As a lawyer for Microsoft, Siya Madyibi, executive director for Microsoft’s corporate, external and legal affairs in South Africa, has a keen interest in geopolitics.
One of the situations he is watching closely is the deterioration in relations between South Africa and the US.
During his presentation yesterday at the Microsoft SovereigntySummit in Cape Town, he explained that the souring of this relationship is especially relevant to conversations about digital sovereignty because if the US president wakes up one morning and decides to issue an executive order imposing sanctions on South Africa, it has a direct impact on customer data.
“While this may appear to be an unlikely risk, recent diplomatic tensions highlight that big and impactful shifts in legislation cannot be dismissed entirely.
“Something like the CLOUD Act, which compels American technology and cloud service providers to hand over requested data, regardless of whether that data is stored inside or outside the US, is a reality that many of our customers locally are worried about.”
Given these realities, Madyibi attempted to address common questions customers have about sanctions, tariffs, auditability and vendor lock-in, among others.
Echoing what his colleague Didier Ongena said earlier in the day about sovereignty meaning different things to different people, Madyibi cautioned that, from a legal perspective, the same rules apply to everyone.
“And in the age of AI, the countries that are going to be competitive are the countries that are at the forefront of AI consumption and diffusion, which is why this conversation about data sovereignty, regulation and access to AI infrastructure is critical.”
For Mark Heyink, an information attorney and information security consultant at Michalsons, creating a legal and governance framework is a major challenge.
Speaking during a panel discussion at the event, he stressed that organisations must create an environment where people know they can innovate without exposing the business to undue risk.
Legislation is, by its nature, quite static, he said. But given how quickly the world is changing, Heyink expects to see much more sector-based legislation and regulation because context is so important.
“A piece of information that might be very sensitive in one industry could be completely benign in another. We need to ensure the law does not create barriers that act like a brick wall and stop innovation in its tracks.”
In line with this, he explained that there are many areas where there is no legislation in place. But even across these areas, it’s the business’s responsibility to understand what they can and cannot do from a legal perspective.
“Where gaps exist, we have something called the reasonable man test, which is used to assess whether someone's actions were appropriate under the circumstances. If you’re the director of a company or you’re a member of the C-suite, you have a duty to understand the decisions that you're making for that company, which means educating yourself around governance and compliance. We live in uncertain times, and when things are uncertain, diligence is a must.”
Share
