Nigeria’s micro, small and medium enterprises are losing between NGN 5 T and NGN 10 T (USD 3.7 B to USD 7.4 B) annually to employee fraud and workplace corruption, a policy think-tank has warned, describing the losses as a “hidden tax” silently crippling the country’s entrepreneurial economy.

The Centre for the Promotion of Private Enterprise (CPPE) said in a recent statement that internal fraud has evolved beyond a routine management issue into a systemic economic threat undermining business sustainability, investor confidence, and national growth.

“Employee corruption and occupational fraud constitute one of the largest hidden drains on Nigeria’s entrepreneurial economy,” said Muda Yusuf, CPPE’s chief executive officer.

The losses, equivalent to roughly 2-4% of Nigeria’s GDP, manifest in multiple forms, including theft of cash and inventory, diversion of sales proceeds, payroll manipulation, procurement kickbacks, and falsification of financial records.

The CPPE noted that most Nigerian MSMEs operate on extremely thin profit margins, often below 15% of turnover. Fraud losses of 5-10% of revenue can therefore eliminate profits entirely, deplete working capital, and accelerate business closure.

“This dynamic contributes to the high mortality rate of small businesses, where studies suggest up to 80% fail within five years and over half fail within the first year, with employee fraud being a significant contributory factor,” Yusuf said.

The think-tank identified retail and wholesale trade, hospitality, agribusiness, transport, and small manufacturing as the most vulnerable sectors due to their cash intensity, weak documentation, and dispersed supervision.

Many small businesses operate with limited internal controls, informal accounting systems, and high-trust management structures, making them especially susceptible to financial misconduct. Heavy dependence on cash transactions, limited audit capacity, and low detection and recovery rates compound the problem.

Beyond profitability, the ripple effects include reduced retained earnings, weakened investment capacity, job losses, and slower inclusive growth. “Occupational fraud is therefore not merely a governance issue but a national welfare concern,” Yusuf added.

The CPPE urged business owners to strengthen basic internal controls, separate cash handling from record-keeping, conduct routine reconciliations, and reduce cash dependence through digital payments.

“Digitalisation is one of the most powerful low-cost anti-fraud tools available to MSMEs,” the statement noted, as digital payment channels create transaction traceability that makes diversion and concealment far more difficult.

At the policy level, the CPPE called for a national MSME internal-control framework linked to credit and government programmes, accelerated digital financial inclusion, stronger legal enforcement, and expanded governance education.

The warning comes as Nigeria ranked 142nd in Transparency International’s 2025 Corruption Perception Index, reflecting the country’s long-standing struggle with systemic corruption despite repeated reform commitments.

Rwanda has signed a three-year agreement with U.S. artificial intelligence company Anthropic, marking the first time the San Francisco-based firm has formalised a multi-sector partnership with an African government through a memorandum of understanding.

The deal, announced Tuesday, spans health, education, and public sector modernisation—a bet by Kigali that strategic AI adoption can accelerate development in areas where traditional approaches have fallen short.

“This partnership with Anthropic is an important milestone in Rwanda’s AI journey,” Paula Ingabire, Minister of Information and Communications Technology and Innovation, said in a statement. “Our goal is to continue to design and deploy AI solutions that can be applied at a national level to strengthen education, advance health outcomes, and enhance governance with an emphasis on our context”.

Under the agreement, Anthropic will support Rwanda’s Ministry of Health in tackling ambitious national goals, including the elimination of cervical cancer and ongoing efforts to reduce malaria and maternal mortality. The collaboration builds on existing health infrastructure where AI tools are already showing results: in pilot areas like Gasabo District, AI-powered drone mapping of mosquito breeding sites contributed to a 90.6% reduction in malaria cases in under a year.

Developer teams across government institutions will gain access to Claude and Claude Code, Anthropic’s large language models, alongside hands-on training, capacity building, and API credits. The aim is to integrate AI into broader public sector operations, moving beyond isolated pilot projects toward systemic adoption.

The memorandum formally codifies an education agreement announced in November 2025, which included 2,000 Claude Pro licenses for educators across Rwanda, AI literacy training for public servants, and the deployment of a Claude-powered AI learning companion across eight African countries .

The learning companion, named Chidi, was developed through an earlier partnership between Rwanda, Anthropic, and African technology training provider ALX, and is now being rolled out to hundreds of thousands of learners across the continent.

