Month: January 2026

Hidden Digital Dependency and the Case for a National Technology Dependency Audit in South Africa

Given SHINGANGE

Abstract

South Africa’s rapid digital transformation has been enabled largely through the adoption of foreign-owned and foreign-governed digital technologies, including cloud platforms, software ecosystems, cybersecurity tools, and global payment networks. While these technologies have improved efficiency, scale, and service delivery, they have also introduced a less visible but strategically significant risk: hidden digital dependency. This article argues that South Africa’s most serious digital vulnerability does not arise from overt hardware procurement or isolated vendor choices, but from embedded dependencies in control planes, identity systems, software update mechanisms, cybersecurity supply chains, and cross-border data governance regimes that lie beyond South Africa’s legal and political authority. Drawing on international political economy and security literature, particularly the concept of weaponised interdependence, and grounding the analysis in South Africa’s cybersecurity, data, and infrastructure governance frameworks, the article demonstrates that current national preparedness is fragmented and insufficient. It advances the case for a National Technology Dependency Audit as a proportionate, governance-aligned instrument to restore visibility, prioritise risk, and strengthen national resilience without pursuing technological isolation. The article concludes that resilient interdependence, rather than digital autarky, should be South Africa’s strategic objective in an increasingly contested digital environment.

Keywords: digital sovereignty; hidden digital dependency; weaponised interdependence; cybersecurity supply chains; cloud governance; South Africa.

1. Introduction

Digital infrastructure has become foundational to modern state capacity. In South Africa, digital systems underpin revenue collection, social grant disbursement, banking and payments, aviation and logistics, healthcare delivery, municipal services, and political communication. The state’s ability to govern, regulate, and deliver services increasingly assumes uninterrupted access to global digital platforms and networks. Yet this assumption is rarely interrogated at the level of national risk.

South Africa’s digital modernisation has been shaped primarily by pragmatic considerations: cost efficiency, scalability, skills availability, and speed of deployment. As a result, government departments, state-owned enterprises, and systemically important private-sector actors have adopted foreign cloud platforms, software ecosystems, and cybersecurity services as default infrastructure. While this trajectory has produced tangible short-term benefits, it has also created long-term structural dependencies that remain poorly understood within policy and security circles.

This article argues that South Africa faces a growing problem of hidden digital dependency, and that the absence of a national technology dependency audit represents a strategic governance failure. Existing policy instruments recognise aspects of digital risk, but they do not provide a consolidated national view of where foreign control intersects with critical digital functions. Without such visibility, preparedness remains reactive, fragmented, and overly dependent on assumptions of benign continuity.

2. Conceptualising hidden digital dependency

Hidden digital dependency refers to reliance on foreign-owned or foreign-governed digital capabilities that are essential to national continuity but are not treated as strategic dependencies. Modern digital architectures deliberately abstract control. Users interact with applications and dashboards, while authority over identity, encryption, updates, availability, and compliance resides elsewhere.

These dependencies typically manifest across several layers:

  • control-plane governance in cloud platforms,
  • identity and authentication services,
  • encryption key management and certificate authorities,
  • software update and patching ecosystems,
  • proprietary application programming interfaces and data formats, and
  • cross-border data governance regimes.

The critical distinction is between operational use and strategic control. A system may be hosted locally, staffed locally, and paid for locally, yet remain subject to external decisions regarding access, lawful disclosure, or termination. This distinction explains why digital dependency is a national security and sovereignty issue rather than a purely technical or commercial concern.

3. Weaponised interdependence and digital power

The concept of weaponised interdependence provides a useful analytical lens for understanding why hidden digital dependency matters at state level. Farrell and Newman argue that global economic and information networks are structured around hubs and chokepoints, and that actors who control these nodes can exploit them for coercive purposes. Power is often exercised indirectly, through private intermediaries complying with domestic law, export controls, or risk-averse corporate policies.

In the digital domain, these hubs include cloud control planes, dominant operating systems, app distribution platforms, global payment networks, and cybersecurity service providers. Control over these nodes enables surveillance, denial of access, and influence through standards and ecosystem rules.

