South Africa Is Not Watching the UK Facial Recognition Story. It Should Be.

The architecture of a biometric surveillance state is already being assembled on South African streets and in South African banks — without the conversation that should accompany it

Video summary: https://youtu.be/gyvZ8uSn__g

Sign up for my Substack daily AI newsletter here.

See my AI Training course portfolio for corporate Business Leaders here.

Article link: https://open.substack.com/pub/johanosteyn/p/south-africa-is-not-watching-the?r=73gqa&utm_campaign=post&utm_medium=web&showWelcomeOnShare=true

Follow me on LinkedIn: https://www.linkedin.com/in/johanosteyn/

On 21 April 2026, Britain’s High Court dismissed a legal challenge against the Metropolitan Police’s use of live facial recognition technology, clearing the way for a nationwide rollout across England and Wales. The government announced plans to increase mobile surveillance units from 10 to 50 nationally. The Home Office confirmed £26.25 million for deployments in knife crime hotspots. The claimant — Shaun Thompson, a Black youth worker and anti-knife crime campaigner who was wrongly identified by the technology, detained, and threatened with arrest despite producing his passport and bank cards — said he would appeal.

As The Register reported in its analysis of the ruling, the Metropolitan Police Commissioner called the decision a significant and important victory for public safety. Big Brother Watch called it disappointing. South Africa’s media covered the story briefly. Most leaders moved on. They should not have — because while Britain is having its facial recognition debate loudly, in courts and in newspapers and in parliamentary motions, South Africa is not having it at all, while assembling the same surveillance infrastructure component by component.

CONTEXT AND BACKGROUND

The UK High Court’s finding — that live facial recognition does not breach rights to privacy, freedom of expression, or freedom of assembly — will be cited by governments around the world that want to deploy mass biometric surveillance while appearing to have respected a rights framework. South Africa does not operate under the European Convention on Human Rights. It operates under a Constitution that is, in many respects, more rights-protective. But the political dynamic is identical: a technology that can identify every face in a public space is being normalised through incremental deployment, favourable legal rulings, and the language of public safety — before citizens have been asked whether they consent.

The South African biometric surveillance infrastructure is already more extensive than most citizens realise. Vumacam’s SafeCity network has thousands of cameras covering Johannesburg, integrated with the Johannesburg Metropolitan Police Department through the Integrated Intelligence Operations Centre, with the Gauteng Provincial Government formalising a partnership to extend coverage into townships, informal settlements, and hostel areas. A February 2026 operation documented by IT-Online showed Vumacam’s control room operators, JMPD officers, and drone units working together in real time — combining camera networks, licence plate recognition, and aerial drone surveillance in a single coordinated response to identify and apprehend a suspect. This is not a pilot programme. It is an operational infrastructure with declared national rollout ambitions.

Simultaneously, Home Affairs Minister Leon Schreiber has confirmed that facial recognition is being embedded into South Africa’s banking and identity systems at scale. Speaking to Parliament in February 2026, Schreiber announced that South Africans would be able to verify their identities remotely using facial recognition linked to the National Population Register, with Capitec expanding to 300 branches by mid-2026 and a target of 1,000 branches by 2029. Facial recognition is simultaneously being expanded to all international airports and major land ports of entry. TechCentral’s reporting on the Department of Home Affairs’ Annual Performance Plan reveals that facial recognition will be the primary biometric method for the Digital ID system — while the same document acknowledges that the department’s own cybersecurity maturity remains low and that no fully implemented disaster recovery strategy yet exists.

INSIGHT AND ANALYSIS

When these components are considered together, the scale of what is being built becomes clear. A private camera network integrated with public law enforcement, covering South Africa’s economic capital. A national Digital ID system anchored in the South African Revenue Service’s hosting environment, with facial recognition as its primary modality. Biometric verification embedded in banking transactions for more than 80 per cent of South African adults. Facial recognition at every international airport and land port. All of this is being assembled in a country where South Africa’s Information Regulator has documented nearly 2,900 data security breaches in the current financial year alone — a 40 per cent increase on the prior period — and currently receives around 284 breach notifications every month.

The legal framework governing this infrastructure is a patchwork not designed for advanced AI surveillance. POPIA governs data protection. The Cybercrimes Act addresses certain digital offences. The Draft National AI Policy Framework was gazetted on 10 April 2026 for public comment — with comments due by 10 June 2026 — and adopts a risk-based approach modelled on the EU AI Act, with stricter requirements for high-risk AI systems in sectors including law enforcement. However, it is a framework for consultation, not operative law.

