-BBEE scores when awarding contracts.
In 2017, the Minister of Finance introduced more detailed Preferential Procurement Regulations, which include pre-qualification criteria for preferential procurement and specific procurement policies for designated sectors and tenders. However, the Constitutional Court struck down some provisions of these regulations in February 2022. As a result, the government published a new draft of the Preferential Procurement Regulations in November 2022, which came into effect in January 2023. Under the 2022 regulations, preference points continue to be awarded based on the offered price (80 or 90 points out of 100), with additional preference points (20 or 10 points) granted based on the achievement of specific goals set in the tender invitation, rather than solely on the B-BBEE score. These goals include contracting with historically disadvantaged individuals and implementing the Reconstruction and Development Programme (RDP). Furthermore, the 2022 regulations eliminate the use of 'prequalification criteria' in tenders, providing more discretion for state organs in applying their procurement policies. These regulations are placeholders until a new public procurement bill is finalised.

Annex A of the Practice Note on Local Content for Electronic and Information Technology Goods published by the Department of Trade and Industry defines guidelines on local content for electronic and information technology goods in public tenders. The note requires a certain percentage of the value of ICT products to be of local origin. The local content requirement varies depending on the product and can range from 30% to 100%.

It is reported that the Preferential Procurement Regulations have created uncertainty regarding the criteria for identifying "specific previously disadvantaged groups" eligible for preference margins in procurement processes. Although the regulations do not mandate the use of the Broad-Based Black Economic Empowerment Act of 2013, state entities may still consider it alongside other objectives, such as employment equity, green procurement, and local content. While these regulations offer more flexibility, there are ongoing concerns that the allocation of preference points may not be fair, equitable, or transparent.

South Africa is not a party to the World Trade Organization (WTO) Agreement on Government Procurement (GPA), nor does it have observer status.

According to Art. 64.1 of the Electronic Communications Act, South Africa has imposed restrictions on foreign control of commercial broadcasting services. A foreign entity is prohibited from directly or indirectly exercising control over a commercial broadcasting licensee or holding a financial interest, or any interest in voting shares or paid-up capital, in a commercial broadcasting licensee exceeding 20%.
As defined in Art. 1 of the Act, "broadcasting" refers to any form of unidirectional electronic communication intended for reception by: (a) the public; (b) sections of the public; or (c) subscribers to any broadcasting service. This communication may be conveyed by means of radio frequency spectrum, any electronic communications network, or a combination.
Furthermore, under Art. 4 of the Digital Sound Broadcasting Services Regulation, existing sound broadcasting service licensees are permitted to simulcast their current sound broadcasting programme(s) on both analogue and digital platforms.

The State of South Africa exclusively owns Broadband Infraco, a state-licensed telecommunications company. The State is the only shareholder and member of Infraco, as stipulated in Art. 3 of the Broadband Infraco Act No. 33 of 2007. As a result, the Minister has the power to act on behalf of the State and exercise all the rights and benefits associated with Infraco's ownership, including shareholder and membership rights, to the exclusion of other stakeholders.

According to Art. 64.2 of the Electronic Communications Act, not more than 20% of the directors of a commercial broadcasting licensee may be foreigners. Additionally, according to Art. 4 of the Digital Sound Broadcasting Services Regulation, existing sound broadcasting service licensees may simulcast their existing sound broadcasting programme(s) on analogue and digital platforms.

It is reported that merger and acquisition-related FDI is scrutinised closely for its impact on jobs and local industry. Sections 13-14 of the Competition Act of 1998 set out the approval mechanism for mergers. In addition, Section 14 of the Competition Amendment Act of 2018 amends Section 18A of the Competition Act, adding a screening in case the implementation of a merger involving a foreign acquiring firm may have an adverse effect on the national security interests of the Republic. National security interests are defined broadly, including "critical infrastructure" sectors.

According to Art. 23.1 of the Companies Act, any external company, defined in the law as an entity incorporated outside the country conducting business within South Africa, must register with the Commission within 20 business days after it begins to conduct business in the country. Additionally, according to Art. 23.3 of the law, each company must maintain at least one office in the Republic and register the address of its office or its principal office if it has more than one office. A company falls under the definition of "external company" when holding a meeting or meetings of the shareholders or board of the foreign company or otherwise conducting the internal affairs of the company; establishing or maintaining any bank or other financial accounts; establishing or maintaining offices or agencies for the transfer, exchange or registration of the foreign company’s securities; creating or acquiring any debts, mortgages or security interests in any property; securing or collecting any debt, or enforcing any mortgage or security interest; acquiring any interest in any property; and entering into contracts of employment.