For South Africa, the key issue is asymmetry. Dependence on a small number of global technology ecosystems concentrates risk and creates latent leverage, regardless of political intent. Even in the absence of formal sanctions, export controls, compliance overreach, and platform governance decisions can constrain access to essential services during periods of geopolitical stress. In this sense, hidden digital dependency constitutes a standing condition of vulnerability rather than a contingent threat.

4. South Africa’s digital governance architecture and its limits

South Africa is not without relevant policy instruments. The National Cybersecurity Policy Framework positions cybersecurity as a national interest and calls for the protection of critical information infrastructure. The Protection of Personal Information Act establishes principles for lawful processing and data protection. The Cybercrimes Act provides mechanisms for criminal investigation and cooperation. The National Policy on Data and Cloud articulates ambitions for a data-driven economy and provides policy direction on cloud adoption.

However, these instruments operate largely in silos. None mandates a systematic assessment of foreign technology dependency across critical national functions. Cybersecurity governance focuses on coordination and incident response rather than structural dependency. Data policy prioritises economic opportunity and inclusion rather than control and jurisdiction. Procurement decisions remain decentralised and sector-specific.

The result is fragmented preparedness. No single authority is responsible for understanding how foreign control, legal jurisdiction, and platform governance intersect across the national digital ecosystem. This fragmentation creates blind spots that only become visible during crises.

5. National security implications of hidden digital dependency

Hidden digital dependency generates several interrelated categories of national security risk.

First, jurisdictional risk arises when foreign legal regimes can compel technology providers to disclose data or restrict services through corporate entities, irrespective of where data is physically stored. Data location does not equate to data control.

Second, availability risk emerges when access to platforms, identity services, or software updates is degraded or denied due to compliance actions, geopolitical disruption, or corporate policy changes. Modern cloud platforms integrate identity, security monitoring, and administrative control into a single dependency stack.

Third, integrity risk arises from software supply chain compromise. Trusted update mechanisms and centrally managed platforms can be exploited or withdrawn, creating systemic exposure across multiple institutions simultaneously.

Fourth, lock-in risk constrains policy autonomy. Proprietary platforms and data formats raise switching costs and narrow exit options, creating indirect coercion even in the absence of explicit restrictions.

Finally, strategic leverage risk arises when concentrated dependency becomes a bargaining chip during diplomatic or economic disputes. South Africa’s current preparedness does not adequately address these risks because it treats them as isolated technical issues rather than interconnected structural vulnerabilities.

6. Sectoral exposure in South Africa

Hidden digital dependency is not evenly distributed. Its impact varies across sectors.

In government administration, digital identity and access management underpin grants, payroll, licensing, and secure communications. External governance of authentication services, certificate authorities, or key management creates a single point of failure for the digital state.

In financial systems, payment rails, clearing mechanisms, and fraud detection tools rely on global networks governed externally. International experience demonstrates that financial messaging and settlement access can be restricted rapidly, with cascading economic effects.

In aviation, transport, and logistics, air traffic management, port operations, and cargo systems depend on specialised software, satellite navigation, and real-time data exchange subject to export controls and certification regimes.

In health and social services, cloud-hosted systems process sensitive data and support social stability. Dependency without contingency planning magnifies both operational and political risk.

Across sectors, dependency mapping is typically treated as an operational concern rather than a strategic one, reinforcing the need for a national-level assessment.

7. Cloud governance, data sovereignty, and control

Cloud computing sits at the centre of South Africa’s hidden dependency problem. Policy debate has focused largely on data residency and economic development. Yet scholarship and policy analysis consistently demonstrate that data location does not equal control. Jurisdiction follows corporate domicile and legal obligation, not server geography.

While POPIA addresses personal information protection, it does not resolve conflicts of law or address national security data, metadata, or platform telemetry. International best practice emphasises control-plane independence, transparency in lawful access procedures, and tested exit mechanisms. These factors are not systematically assessed in South Africa’s current governance approach.

8. Cybersecurity supply chains as a dependency vector

Cybersecurity tooling itself introduces dependency. South African institutions increasingly rely on foreign-managed platforms for endpoint protection, threat detection, and incident response. These tools often require privileged access and centralised update mechanisms.