Baker McKenzie describes it as a roadmap of national principles rather than binding rules at this stage. And as Michalsons notes, the final policy is not expected until late 2026, with sector-specific regulations to follow in 2027 and 2028. The infrastructure is being built years ahead of the legal framework intended to govern it.

Compounding this is a finding from Smile ID's 2026 Digital Identity Fraud Report, covered in detail by IT-Online: in Southern Africa, nearly nine in ten rejected biometric verification attempts are already linked to AI-assisted impersonation and spoofing — with impersonation accounting for 47% of cases and deepfake or face-swap spoofing accounting for a further 40%. The report, based on more than 200 million identity verification checks across 35 countries in 2025, concludes that fraud in Southern Africa is overwhelmingly biometric. South Africa is building a national biometric identity infrastructure at precisely the moment when those systems are becoming the primary and most sophisticated target for AI-driven identity crime. The security argument for surveillance is, in a measurable sense, undermining itself.

The African continental picture provides further context. A landmark March 2026 report by the Institute of Development Studies, covered extensively by Rest of World and IPS News, found that at least 11 African governments have spent over two billion dollars on Chinese-built AI surveillance infrastructure — including AI-powered cameras, biometric data collection, and facial recognition — rolled out across public spaces with little regulation and no independent evidence of effectiveness. The research found that the technology is instead being used in several countries to monitor activists, track protesters, and silence dissent.

The African Union's Peace and Security Council, at its 1,339th meeting on 16 April 2026 — the full communiqué of which is published on the AU's Peace and Security Department website — called explicitly for meaningful human control over AI systems and warned against the misuse of AI for disinformation and the exploitation of sensitive data in ways that could undermine regional stability. And Paradigm Initiative's longstanding research on the state of surveillance technology deployments across Africa documents deployments across Côte d'Ivoire, Ghana, and Nigeria happening without the robust legislative frameworks needed to protect human rights — frameworks that even the UK's contested rollout nominally attempted to satisfy.

IMPLICATIONS

South Africa's Constitution was written in explicit response to what happens when a state is given unaccountable power to identify, track, and monitor its citizens in public space. Section 14's right to privacy, Section 10's right to dignity, and Section 21's right to freedom of movement were not included by accident. They were included because South Africa knew — from direct, lived experience — what racialised surveillance infrastructure does to a society. Academic analysis published by the African Policing Civilian Oversight Forum argues precisely that private mass surveillance networks operating without adequate public oversight or rule-making are a recipe for disaster — and that the constitutional rights at stake require clear policy and public consultation before surveillance infrastructure of this scale is deployed. That consultation has not happened. The technology is not waiting.

For South African business leaders and boards, the implications are concrete and immediate. A national biometric identity system with the government’s own acknowledged low cybersecurity maturity, handling the facial recognition data of millions of South Africans, linked to banking systems and government departments including SASSA and National Treasury, is a material risk that sits at the intersection of data governance, POPIA compliance, and reputational accountability. The Information Regulator is receiving 284 breach notifications every month and has stated its intention to prioritise targeted assessments in banking, financial services, insurance, and telecommunications in the 2026/27 financial year. Organisations that have not yet mapped their exposure to biometric data processing — including through their banking relationships and their own access control systems — are already behind.

CLOSING TAKEAWAY

Britain spent years in legal challenge before its High Court cleared the way for nationwide facial recognition surveillance. That process — however imperfect its outcome — forced a public debate, produced a legal record, and required the government to justify its choices in an open court. South Africa is following the same path without that debate. The cameras are running. The databases are being built. The banking system is being integrated with the National Population Register through facial verification. And the Draft National AI Policy Framework is open for public comment until 10 June 2026 — a deadline most South Africans are unaware of. The question that Britain is now asking — what kind of society do we want to build with this technology — is one South Africa needs to ask with equal urgency. Its Constitution demands it. Its history demands it. And the pace at which the infrastructure is being assembled means the conversation must begin now, not after the architecture is complete and the debate has become academic.

Author Bio: Johan Steyn is a prominent AI thought leader, speaker, and author with a deep understanding of artificial intelligence’s impact on business and society. He is passionate about ethical AI development and its role in shaping a better future. Find out more about Johan’s work at https://www.aiforbusiness.net