The Algorithm in the Room: Why Every Employer Needs an AI Policy — Now

Artificial intelligence is no longer a futuristic concept confined to technology boardrooms. It is already embedded in how South African employers recruit candidates, manage performance, monitor employees, process payroll data, and make decisions that affect people's livelihoods. Yet most organisations have no formal AI policy — and that gap is becoming a legal liability.

South Africa's regulatory environment governing AI use is evolving rapidly. The 2024 National AI Policy Framework, published by the Department of Communications and Digital Technologies (DCDT), and the Draft National AI Policy of 2026, together chart a clear trajectory: risk-based, human-centred AI governance backed by enforceable obligations. For employment law practitioners and HR professionals, this trajectory intersects directly with obligations already embedded in the Labour Relations Act, the Employment Equity Act, POPIA, and the Basic Conditions of Employment Act.

This article sets out what the emerging AI governance framework means for employers, what the current legal landscape requires, and why aligning your AI policy with these developments is not optional — it is a matter of employment law compliance, risk management, and ethical leadership.

From Policy to Obligation: Understanding the Framework

The 2024 National AI Policy Framework is, at present, non-binding. It does not impose direct legal duties. However, dismissing it as merely aspirational would be a serious mistake. The Framework functions as a legislative compass — it signals, with unmistakable clarity, the direction in which binding regulation is heading.

Key Signal to Employers

The Framework explicitly anticipates the introduction of binding obligations around risk assessment, algorithmic transparency, documentation, data governance, and human oversight of AI systems. Organisations that build compliant AI governance structures now will avoid costly retrofitting later.

The Framework is anchored in the Constitution and the Bill of Rights — particularly the rights to equality, dignity, privacy, and freedom from unfair discrimination. These constitutional imperatives are not soft aspirations; they are the bedrock on which South Africa's employment law is built. Any AI system that infringes on these rights will face scrutiny from the CCMA, Labour Courts, and the Information Regulator alike.

The Draft 2026 National AI Policy goes further. It introduces a risk-tiered model — distinguishing between unacceptable, high, medium, and low-risk AI applications — and foreshadows specific duties for organisations deploying AI in high-risk contexts. Employment decisions (hiring, promotion, discipline, retrenchment) fall squarely within the category of high-risk AI use.

The Legal Web: AI Already Regulated by Existing Law

Many employers are unaware that AI use in the workplace is already subject to a dense web of existing South African legislation. The absence of a dedicated AI Act does not mean a regulatory vacuum exists — far from it.

The intersection of these instruments creates a compliance matrix that most organisations have not yet mapped. For example: when an employer uses an AI-powered applicant tracking system, POPIA governs the processing of candidate data, the EEA prohibits algorithmic discrimination, and the LRA requires that any AI-assisted shortlisting process be defensible as fair. A single deployment can engage three statutes simultaneously.

Five Employment Law Fault Lines Every Employer Must Address

Based on the Framework's guidance and the existing legislative landscape, GBS has identified five priority areas where the absence of a coherent AI policy creates immediate legal and operational risk.

1. Algorithmic Bias and the Employment Equity Act

   AI systems trained on historical workforce data can perpetuate — and in some cases amplify — patterns of unfair discrimination. A recruitment algorithm trained primarily on data from a non-diverse workforce will replicate those exclusions, regardless of the employer's stated transformation goals. Section 6 of the EEA prohibits unfair discrimination on any listed ground, and algorithmic output does not shield an employer from liability. Employers must audit their AI tools for bias and be able to demonstrate that algorithmic decisions do not unfairly disadvantage protected groups.
   

2. Automated Decision-Making and Procedural Fairness

   The LRA requires that dismissals and disciplinary actions be both substantively and procedurally fair. Can an employer rely on AI-generated evidence — productivity analytics, communication monitoring data, attendance tracking algorithms — without disclosing the methodology to the affected employee? The answer, increasingly, is no. Employees have a right to understand and challenge the basis for decisions made about them. AI-generated conclusions must be explainable, and the human decision-maker must retain genuine oversight — not merely rubber-stamp a machine's output.
   

3. Privacy, Monitoring, and POPIA

   Workplace AI often involves the continuous processing of employee personal information — monitoring keystrokes, analysing communication patterns, tracking location data, processing biometric information. POPIA requires a lawful basis for every processing activity, explicit purpose limitation, and robust security safeguards. Employees must be informed of monitoring practices. Automated profiling of employees based on behavioural data raises specific risks under POPIA's provisions on automated decision-making, and organisations must be able to justify the proportionality of the monitoring against its stated purpose.
   

4. Workforce Displacement and Section 189

   When AI automates roles previously performed by employees, or fundamentally changes the nature of existing work, the legal consequences are significant. Large-scale AI-driven restructuring will typically trigger the section 189 retrenchment consultation process. Employers must engage meaningfully with affected employees and their representatives, explore alternatives to retrenchment, and apply fair selection criteria — all before any decision is implemented. Treating AI-driven restructuring as a purely operational matter, without engaging labour law obligations, is a recipe for costly disputes.
   