Supply chain incidents documented internationally demonstrate how compromise or withdrawal of trusted vendors can cascade across multiple organisations. Treating cybersecurity procurement as a routine operational matter overlooks jurisdictional exposure, export control risk, and platform governance. A credible dependency audit must therefore include defensive technologies, not only productive systems.

9. Sanctions, export controls, and platform governance

Contemporary sanctions and export controls increasingly target technology ecosystems rather than individual goods. Export controls on advanced computing, software, and components operate upstream, affecting entire supply chains. At the same time, platform governance increasingly functions as de facto sanctions enforcement, with access constrained through terms of service and compliance risk.

Denial can occur without formal designation of a country or institution, creating grey-zone exposure for non-aligned states. For South Africa, neutrality does not eliminate risk. Visibility and mitigation are therefore essential.

10. Why current preparedness is inadequate

South Africa’s preparedness gap is structural rather than technical. Accountability is fragmented across departments. Compliance with international standards is often mistaken for resilience. Most critically, preparedness is built on an implicit assumption of continuity in global digital access.

In an environment characterised by strategic competition, sanctions, and platform power, this assumption is no longer defensible. Preparedness that assumes continuity is not preparedness at all.

11. The case for a National Technology Dependency Audit

A National Technology Dependency Audit provides a structured means of restoring visibility. It identifies which digital capabilities are essential to national continuity, where foreign control is embedded, under what legal and contractual conditions access is governed, and what the impact of disruption would be.

The audit is diagnostic rather than prescriptive. It does not ban technology or dictate suppliers. Its value lies in enabling evidence-based prioritisation, coordination across sectors, and informed decision-making.

12. Addressing objections

Claims that dependency audits deter investment misunderstand investor preferences for predictable governance. Concerns about isolation or censorship reflect governance risk, not inevitability. The objective is not digital autarky, but resilient interdependence: maintaining global connectivity while preserving national capability.

13. Conclusion

Hidden digital dependency is a present condition for South Africa, not a hypothetical future risk. Existing policies acknowledge aspects of digital risk but do not address foreign control holistically. A National Technology Dependency Audit is a proportionate, policy-aligned response that transforms intuition into evidence and reaction into preparation.

In an increasingly contested digital environment, South Africa’s strategic objective should not be control over global technology systems, but the capacity to govern, decide, and function under pressure. Without a dependency audit, that capacity remains uncertain.

References (Harvard)

BIS (2019). Export Administration Regulations and Entity List Amendments.

Couldry, N. and Mejias, U. (2019). The Costs of Connection. Stanford University Press.

Cory, N. (2017). Cross-Border Data Flows. ITIF.

DCDT (2024). National Policy on Data and Cloud. Government of South Africa.

Deibert, R. (2013). Black Code. Oxford University Press.

Drezner, D. (2015). Economic Statecraft. Princeton University Press.

ENISA (2021). Threat Landscape for Supply Chain Attacks.

Farrell, H. and Newman, A. (2019). ‘Weaponized Interdependence’, International Security, 44(1), 42–79.

Government of South Africa (2013). Protection of Personal Information Act.

Government of South Africa (2015). National Cybersecurity Policy Framework.

Government of South Africa (2019). Critical Infrastructure Protection Act.

Government of South Africa (2020). Cybercrimes Act.

Kello, L. (2017). The Virtual Weapon and International Order. Yale University Press.

Mueller, M. (2017). Will the Internet Fragment? Polity.

NIST (2022). Cybersecurity Supply Chain Risk Management (SP 800-161 Rev.1).

OECD (2020). Digital Security Risk Management.

Schneider, F. (2019). Cloud Sovereignty. SWP.

UNCTAD (2021). Digital Economy Report.

World Economic Forum (2023). Global Cybersecurity Outlook.

Article 4: Governing the Cognitive Domain – Why South Africa Is Structurally Unprepared for Influence Operations

Given SHINGANGE

The first three articles in this series established three core points. Article 1 defined influence operations as a defining feature of contemporary conflict, operating primarily in the cognitive domain. Article 2 examined how digital platforms and fragmented media ecosystems enable influence at scale. Article 3 demonstrated why South Africa is particularly exposed, drawing on empirical indicators such as rising identity salience, declining intergroup trust, and widespread perceptions of institutional unfairness.