At the World Economic Forum in Davos in January, Rwandan authorities held discussions with Cisco and data firm Amini focused on cybersecurity, AI computing infrastructure, and digital sovereignty, core tenets of the national digital agenda.

“Technology is only as valuable as its reach,” said Elizabeth Kelly, Head of Beneficial Deployments at Anthropic. “We’re investing in training, technical support, and capacity building to expand access so that AI can be used safely and independently by teachers, health workers, and public servants throughout Rwanda”.

The agreement positions Rwanda among a small group of African countries pursuing structured, government-led AI adoption to drive social and economic development. For Anthropic, it represents a beachhead on a continent where AI infrastructure remains nascent, but demand for leapfrog solutions is growing.

African regulators are tightening the screws on Chinese e-commerce giant Temu, with Nigeria launching a data protection probe and South Africa weeks away from concluding a consumer rights investigation in a dual assault that signals a more assertive stance toward global digital platforms operating on the continent.

Nigeria’s Data Protection Commission (NDPC) on Monday ordered an immediate investigation into Temu’s data-processing activities, citing potential violations of the country’s 2023 Data Protection Act. The probe targets concerns including online surveillance, cross-border data transfers, and whether the platform collects more information than necessary. These allegations mirror regulatory actions in Europe and Asia.

Preliminary findings indicate Temu processes personal data of approximately 12.7 million Nigerian users, part of its 70 million daily active users globally. NDPC National Commissioner Vincent Olatunji warned that local processors acting on behalf of foreign controllers could face liability if they fail to verify compliance. Temu has pledged cooperation, stating “protecting user privacy and data security is a top priority”.

Some 4,000 kilometres south, South Africa’s National Consumer Commission (NCC) is finalising its own investigation into Temu and rival Shein, with findings expected by February 28. Launched in November 2025, the probe examines potential violations of the Consumer Protection Act, including misleading marketing, product quality, labelling, and undisclosed fees.

If violations are found, the platforms face administrative penalties up to ZAR 1 M (USD 55 K) or 10% of their annual South African turnover; a potentially significant sum given the platforms’ estimated transaction volumes. Both companies have committed to cooperating with investigators.

The consumer probe follows 2024 tax amendments that closed loopholes allowing international e-commerce companies to avoid value-added tax on small packages, eroding the pricing advantage platforms like Temu and Shein had cultivated.

***

The African actions come amid widening international scrutiny. In 2025, South Korea fined Temu approximately USD 978 K over undisclosed cross-border data transfers, while the U.S. Federal Trade Commission imposed a USD 2 M civil penalty for failing to provide adequate seller information. The European Commission has issued preliminary findings that Temu may have breached the Digital Services Act, with potential fines reaching 6% of global turnover.

The confirmed penalties across Asia and North America total nearly USD 3 M, with European exposure still unresolved. Nigeria’s NDPC previously demonstrated its enforcement capacity in 2025 by fining MultiChoice Nigeria NGN 766 M (USD 566 K) for data protection violations. In November last year, the watchdog also reached a settlement with Meta over a USD 32.8 M fine imposed in February for data privacy violations.

South Africa’s Trade Minister Parks Tau has signalled broader regulatory modernisation, telling parliament the department is finalising a framework to harmonise e-commerce laws and ensure a level playing field for local businesses. A report by the Localisation Support Fund estimated Shein and Temu’s rapid growth in South Africa may have cost the country more than 8,000 potential jobs between 2020 and 2024.

Temu has not commented on the potential financial exposure from either investigation but maintains it will engage constructively with authorities. The outcome of both probes will test whether Africa’s largest economies can translate regulatory ambition into effective enforcement against deep-pocketed global technology companies.

The new French owners of MultiChoice are moving swiftly to cut costs, stripping SuperSport of its sports-buying power, delaying local production deals, and signalling a leaner future for DStv that has industry veterans warning of cultural missteps and competitive vulnerability.

Since completing its USD 3 B acquisition of MultiChoice in September 2025, Groupe Canal+ has made clear that Showmax’s mounting losses—EUR 370 M over three years—are “not acceptable” and plans cutbacks on the streaming endeavour. But the austerity drive extends far beyond streaming, touching every corner of the business.

SuperSport, long the crown jewel of South African pay-TV, has lost its autonomy over sports content acquisition, according to insiders. Decisions about which events to carry are now made directly by Canal+’s chief content officer in Paris.