5. Psychological Safety and the OHS Act

   The Occupational Health and Safety Act imposes a duty on employers to provide a safe working environment — and this duty extends to psychosocial risks. AI-enabled performance monitoring, productivity surveillance, and algorithmic management can create significant psychological stress, erode employee autonomy, and damage trust. Employers deploying intrusive AI monitoring systems must assess psychosocial risks, implement appropriate controls, and ensure that management by algorithm does not become a vector for workplace harm.

What a Compliant AI Policy Must Cover

An AI policy is not a technology document — it is a governance instrument. Aligned with the National AI Policy Framework and South Africa's existing legislative framework, a compliant AI policy for employers should address the following:

• AI governance structure — who is responsible for AI oversight, risk management, and policy enforcement within the organisation.

• Inventory and risk classification — a register of all AI tools deployed, with a risk assessment for each use case aligned to the Framework's risk categories.

• Transparency and explainability — requirements for AI systems to produce explainable outputs, and obligations to disclose AI use to affected employees.

• Data governance — rules governing the collection, use, retention, and deletion of data used to train or operate AI systems, aligned with POPIA.

• Human oversight — requirements that consequential decisions (hiring, discipline, retrenchment) always involve meaningful human review of AI output.

• Bias auditing — periodic assessment of AI tools for discriminatory impact, with documented remediation steps.

• Employee rights — procedures through which employees can query, challenge, or seek review of AI-generated decisions affecting them.

• Reskilling and support — commitments to invest in employee development as AI changes the nature of work, and fair processes for managing AI-driven role changes.

• Incident response — a clear process for identifying and addressing AI failures, biased outputs, or privacy breaches.

The Compliance Trajectory: Where This Is Heading

It would be prudent to treat the 2024 Framework and the 2026 Draft Policy not as distant regulatory signals but as the early chapters of a binding compliance story. The direction of travel — risk-based obligations, mandatory transparency, enforceable human oversight requirements — mirrors the approach already adopted in the European Union's AI Act and aligns with the African Union's Continental AI Strategy.

South Africa's participation in international AI governance forums, its constitutional commitment to rights-based governance, and the active legislative pipeline — POPIA already in force, the Labour Law Amendment Bill under consideration, digital economy legislation progressing — all point to an environment where AI governance obligations will be enforceable, auditable, and consequential for non-compliant organisations.

The organisations that will manage this transition most effectively are those that begin building AI governance capacity now — before binding obligations arrive — rather than scrambling to comply after the fact.

An Opportunity, Not Just an Obligation

It would be a mistake to frame AI governance purely as a compliance burden. The Framework explicitly recognises AI as a driver of inclusive growth, improved public services, and economic innovation. For employers, responsible AI use offers real advantages: improved operational efficiency, enhanced workforce planning capability, data-driven HR decision-making, and competitive advantage in talent markets.

The question is not whether to use AI, but how to use it responsibly. Organisations that develop robust AI governance frameworks demonstrate to employees, regulators, clients, and investors that they are serious about ethical leadership. In an environment where trust is an increasingly scarce resource, that credibility has tangible value.

GBS Can Help You Get This Right

At Global Business Solutions, our team of employment law, HR, and AI governance specialists can assist your organisation to:

•  Conduct an AI risk audit across your HR and operational functions

•  Draft a bespoke, legally compliant AI Policy aligned with the National AI Policy Framework, POPIA, the EEA, and the LRA

•  Develop AI-use training for managers, HR professionals, and employees

•  Advise on retrenchment and restructuring processes triggered by AI-driven change

•  Review and advise on workplace monitoring practices for POPIA compliance

Contact us today to schedule a consultation.

Our legal and advisory team is ready to help your organisation navigate the AI compliance journey — confidently, strategically, and ahead of the curve.

This article is for informational purposes only and does not constitute legal advice. For specific legal guidance on protected disclosures, employment practices, or compliance obligations, consult a qualified labour law practitioner.

© 2026 Global Business Solutions (GBS). All rights reserved.

Stay informed, stay compliant and stay ahead of workplace change by joining the Mid-Year Labour Law Update 2026 (#MLLU2026), presented by Jonathan Goldberg and the expert GBS team. This practical and highly relevant labour law event will unpack the most important Labour Court, Labour Appeal Court, Constitutional Court and CCMA decisions from the first half of 2026, together with key statutory developments, NEDLAC proposals and emerging workplace risks. With live sessions in five cities, online attendance options, 100+ updated case summaries, 6 CPD points and valuable take-home resources, MLLU2026 is designed to help employers, HR, ER, IR and legal professionals prepare confidently for the second half of the year. With more than 610 delegates attending #MLLU2025, the Mid-Year Labour Law Update has established itself as one of the biggest and most relevant labour law updates in South Africa. Register now to secure your place.

View our upcoming events: Upcoming Events and Qualifications, like B-BBEE Session 4: Building Black Business Ecosystems (Enterprise & Supplier Development), Code of Good Practice on Dismissal, AI Compass Intake 2, Higher Occupational Certificate: HRM Administrator NQF5, Advanced Occupational Certificate: HRM Officer (NQF 6) and Employment Equity Committee Capacitation.

*All workshops are offered as customised in-house training that can be presented virtually or on-site.