• Home
  • /
  • Security
  • /
  • New regulatory regime is evolving globally to regulate digital services

New regulatory regime is evolving globally to regulate digital services

Lawmakers, both globally and in South Africa, are developing new tools to regulate areas of digital activity, including competition, harmful content, artificial intelligence and ESG.

Johannesburg, 09 Mar 2022
Read time 13min 10sec

Regulators in Europe, the UK and South Africa are being faced with new challenges in regulating rapidly evolving digital technologies. To address these complex issues, they are developing new regulatory tools and also adapting existing ones. 

The EU and UK

Webber Wentzel held a webinar on the Digital Economy in 2022, and Julian Cunningham-Day, a partner in the London office of Linklaters, explained that the EU and the UK are witnessing an evolving regulatory landscape for the digital economy, including data compliance (which has many different lenses), cyber resilience, platform liability and broader areas of regulation, such as competition, ESG and foreign investment controls.

Competition issues

The EU and UK approaches to regulating competition issues are starting to diverge slightly, post-Brexit, providing different models for other regimes to consider. In the EU, the proposed Digital Markets Act identifies and seeks to regulate core platform services, which includes a “gatekeeper" company concept. The big tech players (which are captured by this definition) can wield enormous power and EU regulators have decided that existing competition processes cannot move swiftly or aggressively enough to curb inappropriate behaviour by these platforms.

The UK’s competition authorities have created a new Digital Markets Unit (DMU), with a key area of focus on merger control and foreign investment. The number of M&A activities being referred to the DMU has increased significantly, leading to some large acquisitions being prohibited and others being abandoned. A key concern for regulators is “killer” acquisitions, where a dominant platform buys a smaller business that is perceived to be a threat. These acquisitions are purely to neutralise the threat before the new entrant reaches scale.

Artificial intelligence (AI)

The EU has devised a proposed omnibus regime seeking to regulate each of the role-players in the AI supply chain. This includes businesses that manufacture AI, distributors and end-users. It takes a “tiered” risk approach, with certain AI systems such as technologies enabling deep fakes and coercive technology being classified as unacceptable risk and those considered as lesser risks attracting a sliding scale of obligations.

This is a novel approach to regulation in this area, which may be a template for the rest of the world, although there are concerns that it might stifle innovation. Organisations will need a consolidated approach to a number of areas of their risk management strategies to remain compliant. For example, training the procurement function around the effective management of the supply of data and algorithms, and considering how to remain transparent with customers on how decisions are made and how their data will be used. This will involve collaboration between multiple functions in an organisation, including risk management, technological development, supply chain and legal and compliance.

So far, the UK has looked to deploy existing regulatory tools and use guidance and industry standards to manage the evolving risks of AI. It has adopted a multi-regulatory approach in the form of a Digital Cooperation Forum consisting of Ofcom (the communications regulator), the Information Commissioner's Office (the data privacy regulator), the Competition and Markets Authority and the Financial Conduct Authority (FCA).This unique, consolidated approach is aimed at ensuring that the behaviour they wish to regulate does not "slip through the cracks" in their respective regulatory areas of jurisdiction.

Online harms

The EU and UK approaches to regulating online harms also differ slightly. The EU's proposed Digital Services Act introduces significant new rules to regulate platforms, search engines and potentially pervasive online harms. These rules include (among others) requirements regarding transparency reports, content diligence and the speed at which to remove harmful materials from platforms.

The UK’s Online Safety Bill focuses on search engines and user-to-user services. Businesses that expect to fall within these areas of scrutiny need to put procedures in place to deal with complaints and take down inappropriate content. There will also be criminal liability for those facilitating the exposure of illegal content through these channels.


The pressures of increasing regulation, investor scrutiny and public sentiment means we are seeing very rapid change in the ESG landscape. Technology companies are some of the most ambitious in their claims that they will mitigate climate damage caused by, for example, data centres, and facilitate the achievement of net-zero targets by other industries, Cunningham-Day said.