The impact is already visible. For the first time in decades, DStv subscribers cannot watch the Winter Olympics, currently underway in Italy, despite South Africa sending its largest-ever team to the Games. SuperSport confirmed it “did not acquire the broadcast rights,” pointing to a content strategy focused on “the most-watched sporting codes”. World Darts Championship coverage has also been dropped.

The shift comes as Canal+ targets over EUR 400 M in annual cost synergies by 2030, with EUR 80 M already secured for 2026 through content renegotiations, supplier consolidation, and refinancing MultiChoice’s debt at lower rates.

The cuts are also hitting South African production houses. Contracts for local series and soaps on kykNET and Mzansi Magic are piling up unsigned at Canal+ headquarters in Paris, with suppliers told to expect tougher terms.

kykNET remains the most valuable channel for South African advertisers by some measures, reaching affluent audiences that command premium ad rates. Canal+’s cost-cutting risks undermining that relationship.

Canal+ has committed not to cut South African staff for three years, but with 2.8 million linear subscribers lost since 2023 and revenue under pressure, the pressure to deliver savings is intense.

For now, the message from Paris is cheaper content, tighter control, and a willingness to walk away from expensive rights. Whether that formula preserves DStv’s relevance, or accelerates its decline, will depend on how well the new masters understand the market they now command.

Fraudsters are capitalising on the explosive popularity of Chinese e-commerce platforms Temu and Shein in South Africa, sending fake SMS messages that mimic the companies’ local logistics partner to harvest credit card details for as little as ZAR 19.00 (USD 1.00), a senior banking official has warned.

Nick Harris, Head of Financial Crime at Capitec, said criminals have “hooked onto” the daily stream of delivery notifications South Africans receive from Buffalo Logistics, the primary courier service for both platforms. The scam texts claim an outstanding payment of around ZAR 19.00 is required before a parcel can be released, directing victims to a fraudulent payment page.

“Your parcel’s ready for delivery, you just need to make payment,” Harris told Cape Talk, describing the typical message. He warned that clicking the link does not pay a courier fee but instead harvests credit card details, which are then used for card-not-present fraud.

The scam’s modest ZAR 19.00 demand is deliberate, as it’s small enough to avoid scrutiny and plausible enough to trigger payment without a second thought. With Buffalo Logistics delivering real parcels daily from Temu and Shein—platforms that have exploded in South Africa’s price-sensitive market—a single fake message among legitimate updates is easily missed.

Harris noted the tactic extends beyond e-commerce. Fraudsters are also sending fake Financial Intelligence Centre Act (FICA) compliance messages, warning recipients their bank accounts will be frozen unless they click a link to update information.

In July 2025, Standard Bank flagged one such scam: “Your Standard Bank account is scheduled to be blocked in 2hrs due to fica failure update. Please update your profile to avoid this,” the SMS read. The bank confirmed it was not official communication and warned that the linked website, featuring a convincing spoof of the bank’s portal, was designed to harvest card details.

Standard Bank pointed out several red flags, such as grammatical errors atypical of legitimate communications. The recipient had set notifications to email-only, so any SMS claiming to be from the bank was automatically suspect, and the domain name did not resemble a Standard Bank address—another giveaway.

The e-commerce and FICA scams are part of a wider surge in digital fraud targeting South Africans. Fraud incidents rose 32% year-on-year during the recent festive season, according to Truecaller, with criminals exploiting high volumes of transactions, stokvel payouts, and parcel deliveries.

Banks warn that social engineering attacks are becoming increasingly sophisticated. Remote Access Trojan (RAT) scams, where criminals gain live access to victims’ devices, are on the rise. TymeBank’s Head of Fraud, Bonolo Sebolai, described RAT scams as “particularly dangerous because the criminal uses the customer’s own device at the same time as the customer”.

Security experts emphasise that no legitimate bank or courier service will request card details via SMS links. They advise that consumers should never click links in unsolicited messages and should navigate directly to official websites or apps to verify any delivery or account issues.

Featured Image Credits: Dado Ruvic/Reuters

Francis Dufay recalls the moment he took over Jumia in late 2022 and found a company many had written off. “This company was as good as dead,” he later admitted. The numbers backed him up. Once hailed as “Africa’s Amazon,” Jumia’s stock had cratered more than 95% from its 2021 peak, falling below USD 2.00 a share as investors concluded e-commerce on the continent was a money pit.

