South Africa Hasn't Cut the Internet — But the Architecture for Doing So Is Growing
In 2025, fifteen African governments ordered at least one internet shutdown, imposing thirty total blackouts and costing the continent roughly $1.12 billion in economic losses. Tanzania alone racked up nearly $890 million in losses across more than 5,000 hours of disruption, according to Access Now's March 2026 report. South Africa was not on that list. But that distinction rests less on explicit statutory prohibition than on a constitutional framework that, while genuinely robust, is being tested by two recent legal developments worth examining carefully.
What the Law Actually Says
South Africa has no national security statute that authorises the government to order a blanket internet shutdown. This is confirmed by the Global Network Initiative's country profile for South Africa: no single piece of legislation grants the state the power to direct all licensed network providers simultaneously to cut connectivity. That lacuna is not an oversight — it reflects a rights-conscious constitutional design.
The governing mechanism for extreme scenarios is Section 37 of the Constitution of the Republic of South Africa, 1996. A state of emergency enabling derogation from the Bill of Rights — including, potentially, restrictions on the receipt and transmission of information — can only be declared through an Act of Parliament. It must be triggered by a genuine threat to the life of the nation: war, invasion, natural disaster, or a public emergency of equivalent severity. The mere existence of civil unrest does not suffice. Any declaration lapses after 21 days unless the National Assembly votes to extend it, and extensions cannot exceed three months at a time. This is a meaningful constraint: it requires legislative buy-in, imposes a sunset clock, and places any measures in the public domain for judicial scrutiny.
Beyond that, individual licensees can have their Electronic Communications Act licences suspended by the Independent Communications Authority of South Africa (ICASA) for non-compliance — but that is a targeted regulatory sanction, not a broad kill switch. Courts can also order providers to shut down specific services via subpoena, with scheduled hearings that allow challenge. These are proportionate, case-by-case mechanisms, not generalised emergency powers.
The GILAB Problem
The strongest argument for South Africa's current posture — that the government needs clear statutory authority over communications infrastructure in genuine security crises — has merit. Ambiguity in emergency law creates uncertainty for operators and can invite ad hoc enforcement.
But the General Intelligence Laws Amendment Act, signed by President Cyril Ramaphosa on 28 March 2025, moves in a different and more troubling direction. The legislation was designed to legitimise and reform the National Communications Centre (NCC), after the Constitutional Court declared its pre-existing bulk surveillance operations unlawful. The NCC scans millions of communication signals — effectively mass interception of internet traffic flowing through South Africa.
The GILAB tries to provide a legal basis for this surveillance. The structural reforms it introduces — splitting the State Security Agency into a Foreign Intelligence Service and a Domestic Intelligence Agency, and enhancing the role of the Inspector-General of Intelligence — are genuine improvements over what existed before. The law also introduces some court review for bulk interception.
But the oversight architecture remains thin. The IntelWatch briefing on GILAB notes that the designated judge is appointed by the President rather than selected through an independent process, and that the Inspector-General of Intelligence lacks sufficient enforcement authority. Expanding the NCC's legal mandate without independently robust oversight means that the infrastructure for monitoring — and potentially controlling — internet traffic is now larger and more legally entrenched than before.
This matters for shutdown risk because infrastructure and oversight travel together. A government that has built and legally sanctioned a mass interception system is better positioned, technically and institutionally, to impose targeted or broader disruptions. The GILAB does not authorise shutdowns. But it strengthens the institutional apparatus from which such orders might one day flow.
The Disaster Management Act Loophole
The second pressure point is the Disaster Management Act 57 of 2002. Unlike a Section 37 state of emergency, a national state of disaster under the Disaster Management Act does not require parliamentary approval. The Minister of Co-operative Governance and Traditional Affairs can declare one unilaterally when a disaster classification is made. Extensions are granted month-by-month at ministerial discretion, with no legal obligation to provide reasons.
South Africa has already used this mechanism in expansive ways: the COVID-19 lockdown regulations ran under the Disaster Management Act for over two years. An electricity state of disaster was declared from February to April 2023. During those periods, the government held extremely broad regulatory powers.
Nothing in the Disaster Management Act explicitly authorises communications shutdowns. But the breadth of ministerial regulation-making under a declared disaster — combined with no requirement for parliamentary oversight of extensions — creates a gap that, under a less rights-committed government, could be exploited. A future Minister declaring a cybersecurity or infrastructure emergency could test whether broad disaster-period powers extend to telecommunications directives.
What the ECA Amendment Bill Gets Right
There is better news in the Electronic Communications Amendment Bill B12-2026, tabled in the National Assembly on 22 April 2026 and currently open for public submissions until 21 August 2026. The bill is competition- and access-focused: it introduces 'use it or share it' rules for unused spectrum, mandates roaming and MVNO obligations on operators with over 90 percent population coverage, and reforms the facilities leasing framework.
None of this touches emergency powers. But that is itself significant. The Communications and Digital Technologies portfolio is actively focused on broadening market access — reducing barriers for smaller operators, driving down prices, and expanding connectivity — rather than building governmental control levers into the network. That policy orientation is healthier than the alternative.
What South Africa Should Do Now
The combination of continental trend and domestic legal evolution makes the current moment the right time for South Africa to address its framework proactively, not reactively. Globally, internet shutdowns cost $19.7 billion in 2025 — a 156 percent increase over the prior year, affecting 28 countries and nearly 800 million people, according to Top10VPN's research. African governments are adopting shutdown practices in large numbers. South Africa's constitutional tradition and its network infrastructure position — as a regional internet hub — mean a South African shutdown would ripple far beyond its borders.
Three steps would materially harden the current framework. First, Parliament should pass an explicit statutory prohibition on blanket internet shutdowns outside a Section 37 state of emergency, removing any ambiguity about Disaster Management Act powers. Second, the Disaster Management Act should be amended to require National Assembly approval for extensions beyond 90 days and an obligation to publish reasons — the same accountability logic that applies to emergencies should apply to disasters. Third, the GILAB's oversight provisions should be revisited to ensure the designated judge for bulk interception authorisation is selected through a transparent process independent of the executive.
South Africa's current record is genuinely good: not one intentional connectivity disruption in a year when fifteen neighbours fell. The goal should be to make that record structurally durable, not dependent on the virtue of whoever holds executive office.