These indicators are not abstract social trends. They are measurable signals of cognitive vulnerability. Article 4 therefore turns to the institutional question: despite the visibility of these signals, is South Africa structurally capable of recognising and responding to influence operations as a governance and security challenge?

The short answer is no—not because of a lack of concern or policy language, but because South Africa’s governance architecture remains fundamentally misaligned with the nature of cognitive and information-layer threats.

The Category Error in South Africa’s Security Thinking

South Africa continues to treat influence, disinformation, and narrative contestation as peripheral issues—communication problems, political risks, or media ethics concerns—rather than as core national security challenges. This is a category error. Influence operations operate below the threshold of traditional security responses, yet they shape the conditions under which democratic governance, social cohesion, and institutional legitimacy function.

The country’s security architecture reflects an earlier era of threat perception. Cybersecurity is framed largely in technical terms: systems, networks, critical infrastructure, and cybercrime. Strategic communications are treated as a government messaging function. Social cohesion is addressed through social policy and symbolic nation-building initiatives. These domains operate in silos, despite the fact that influence operations exploit precisely the gaps between them.

As a result, no single institution is responsible for understanding or defending the cognitive domain as a system.

Policy Without Strategy, Strategy Without Structure

South Africa does not suffer from a complete absence of policy. The National Cybersecurity Policy Framework (NCPF), now a decade old, acknowledges information security and cyber threats in broad terms. However, it offers little conceptual clarity on influence operations, cognitive security, or narrative resilience. More importantly, it does not translate these concerns into institutional design, roles, or accountability.

This reflects a deeper structural problem: policy has not been followed by strategy, and strategy has not been followed by structure. Influence operations cut across cybersecurity, intelligence, communications, education, and social trust, yet no coordinating mechanism exists to integrate these domains. Responsibility is diffused, and accountability is absent.

In such an environment, responses to influence-related incidents are necessarily reactive, fragmented, and politicised.

The Absence of Cognitive Security as a Governance Concept

One of the most significant gaps in South Africa’s security discourse is the absence of cognitive security as an explicit governance concept. There is no shared framework for understanding how identity, trust, perception, and information interact as security variables. As a result, influence is either over-securitised—treated as a threat to be suppressed—or under-securitised—dismissed as free speech, politics, or noise.

This false binary paralyses response. Cognitive security does not require censorship or information control. It requires the capacity to anticipate how narratives form, spread, and harden, and how institutional behaviour either mitigates or accelerates those processes. Without this conceptual foundation, even well-intentioned interventions risk undermining legitimacy further.

Institutional Trust as a Strategic Variable

Article 3 showed that trust erosion is a central vulnerability in South Africa’s cognitive battlespace. Yet trust is rarely treated as a strategic variable in governance design. Institutions measure performance through compliance, outputs, or political alignment, not through their contribution to societal trust and interpretive stability.

This omission is consequential. Influence operations thrive where institutions are perceived as opaque, inconsistent, or self-interested. Every governance failure, communication misstep, or policy contradiction becomes material for narrative exploitation. In this sense, institutional behaviour itself becomes part of the information environment.

South Africa’s challenge is therefore not only defensive, but reflexive. Institutions must recognise their role as narrative actors, whether they intend to be or not.

Why Tactical Responses Will Continue to Fail

Calls for fact-checking initiatives, platform regulation, or counter-disinformation units are understandable, but insufficient. These are tactical responses to a strategic problem. Without an overarching framework for cognitive security, such measures risk becoming symbolic, selectively enforced, or politically contested—further eroding trust.

Influence operations adapt faster than regulatory or bureaucratic processes. By the time a narrative is identified and countered, its cognitive effects may already be embedded. Resilience, not reaction, is therefore the appropriate objective.

Conclusion: Structure Follows Strategy, or Failure Persists

This article has argued that South Africa’s vulnerability to influence operations is not primarily a function of hostile actors or technological change. It is the result of structural misalignment: governance systems designed for a different era confronting threats they were never configured to address.