Fifteen months later, Jumia is mounting an unlikely comeback. In December 2025, Jumia opened a new office in Yiwu, China’s sprawling wholesale capital where merchants pack shipping containers with everything from electronics to artificial flowers. The move formalised a quiet but aggressive supply-chain pivot into simply letting Chinese sellers list on its marketplace, Jumia now sources directly from manufacturers, compressing costs and bypassing middlemen.

In its Q4 2025 results released this week, items sold from international sellers—overwhelmingly China-based—surged 82% year-on-year. By September, Jumia counted roughly 24,000 China-based sellers on its platform, with 2.2 million China-sourced items sitting in its African warehouses. The company now claims its products are frequently 60% to 70% cheaper than equivalent listings from Temu, the fast-growing Chinese discount platform that has aggressively targeted African consumers.

“We can actually fight against those platforms in our markets,” Dufay told analysts this week. Jumia’s localised model offering cash-on-delivery, pickup stations in secondary towns, and customer support in local languages, has helped.

Now, its strategy is explicitly tailored for the mass market. It has dropped premium brands and everyday groceries in favour of affordable electronics, fashion, and home goods sourced directly from Yiwu. Momentum is building as Nigeria, its largest market, delivered 50% GMV growth in Q4, with orders up 33%. More tellingly, 61% of orders now come from “upcountry”—secondary cities and rural areas where competitors’ delivery networks barely reach.

***

Jumia’s Q4 2025 results show a company in transition. Revenue jumped 34% year-on-year to USD 61.4 M, while gross profit rose 43%. Adjusted EBITDA loss nearly halved to USD 7.3 M, and cash burn slowed dramatically. A positive working capital contribution of USD 9.6 M—essentially, Jumia collecting cash from customers before paying its own suppliers—suggests growing leverage over its vendor base.

Yet investors remain skeptical. Shares dropped more than 12% on the results, with analysts noting the company missed its own full-year guidance on orders and GMV. Jumia now targets adjusted EBITDA breakeven in Q4 2026, a timeline some consider optimistic given the volatility of its operating currencies and the continued weight of its legacy cost structure.

This week, Jumia exited Algeria, its third market retreat in two years after South Africa and Tunisia. Algeria contributed just 2% of GMV, and its rigid import controls and cash-heavy economy offered little path to profitability. Similar considerations have also seen Jumia drop everyday grocery items and food delivery while cutting headcount in recent years.

The contraction leaves Jumia operating in eight countries—down from 11—with Nigeria, Kenya, and Egypt now the clear priorities. The company’s leaders insist the era of “expansion-at-all-costs” is over. What remains is a leaner, more focused operator betting that direct access to Chinese supply chains, combined with on-the-ground infrastructure its global rivals cannot quickly replicate, will carry it to its first-ever profit.

The irony is not lost on industry observers. Jumia, once dismissed as a failed Western transplant, is surviving Africa’s e-commerce shakeout by borrowing from the very Chinese playbook that was supposed to bury it.

Kenya is quietly losing a digital tug-of-war with Google. Over the past year, authorities have sharply escalated demands for the tech giant to delete online content, only to see the vast majority of its requests rejected, with Google explicitly stating that many amount to attempts to suppress political speech and government criticism.

The company’s latest transparency report, covering the six months to June 2025, shows Kenya submitted 42 takedown requests targeting YouTube videos and search results. Google rejected nearly 62% of them, a rejection rate that has more than doubled in a year and stands far above global averages.

The demands, routed through the Communications Authority of Kenya, cite familiar legal grounds, such as defamation, national security, hate speech, privacy violations, and impersonation. These are standard categories governments worldwide use when requesting content removal.

But Google’s own assessment tells a different story. “Often, governments’ requests target political content and government criticism,” the company noted in its report, a rare public acknowledgement that takedown demands are frequently about silencing dissent, not combating genuine harm.

Of the 16 Kenyan requests Google actually reviewed for potential policy violations, it removed just five items. Eleven were declined, with the company stating authorities failed to provide sufficient identifying information or legal justification.

The rising rejection rate—25% in mid-2024, 46% late that year, now 62%—coincides with a wider government campaign to tighten control over online speech. Officials have directed global platforms to establish physical offices in Kenya, arguing local presence improves accountability and speeds moderation of harmful content.

Separately, the National Cohesion and Integration Commission recently unveiled new social media monitoring guidelines aimed at producing “prosecution-ready” forensic evidence for hate speech cases, a move that signals a pivot toward aggressive, court-admissible enforcement rather than relying on voluntary platform cooperation.