The EU Sustainable Finance Regulations regulate the sustainability disclosures of big tech and other companies and requires asset managers and funds to report on the sustainability of their investments against published benchmarks.

In the UK, the FCA has similarly emphasised the investment aspects of ESG, by focusing on the deployment of capital into sustainable investing with standards and benchmarks for asset managers and owners to adhere to.

South Africa

In South Africa, where policy and jurisprudence is often influenced by EU and UK trends, similar issues are arising. There are three main areas of regulatory development in the South Africa digital economy. These are the regulation of audio and audiovisual content services, competition issues in the TMT sector, and content regulation and accountability (in particular, regulating social media platforms). The regulation of cyber crimes has also gained regulatory traction, with the new Cybercrimes Act being signed by the President.

Audio and audiovisual content services

Peter Grealy, a partner in Webber Wentzel's TMT and intellectual property practice group, explained that in 2020, the Department of Communications and Digital Technologies issued a Draft White Paper on Audio and Audiovisual Content Services Policy Framework. The paper proposes adopting a technology-neutral approach to relaxing the regulation of broadcasting and non-linear services (eg, “on-demand” content) and levelling the competitive landscape between traditional and new services. Online services will not need a licence to broadcast, but will still be subject to some level of regulation. The white paper also contemplates the removal of the limitation of the ownership and control of sounds and television broadcasting, which is a welcome initiative, according to Grealy.

Competition issues

Burton Phillips, a partner in Webber Wentzel’s competition law practice, said South Africa’s Competition Commission issued a paper on Competition in the Digital Economy in 2020. It outlines intended actions on merger control and market conduct.

From a merger control perspective, there has already been evidence of increased enforcement on digital mergers, eg, the prohibition of the Naspers acquisition of WeBuyCars, on the grounds that the merger would have given WeBuyCars an unassailable advantage over its rivals. However, despite this increased scrutiny by the Commission, there is still a general sense in the market that there is too little enforcement by the Commission in this sector. Under-enforcement in this sector is similarly of concern offshore, a function of the fact that current tools available to competition authorities are insufficient to interrogate the issues that arise in digital mergers. Also, many transactions escape scrutiny because targets are often small start-ups that fall below the merger thresholds in asset value or turnover.

Phillips said the Commission intends to tighten its grip over digital mergers, including by requiring digital mergers below the legal threshold to be notifiable, and to elevate mergers in this sector to complex investigations from the outset, which will affect lead times and the scope of the investigation. It also intends to issue guidelines on thresholds to take into account in assessing the value of data and intellectual property (IP). The Commission may also request additional information about business strategies, innovation and specific market features in the context of mergers. This means merging parties may need to do more preparation to consider potential theories of harm and avoid the imposition of stringent conditions.

From a market conduct perspective, the Commission has already conducted two market conduct enquiries, one dealing with the high price of data in South Africa and the other, which is still ongoing, related to digital platforms that facilitate transactions between consumers and businesses, eg, app stores and food delivery. The Commission regards market enquiries as an effective tool to identify potential market features that may be hindering competition in certain markets. In line with global trends, the Commission may also separately investigate dominant online platforms. Phillips warns that while competition enforcement remains critical, enhanced regulation should not stifle innovation and growth in the sector as these are drivers of competition.

Content regulation

Webber Wentzel partner Dario Milo said in regulating content, South African regulators were largely using existing laws. Regulation of digital speech stems firstly from common law (eg, the common law of defamation), then from statute (eg, the Equality Act) and finally from ethical codes in certain self- or co-regulated industries (eg, the Advertising Regulatory Board's Code or the Broadcasting Complaints Commission of South Africa).

One of the unresolved issues around the world is how large online platforms will be subjected to enhanced regulation of harmful content. Webber Wentzel is frequently approached by clients whose reputation has been harmed by posts on social media platforms and who are seeking relief. It is often impossible or impractical to pursue the author, so the question is how much liability the platform must bear. Facebook, used by about a third of the world’s population, has been frequently used by users to incite violence, for hate speech, disinformation and other offences. To tackle this issue, an important recent development by Facebook has been the formation of the Facebook Oversight Board to deal with highly controversial speech, as governments around the world consider stricter regulation of online platforms.