Influence operations exploit gaps between institutions, disciplines, and mandates. Until South Africa recognises the cognitive domain as a legitimate and shared security concern—and aligns policy, strategy, and structure accordingly—those gaps will remain exploitable.

The implication is not that South Africa needs more laws, louder messaging, or heavier regulation. It needs a coherent way of seeing. In the cognitive domain, perception is not merely the object of security; it is the terrain on which security is decided.

Article 3: Influence Operations in South Africa – Identity, Grievance, and the Cognitive Battlespace

Given SHINGANGE

Article 1 of this series established influence operations as a defining feature of contemporary conflict, operating primarily in the cognitive domain rather than through force. Article 2 examined how digital platforms, algorithms, and fragmented media ecosystems enable these operations at scale. This third article addresses a more fundamental question: why such operations are increasingly effective in South Africa, even in the absence of clear attribution or coordinated campaigns.

Influence operations do not begin with messages or platforms; they begin with people. Specifically, they exploit how individuals understand identity, trust others, and interpret grievance. These elements constitute the cognitive battlespace. In South Africa, this battlespace has been shifting in measurable ways over the past decade, creating conditions that lower resistance to influence, polarisation, and narrative manipulation.

This article does not claim to identify or attribute specific influence operations targeting South Africa. Nor does it argue that changes in public attitudes are the direct result of coordinated campaigns. Instead, it examines the structural and psychological conditions that make influence more efficient once narratives are introduced. Influence operations rarely manufacture division; they succeed by activating and amplifying perceptions that already exist.

Identity Salience and Cognitive Fragmentation

Afrobarometer’s 2024/2025 survey data provides a credible empirical lens into South Africa’s cognitive terrain. The findings show a pronounced shift away from national identity towards ethnic identity. While most citizens still report balancing the two, one-quarter of South Africans now identify more strongly with their ethnic group than with being South African, and only a small minority prioritise national identity alone. This represents a sharp reversal from the early 2010s, when national identification peaked following the 2010 FIFA World Cup.

From an influence-operations perspective, this shift matters because national identity functions as a stabilising cognitive frame. When it weakens, audiences become more receptive to narratives that interpret politics, economics, and governance through group-based lenses. Identity does not need to be weaponised aggressively; its mere salience reduces the effort required to frame issues as exclusionary or zero-sum.

Afrobarometer data further shows that perceptions of ethnic discrimination by the state are widespread and cross-cutting. Nearly half of respondents believe their ethnic group is treated unfairly by government. In influence terms, the factual accuracy of this perception is secondary. What matters is that grievance frames already exist, are emotionally resonant, and can be activated without the introduction of false information.

Trust Erosion and the Weakening of Informal Resilience

Identity salience becomes operationally significant when combined with declining trust. Fewer than one-third of South Africans report trusting members of other ethnic groups. Low horizontal trust weakens informal social resilience mechanisms such as peer correction, cross-group dialogue, and social sanction against extreme narratives. It also increases reliance on in-group validation, which digital platforms are particularly effective at reinforcing.

At the same time, tolerance in everyday interactions remains relatively high. Most South Africans report that they would not mind living next to someone from a different ethnic group, and interethnic marriage remains broadly accepted. This apparent contradiction is critical. It suggests that the primary risk is not immediate social breakdown, but cognitive hardening: physical coexistence alongside psychological distancing. Contemporary influence operations are optimised for this condition, prioritising long-term attitudinal shifts over mobilisation or violence.

Synthesis: From Cognitive Conditions to Influence Effects

Taken together, the data points to a coherent influence-operations pathway. Rising identity salience provides the targeting variable; perceived grievance supplies emotional resonance; declining trust reduces social friction against polarising narratives; and digital platforms amplify emotionally charged content at scale. The result is not persuasion in the classical sense, but gradual normalisation of suspicion, disengagement, and interpretive closure. Influence succeeds not by convincing people of new ideas, but by narrowing how they interpret existing ones.

This synthesis is important because it clarifies that influence effectiveness in South Africa does not depend on sophisticated disinformation or foreign orchestration. It depends on the interaction between social fragmentation and an information ecosystem that rewards outrage, affirmation, and repetition.