The Ministry of Foreign and Diaspora Affairs has also voiced concern that Kenyans online are “misinforming the world” about government activities, underscoring official anxiety over negative global perception.

Yet Kenya’s leverage over Silicon Valley remains limited. A landmark case against Meta, brought by a South African former content moderator alleging workplace-induced PTSD, is currently stalled on jurisdictional grounds. Meta argues that because it is incorporated in Delaware and Dublin, Kenyan courts have no authority over it. This defense, if successful, would severely constrain any local regulatory ambitions.

Even as Nairobi demands takedowns and local offices, it struggles to compel compliance from companies that operate across borders but not necessarily within them.

The transparency data offers a rare, unvarnished window into what Kenyan authorities are actually trying to scrub from public view and what they cannot. The steady climb in rejections suggests Google’s screening mechanisms are tightening precisely as government requests grow more assertive.

For now, the balance of power in this quiet contest tilts toward the platform. But with digital infrastructure becoming central to Kenya’s economy and civic life, the pressure to tilt it back is unlikely to fade.

Feature Image Credits: Cristina Aldehuela/AFP/Getty Images

Software-as-a-Service (SaaS) is no longer an IT choice; it’s the operating system of business itself.  From Salesforce to Workday, Microsoft 365 to Slack, the SaaS layer now underpins collaboration, analytics, and decision-making. Yet, while businesses enjoy the convenience, scalability, and cost-efficiency these platforms offer, many overlook the hidden web of interconnected risks beneath them. The growing sophistication of SaaS supply chain attacks – particularly those exploiting connectors and OAuth trust chains – has made this one of the most insidious and underestimated threats in cybersecurity today.

The cloud convenience that opened the door

The SaaS revolution was built on speed and accessibility, unblocking a world of potential for businesses. For example, if a business needed a new analytics tool, they could integrate it with their CRM system in minutes. If they required seamless file sharing or real-time communication, businesses could connect their apps via OAuth and move on. But this very convenience – the ability for apps to freely “talk” to one another – has become an Achilles’ heel.

Unlike traditional software, where companies maintain direct control over code and infrastructure, SaaS operates on trust. Businesses rely on a constellation of third-party applications and integrations that often have deep permissions into core systems. Enterprises connect CRM, ERP, HR, and analytics systems via OAuth, SCIM, or custom APIs to achieve automation. Yet, each interconnection introduces a bidirectional trust boundary.

Attackers now exploit this integration layer, not by breaching a vendor’s data centre, but by compromising the digital relationships between trusted apps. This form of intrusion, often invisible to SOC tools designed for endpoint or network telemetry, has given rise to SaaS supply chain compromise as a distinct kill chain.

OAuth: the double-edged sword of trust

At the heart of many SaaS integrations lies OAuth, the open standard that allows users to grant third-party apps limited access to their data without sharing passwords. It’s an elegant solution for secure delegation, but also a goldmine for attackers who understand its nuances.

Here’s how it typically happens: a malicious actor creates or compromises an application that appears legitimate. They trick users – sometimes even IT administrators – into granting OAuth permissions. Once approved, that token provides persistent, trusted access to the organisation’s SaaS environment, bypassing traditional security controls such as multi-factor authentication and endpoint protection.

What makes this particularly dangerous is that OAuth tokens often remain valid long after users change passwords or administrators revoke access elsewhere. This silent persistence can allow adversaries to exfiltrate sensitive data, move laterally between systems, or inject malicious code into software updates, all without raising immediate alarms.

When “trusted” connections turn rogue

One of the most complex challenges in mitigating SaaS supply chain attacks is visibility. Many IT teams lack a comprehensive inventory of every SaaS app connected to their environment, let alone the level of access each one has. In some cases, employees unknowingly authorise risky third-party apps through “shadow IT,” which bypasses official vetting processes.

The result? A tangled web of connectors and integrations forming what security experts now call the SaaS trust chain. Each new connection adds another link and another potential entry point for attackers. When a single link is compromised, it can cascade across multiple applications, magnifying the damage.

Imagine a compromised analytics tool injecting malicious code into a shared data environment. That data, in turn, feeds into a financial dashboard or HR system that other teams rely on. Within hours, the breach spreads across departments, and by the time it’s detected, the attacker has already accessed confidential data, email systems, and API credentials.

