Cloud and Hosting Procurement in South Africa: SITA, Data Sovereignty and Compliance in 2026 — April 2026 Update
As a procurement strategist for Tenders SA, I am compelled to address the critical topic of cloud and hosting procurement in South Africa, particularly in the context of SITA, data sovereignty, and compliance in 2026. The current regulatory environment demands that security contractors in Gauteng prioritize compliance with various legislation and regulations to ensure the security and integrity of data. In this article, I will provide an overview of the regulatory framework, required documentation and registrations, and a step-by-step compliance approach to ensure security suppliers in Gauteng are well-equipped to navigate the procurement landscape.
By Kabelo Molefe
As a procurement strategist for Tenders SA, I am compelled to address the critical topic of cloud and hosting procurement in South Africa, particularly in the context of SITA, data sovereignty, and compliance in 2026. The current regulatory environment demands that security contractors in Gauteng prioritize compliance with various legislation and regulations to ensure the security and integrity of data. In this article, I will provide an overview of the regulatory framework, required documentation and registrations, and a step-by-step compliance approach to ensure security suppliers in Gauteng are well-equipped to navigate the procurement landscape.
The Regulatory Framework
The regulatory framework governing cloud and hosting procurement in South Africa is multifaceted. The Public Procurement Framework Act (PPPFA) and the Broad-Based Black Economic Empowerment (BBBEE) Act are key pieces of legislation that regulate procurement practices in South Africa. The Construction Industry Development Board (CIDB) Act and the Municipal Finance Management Act (MFMA) also play a crucial role in governing procurement practices in the construction and municipal sectors, respectively. Furthermore, the Protection of Personal Information Act (POPIA) and the Cyber Security Policy Framework regulate the protection of personal information and cybersecurity in South Africa.
In the security sector, the Private Security Industry Regulatory Authority (PSIRA) Act is a critical piece of legislation that regulates the private security industry in South Africa. Security suppliers in Gauteng must comply with PSIRA regulations to operate lawfully. The regulatory bodies responsible for enforcing these regulations include PSIRA, the Department of Public Works and Infrastructure (DPWI), and the National Treasury.
What Security Suppliers in Gauteng Must Have in Place
Security suppliers in Gauteng must have various documentation and registrations in place to ensure compliance with regulatory requirements. These include:
- PSIRA registration (company and all guards, Grade A/B/C): issued by PSIRA, valid for 2 years, and must be renewed upon expiration. The official portal URL is psira.co.za.
- Central Supplier Database (CSD) registration: issued by the National Treasury, valid for 2 years, and must be renewed upon expiration. The official portal URL is csd.gov.za.
- BBBEE certificate: issued by a certified verification agency, valid for 1 year, and must be renewed upon expiration.
- SARS Tax Clearance Certificate (TCS): issued by SARS, valid for 1 year, and must be renewed upon expiration. The official portal URL is sars.gov.za.
- COIDA letter of good standing: issued by the Compensation Commissioner, valid for 1 year, and must be renewed upon expiration.
Step-by-Step Compliance Approach
To ensure compliance with regulatory requirements, security suppliers in Gauteng should follow these steps:
- Verify PSIRA registration (company and all guards) on the PSIRA portal at psira.co.za before submitting tenders. PSIRA certificates must be current for the company AND every deployed guard. A single expired guard certificate can void the entire contract.
- Register on the CSD and ensure that your company profile is up-to-date and accurate.
- Obtain a valid BBBEE certificate from a certified verification agency.
- Obtain a SARS Tax Clearance Certificate (TCS) and ensure that your tax affairs are in order.
- Obtain a COIDA letter of good standing from the Compensation Commissioner.
The Most Common Compliance Failures
Common compliance failures that cause security submissions to be rejected include:
- Expired or invalid PSIRA certificates
- Incomplete or inaccurate CSD registration
- Invalid or expired BBBEE certificates
- Failure to submit required documentation, such as SBD forms
- Non-compliance with BBBEE affidavit rules
- Failure to attend compulsory briefing sessions
2026 Context: What Security Suppliers Should Focus On
In 2026, security suppliers in Gauteng should focus on data sovereignty and compliance with regulatory requirements. The South African government has emphasized the importance of data sovereignty, and security suppliers must ensure that they comply with POPIA and other relevant regulations. Additionally, security suppliers should prioritize cybersecurity and ensure that they have adequate measures in place to protect personal information.
How Tenders-SA.org Helps
At Tenders-SA.org, we provide a range of tools and services to help security suppliers in Gauteng navigate the procurement landscape. Our AI-powered matching system ensures that security suppliers are matched with tender opportunities that align with their compliance profile. Our Company Profile Builder allows security suppliers to create a comprehensive profile that captures their PSIRA registration, CSD registration, and other relevant documentation. We also provide tender alerts and offer a range of resources and guides to help security suppliers stay up-to-date with regulatory requirements.
ICT & Smart City Analyst specializing in digital transformation and security technology for South African municipalities.
Tags
Based on this article's topics, here are some current tenders that might interest you
Bidders List - Security Guarding Services for Peaking Operating Unit; Northen Region (Drakensberg Pumped Storage Scheme (NKP); Ingula Pumped Storage Scheme (NKP), Gariep Power Station, Vanderkloof Power Station) Southern Region (Ankerlig 1, 2 and 3 (NKP), Gourikwa (NKP), Palmiet Pumped Storage Scheme, Port Rex, Sere Windfarms).
CLOSING REGISTER - APPOINTMENT OF SERVICE PROVIDER FOR SECURITY SERVICES BASED IN THE SOUTHERN SECTION FOR A PERIOD OF 36 MONTHS.
CLOSING REGISTER - APPOINTMENT OF SERVICE PROVIDER FOR SECURITY SERVICES BASED IN NORTHEN SECTIONFOR A PERIOD OF 36 MONTHS.
APPOINTMENT OF SERVICE PROVIDERS FOR THE PROVISION OF PHYSICAL SECURITY SERVICES (ARMED GUARDING, UNARMED GUARDING AND TACTICAL RESPONSE SERVICES)
Appointment of one or more service providers for the provision of security services to Rustenburg Local Municipality for a period of 36 months
Appointment of service provider/s for provision of physical security for City of Matlosana for 2026/27–2028/29 financial year.
Want to see all available tenders?
Browse All Tenders →Share this article
Cloud and Hosting Procurement in South Africa: SITA, Data Sovereignty and Compliance in 2026 — April 2026 Update
As a procurement strategist for Tenders SA, I am compelled to address the critical topic of cloud and hosting procurement in South Africa, particularly in the context of SITA, data sovereignty, and compliance in 2026. The current regulatory environment demands that security contractors in Gauteng prioritize compliance with various legislation and regulations to ensure the security and integrity of data. In this article, I will provide an overview of the regulatory framework, required documentation and registrations, and a step-by-step compliance approach to ensure security suppliers in Gauteng are well-equipped to navigate the procurement landscape.