• HEALTH AND SAFETY
AI REPRESENTS THE NEXT HORIZON FOR ESG
By Prineil Padayachy, senior associate, Sinalo Matubatuba and Ilhaam Fredericks, candidate attorneys at Webber Wentzel
Artificial Intelligence( AI) is advancing at an unprecedented pace globally. The exceptional growth of data and the rapid adoption of AI technologies are reshaping industries. However, these technological developments also bring significant governance challenges, particularly in the field of Environmental, Social and Governance( ESG) obligations.
As organisations integrate AI into their operations, there is a pressing need for strong and effective governance frameworks to ensure that innovation aligns with ethical standards, regulatory requirements, and the protection of stakeholder interests.
Internationally, the European Union( EU) AI Act establishes a riskbased framework for AI regulation. The EU AI Act prohibits harmful AI practices, imposes strict compliance obligations on high-risk systems, and requires robust cybersecurity measures to protect AI systems and related data. Similarly, the Organisation for Economic Co-operation Development( OECD) AI Principles have emerged as a global benchmark for responsible AI use. purposes of fully automated decision-making unless such processing is subject to human oversight, protects the legitimate interests of the data subject, or is required or authorised by law or codes of conduct that safeguard data subject rights.
Importantly, individuals who are subject to a fully automated decision-making process must be given an opportunity to make representations after being provided with sufficient information to understand the methodology behind the automated decision. Interestingly, POPIA provides that this prohibition does not apply where the automated decision-making relates to the conclusion or execution of a contract and the outcome is favourable to the data subject.
Although there is currently no dedicated AI legislation in South Africa, the intersection of AI, data and ESG is becoming increasingly relevant. The Protection of Personal Information Act, 2013( POPIA) is central to how South African organisations use AI in ESG reporting and governance. POPIA, which is South Africa’ s primary data privacy and protection law, reinforces the principles of lawfulness, fairness, purpose limitation, data minimisation and transparency. It acts both as a constraint on irresponsible AI use and as a baseline governance framework that strengthens trust in ESG reporting.
POPIA prohibits the processing of personal information for
POPIA limits cross-border transfers of personal information by permitting such transfers only in specified circumstances, for instance, where the data subject has provided express consent, or the recipient is subject to laws, binding corporate rules, or agreements that ensure protections equivalent to those under POPIA.
This limitation has practical implications for organisations that rely on cloud-based platforms, an integral part of ESG data collection and reporting. The Information Regulator has confirmed that a Guidance Note on cross-border transfers is forthcoming, which will provide greater clarity on compliance expectations for companies using global data platforms.
Background Freepik. com
The EU AI Act prohibits harmful AI practices, imposes strict compliance obligations on highrisk systems, and requires robust cybersecurity measures to protect AI systems and related data.
While POPIA provides the foundational legal framework for the responsible use of data through AI, there is growing recognition that AI governance will require specific regulatory direction. Stakeholders are increasingly calling for AI-specific legislation to ensure ethical, transparent and accountable implementation.
AI, data and ESG in SA AI tools are now widely used for the collection and reporting of ESG data. As AI begins to play a greater role in gathering, analysing and
56 • African Mining • January 2026 www. africanmining. co. za