Building resilience: beyond the perimeter

Traditional cybersecurity models focused on perimeter defence, firewalls, endpoint detection, and network segmentation. But in a SaaS-first world, the perimeter no longer exists. The new security paradigm demands continuous visibility, zero trust, and proactive governance.

IT teams must begin by mapping their entire SaaS ecosystem. This means identifying every authorised app, understanding its permissions, and monitoring how data flows between them. Automated tools can help by providing real-time insight into third-party integrations and flagging anomalies.

Second, adopting Zero Trust Architecture (ZTA) principles is critical. This model assumes that no application, user, or connector should be inherently trusted, even those within the network. The reassurance of continuous verification, context-aware access, and the ability to revoke access at any time is a cornerstone of this model.

Lastly, incident response strategies must evolve. Because SaaS connectors operate differently from traditional endpoints, detection and response mechanisms must account for token-based access, API traffic, and integration behaviour.

Collaboration: the missing link in SaaS security

No organisation can manage the complexity of SaaS ecosystems alone. The diversity of platforms, connectors, and access models means that even the most vigilant internal teams can miss vulnerabilities hidden in third-party integrations. This is where collaboration with cybersecurity experts and managed service providers becomes invaluable.

External specialists bring deep visibility into SaaS risk posture across industries. They can identify blind spots, deploy advanced monitoring systems, and simulate supply chain attack scenarios to test an organisation’s readiness. Moreover, their broader experience allows them to recognise patterns and emerging attack tactics before they become widespread.

Partnering with experts doesn’t just add another layer of protection; it accelerates the organisation’s ability to adapt. These specialists can help create governance frameworks, design automated response protocols, and continuously assess the security of new SaaS integrations. In a threat landscape that evolves daily, collaboration ensures businesses stay a step ahead of attackers who thrive on isolation and oversight gaps.

The human layer of SaaS security

While technology plays a significant role, people remain both the weakest and potentially strongest link in SaaS security. IT professionals should implement training programmes that help employees understand OAuth consent prompts and recognise suspicious integration requests. Regular awareness campaigns can prevent well-intentioned users from inadvertently authorising malicious apps.

Security teams should also work closely with procurement and compliance departments. Too often, SaaS purchasing decisions are made without security oversight, leading to unvetted applications entering the environment. By integrating cybersecurity considerations into procurement workflows, organisations can pre-empt risks before they materialise.

Rebuilding trust, intelligently

The next generation of SaaS attacks will combine AI-generated connectors, adversarial ML models, and autonomous API exploitation. Enterprises must therefore build a resilient SaaS fabric in which visibility, automation, and governance form a continuous defensive loop.

Yet, visibility, collaboration, and vigilance must define the new cybersecurity mindset. By combining internal governance with external expertise, organisations can transform the very trust model that once made them vulnerable into a resilient, adaptive defence.

About the author: The article is authored by Avinash Gupta, Head of COE (Centre of Excellence) at In2IT Technologies.

As a wave of nations from Egypt to Australia moves to bar young teens from social media, South Africa’s government is taking a markedly cautious stance, acknowledging that a blanket ban could be a “cosmetic intervention” without the legal and technical muscle to enforce it.

Communications Minister Solly Malatsi confirmed the government is considering stronger online safety rules, including potential age restrictions, to combat rising cyberbullying, grooming, and exposure to harmful content. The approach, however, contrasts with the decisive bans enacted elsewhere, reflecting a conundrum in regulating global tech giants that operate largely beyond the reach of local law.

The global push is gaining momentum as Australia has prohibited children under 16 from social media accounts, France is fast-tracking a ban for those under 15, and Egypt’s parliament is drafting similar restrictions. The core justification is mounting evidence linking social media use to youth mental health issues.

South Africa, where over half of all internet activity is on social media, shares these concerns. However, Minister Malatsi highlights a fundamental weakness in simply copying these models. “There’s always a temptation… to say, ‘Let’s put bans, let’s put restrictions in place,'” he stated on the Cape Talk podcast. “Prior to doing that, we have to capacitate ourselves with enough mechanisms. Otherwise, we end up having cosmetic interventions that seem like we are doing something”.

The primary enforcement hurdle is jurisdiction. Emma Sadleir, a social media law expert, told MyBroadband that a South African ban would be largely unenforceable because most major platforms lack registered offices in the country. “There would be no companies to fine or representatives to hold responsible,” she explained. Australia’s model imposes multi-million dollar fines on the companies themselves for non-compliance, a tool South Africa currently lacks.