There have been three relevant developments in South Africa, Milo said. Firstly, recent court judgments have compelled platforms to reveal the identity of anonymous posters where a victim intends to sue. Secondly, social media companies may be held liable under common law or certain statutes if they knew or should have known that they were hosting unlawful content. Thirdly, the white paper that Peter Grealy discussed in the webinar proposes that providers of video sharing platform services must develop a self-regulatory code of conduct or face statutory regulation. The Films and Publication Amendment Act, which has come into force in recent days, also makes it an offence to distribute a film without it being classified, which also has implications for large platforms.

Large platform providers have managed to escape regulation by and large to date; however, this is set to change in due course.

Milo was asked about platform’s liability for users’ comments. He said the highest court in Australia recently held that a media company that hosts comments and benefits from them because they attract activity is a publisher of those comments. This position is likely to be adopted in South Africa. The usual defence against this is innocent dissemination, whereby liability only arises if the publisher knows this material is defamatory or harmful, and our courts are also likely to adopt this approach.

Cybercrimes Act

One category of online harmful speech includes the incitement to violence and harm, and South Africa introduced a new Cybercrimes Act in December 2021 to address this, Grealy said. The Act creates specific cybercrime offences and criminalises conduct relating to cybercrime and malicious communication (being a data message which threatens people with damage to persons or property). It empowers the police to investigate cyber crimes, gives them search and seizure powers and imposes reporting obligations on some financial institutions and electronic communications service providers.

However, there are likely to be practical challenges, especially for cloud-based businesses that may experience significant operational disruption if they are subject to search and seizure under the Act. Information in the cloud is harder to locate and isolate than physical evidence in traditional searches or data on an individual device, which is illustrative of the foreseeable practical challenges in search and seizure operations involving information in the cloud, Grealy said.

The Act requires any person (including electronic communications service providers and financial institutions) to provide technical advice to a police official or investigator that is conducting the search, and the failure to do so is an offence. Businesses will need have to have internal policies to deal with instances where assistance is sought by the police or an investigator and balance that with the data privacy of their own clients and reputation issues.

ESG, FDI and intellectual property considerations for investing in the TMT sector

Webber Wentzel partner Ziyanda Ntshona said recent amendments to the Competition Act introduced national security interests as a consideration in approvals for foreign investment into South Africa. This will target specific sectors, one of which is likely to be technology, media and telecommunications.

Under this amendment, a committee established by the President will scrutinise foreign direct investments and whether they will impact national security interests. The committee will be able to prohibit, conditionally approve or approve unconditionally a deal. Ntshona notes, however, that although this new regulatory hurdle must be considered by transacting parties, the timing for approvals is envisaged as being the same as for other large and medium notifications to the Competition Commission, and so, if simultaneous notification is made to both bodies, there should be no additional delay in securing approvals.

Webber Wentzel partner Garyn Rapson said green technology is a rapidly evolving asset class. It includes any technologies that help to remove greenhouse gases or address impacts of climate change. These can be mitigation technologies (smart water/energy solutions and anything that reduces pollution/degradation/biodiversity impact); adaptation technologies (ie, dealing with rising temperatures, shrinking fish stocks and arable land); and those that enhance understanding of climate change.

Leanne Mostert, head of Webber Wentzel’s TMT sector steerco and a partner in the firm's TMT and intellectual property practice, said South Africa’s exchange control regulations required the prior approval of the South African Reserve Bank (SARB) to transfer ownership of intellectual property or to license intellectual property from a South African resident entity to a non-resident entity. Failure to obtain it is a criminal offence. Due to these restrictions and the resulting uncertainties and delays, most foreign investors prefer South African target entities to restructure their intellectual property ownership to an offshore company. This has become an increasingly common exercise for companies intending to attract foreign investment, and there are a number of options available to clients to achieve this, depending on various factors (eg, where internationally the intellectual property will be commercialised). 

Editorial contacts
Paula Youens (+27) 21 431 7039
See also