Platforms, Amplification, and Narrative Stickiness

As discussed in Article 2, digital platforms privilege engagement over accuracy. In South Africa, media-monitoring and misinformation-reporting initiatives consistently show that polarising, identity-laden, and emotionally charged content outperforms corrective or contextual information. These dynamics do not require malicious intent. Political rhetoric, economic stress, historical grievance, and sensationalist media all feed into the same amplification loops.

This marks a departure from earlier models of information warfare. The threat is less about falsehood insertion and more about narrative dominance. Influence operations in this environment are often decentralised, opportunistic, and endogenous. Narratives are laundered across communities, reframed by local actors, and legitimised through repetition rather than authority.

Influence Without Attribution

A persistent weakness in South African discourse is the assumption that influence operations must be foreign, centralised, and provable. This assumption obscures more pervasive dynamics. As argued in Article 1, influence can be diffuse and politically ambiguous while still producing strategic effects. In South Africa, these effects may include declining confidence in democratic processes, normalisation of institutional distrust, and increased receptivity to simplistic explanations for complex governance challenges.

None of these outcomes require a single adversary. They require only a permissive cognitive environment and an information ecosystem optimised for emotional engagement.

Policy and Governance Implications

South Africa’s current security and governance frameworks are poorly aligned to these realities. Cybersecurity policy remains focused on technical infrastructure, cybercrime, and system integrity, with minimal engagement with cognitive or information-layer threats. The National Cybersecurity Policy Framework, in particular, offers little guidance on influence, narrative resilience, or societal trust as security variables.

This creates a structural blind spot. Without recognising the cognitive battlespace, responses default to reactive communication, content takedowns, or politicised blame. None address the underlying conditions identified here. Building resilience requires institutional coordination across cybersecurity, communications, education, and social policy—areas that currently operate in silos.

Conclusion

Article 1 established influence operations as a defining feature of modern conflict. Article 2 explained how digital platforms enable them. This article has shown why South Africa is particularly exposed: not primarily because of hostile actors, but because of measurable shifts in identity, trust, and grievance that weaken cognitive resilience.

The most serious influence challenge facing South Africa may therefore be internal rather than external, structural rather than tactical. Until influence is understood as a function of societal conditions rather than isolated campaigns, policy responses will remain misaligned. Influence operations succeed not when societies are divided, but when they lack the institutional and social capacity to recognise how division is being exploited.

Article 2: Why South Africa Is Structurally Vulnerable to Influence Operations

Given SHINGANGE

Influence operations do not succeed because societies are careless or uninformed. They succeed because societies are structurally exposed. South Africa is one such society, not because it is uniquely weak, but because its historical, social, and institutional conditions create fertile ground for cognitive manipulation.

This vulnerability is not primarily technological. It cannot be explained by social media alone, nor solved through platform regulation or content moderation. It is rooted in long-standing fractures, unresolved grievances, and declining trust in authority. Until these structural conditions are acknowledged explicitly, responses to influence operations will remain superficial, reactive, and misdirected.

Understanding structural vulnerability is uncomfortable because it forces inward reflection rather than outward blame. But without this honesty, resilience remains rhetorical.

Influence follows fractures, not platforms

A common analytical error is to treat influence operations as a product of digital platforms. Platforms matter, but they do not determine what resonates. Influence operations follow fractures, not technologies.

In South Africa, several fractures are persistent and deeply embedded. Economic inequality remains extreme and highly visible. Unemployment, particularly among young people, is chronic. Service delivery failures are experienced daily and locally. Corruption has shifted from scandal to expectation. Political promises frequently collapse into administrative incapacity.

These conditions generate frustration, resentment, and mistrust. Influence operations do not invent grievances. They identify where emotional pressure already exists and apply narrative force.

Focusing too narrowly on platforms obscures the real drivers of vulnerability. Platforms amplify what societies already feel; they do not create those feelings from nothing.

Lived experience as a narrative battleground

In South Africa, political narratives intersect directly with lived experience. This is a critical distinction.

When electricity fails, water is unreliable, housing is inadequate, or safety deteriorates, people do not experience these as abstract governance challenges. They experience them as personal neglect. Narratives that frame these failures as intentional, inevitable, or evidence of systemic betrayal resonate quickly because they align with daily reality.