Even if political will existed for a strict ban, the practical tool of age verification presents its own problems. Malatsi has pointed out the ease with which minors circumvent existing checks, such as using a friend’s identification. Implementing more robust, government-backed digital identity checks raises significant privacy questions for a public already wary of data misuse.

Meanwhile, the government is simultaneously developing the very tools that could enable such verification. It is piloting a national mobile driver’s license (mDL) as part of its “MyMzansi” digital identity roadmap, a system designed for secure remote verification with banks and other services. This creates a tension in building a state-backed digital ID for economic inclusion while resisting its potential use for social media age-gating over privacy fears.

The social media debate sits within South Africa’s larger, often contradictory, digital ambitions. The government’s “Digital Economy Masterplan” champions connectivity, skills, and investment. Yet, these goals can clash with restrictive policies. For instance, nearly half the population remains digitally inactive, partly due to the high cost of smartphones. A social media ban, while aimed at protection, could be seen as another barrier to digital participation for younger citizens.

Ultimately, South Africa’s hesitation suggests it is caught between the urgent need to protect children in a digital Wild West and the practical realities of regulating borderless technology with limited tools. The path forward, as Malatsi suggests, may not be a headline-grabbing ban but a slower, more complex build-up of enforcement capacity, legal frameworks for platform accountability, and digital literacy.

South Africa’s information technology sector is sending mixed signals as salaries for specialised roles are surging after years of decline, even as companies report that many new graduates are unprepared for the modern workplace, forcing businesses into the costly business of on-the-job training.

Data from recruitment firm Pnet shows early signs of recovery for IT salaries in 2026 after a sustained drop that saw average offers for some roles, like IT project managers, fall by 44% between 2022 and 2025. This resurgence, however, is highly selective. Employers are offering competitive packages for roles where practical, up-to-date skills are scarcest, including data engineering, cybersecurity, and cloud architecture.

For instance, DevOps engineers now command between ZAR 45 K and ZAR 62 K per month, while cybersecurity specialists earn ZAR 40 K to ZAR 60 K rand. Data engineers follow closely with monthly salaries of ZAR 42.9 K to ZAR 59.1 K rand. This rebound, driven by a recovery in labour demand and projects focused on artificial intelligence and data, contrasts sharply with the broader graduate experience.

Industry executives say a significant mismatch persists between university curricula and market needs. Employers cite critical shortages in cloud computing, cybersecurity, AI, and data science, noting many graduates lack hands-on experience with current technologies.

“Companies must make a profit to exist. They do not render educational services and are under no obligation to do so,” said Fred van de Langenberg, a technical consultant with decades of experience. This skills gap forces businesses to invest heavily in internal training and assign senior staff to mentor new hires, raising operational costs and slowing productivity.

Recruitment trends reflect this shift. An Adcorp analysis found only 32% of employers list a university degree as a key requirement for tech roles, while 47% prioritise demonstrable skills and hands-on experience. Recruiters increasingly favour candidates with specific certifications or verifiable project work over academic qualifications alone.

***

The pressure is mounting on traditional education providers to adapt faster. Universities acknowledge the challenge but cite lengthy institutional and regulatory processes for major curriculum updates. “While minor changes can be implemented relatively quickly, major curriculum changes require lengthy… approval,” stated the University of Pretoria, which emphasises balancing practical skills with academic fundamentals.

In contrast, private training providers and new models are positioning themselves as more agile alternatives. Coding bootcamp WeThinkCode says its curriculum is continuously updated with industry partners, with students working on current workplace projects to ensure immediate job readiness.

The result is a bifurcated job market. For professionals with niche, in-demand skills—particularly in AI, where job postings have jumped 352% since 2019—the prospects are strong with rising compensation. For graduates with only broad theoretical knowledge, the path is harder, requiring them to bridge the skills gap themselves.

“The message is blunt,” said van de Langenberg. “You must not wait for knowledge to be given. You must fetch it yourself”.

The long-term risk is to South Africa’s digital competitiveness. If the disconnect between training and industry demand persists, companies will continue to shoulder heavy training burdens, graduates will face higher barriers to entry, and the country could struggle to fill an estimated global shortage of 85 million skilled tech workers by 2030. The success of the salary recovery for a few may hinge on solving the skills crisis for the many.