Influence operations exploit this alignment. They do not contradict lived experience; they reinterpret it. They shift the question from “why is this failing?” to “who is responsible and why should they be trusted?”

Once that shift occurs, the space for institutional explanation narrows sharply. Technical responses sound evasive. Structural complexity sounds like excuse. Emotionally satisfying narratives outperform accurate ones.

Inequality and the politics of comparison

South Africa’s inequality does more than produce hardship. It produces constant comparison.

People compare themselves to neighbours, communities, municipalities, provinces, and imagined alternatives. Digital platforms intensify this by placing unequal realities side by side without context. The result is not only frustration, but moral interpretation. Inequality becomes evidence of injustice, exclusion, or deliberate neglect.

Influence operations leverage this interpretive layer. Narratives frame inequality not simply as a policy failure, but as proof that the system benefits some at the expense of others. This framing deepens resentment and accelerates polarisation.

Once inequality is moralised in this way, compromise becomes difficult. Governance challenges are recast as existential conflicts.

Racism as a latent identity fracture

Racism remains one of South Africa’s most enduring and emotionally charged fractures, not always visible in daily discourse, but never absent from collective memory. It functions less as a constant explicit conflict and more as a latent identity fault line that can be activated under conditions of stress.

Importantly, racism in this context is not only about overt prejudice or individual attitudes. It is embedded in historical experience, spatial inequality, economic exclusion, and perceived patterns of advantage and disadvantage. These experiences are carried forward through narrative, memory, and identity.

Influence operations exploit this latent quality. Racial framing does not need to be explicit to be effective. It can be implied through language, imagery, selective emphasis, or comparison. Narratives that suggest group-based blame, intentional exclusion, or inherited injustice resonate quickly because they connect present frustration to historical explanation.

This makes racial narratives particularly powerful during elections. They compress complex structural problems into emotionally legible stories and discourage nuance, because challenging the narrative can feel like denying lived experience.

The strategic risk is not that racism suddenly “returns” during elections. It is that unresolved racial identity tensions provide a ready-made emotional infrastructure for influence.

Language, identity, and segmented influence

South Africa’s linguistic and cultural diversity is often celebrated as a strength. Strategically, it also enables segmented influence.

Narratives can be tailored by language, region, generation, class, and political identity. The same issue can be framed differently for different audiences, each version optimised for emotional resonance rather than shared understanding.

This segmentation fragments the information environment. Communities mobilise around parallel narratives that do not fully overlap. Disagreement becomes not only factual, but interpretive. Institutions struggle to communicate coherently across these divides.

Fragmentation weakens collective sense-making and lowers the threshold for manipulation.

Literacy, information processing, and cognitive load

Another often overlooked source of structural vulnerability is uneven literacy, not only in basic reading and writing, but in media literacy, digital literacy, and civic literacy.

South Africa’s information environment assumes levels of fluency that are not evenly distributed. Many citizens navigate political information across multiple languages, informal channels, and low-trust environments. Under these conditions, complex explanations struggle to compete with simplified narratives that rely on emotion, repetition, and familiar framing.

Influence operations exploit this asymmetry. They reduce complexity, personalise blame, and rely on emotionally intuitive cues rather than detailed argument. This is not a reflection of intelligence or engagement, but of cognitive load. When people are overwhelmed, they gravitate toward messages that are easier to process and emotionally coherent.

Uneven literacy also increases reliance on social trust networks. Information is evaluated not only on content, but on who shared it and how it feels. This makes segmented influence more effective and correction more difficult.

The result is not uniform misinformation, but uneven vulnerability.

Declining institutional trust as a force multiplier

Influence operations accelerate where trust is low. In South Africa, confidence in political parties, local government, law enforcement, and public institutions has eroded steadily.

As trust declines, authority shifts. People rely more on peer networks, community figures, and emotionally resonant narratives. Credibility is anchored in perceived authenticity rather than institutional role.

This is a force multiplier for influence operations. Narratives no longer require institutional validation to spread. In some cases, institutional denial reinforces belief by appearing defensive or disconnected.

Once trust collapses, correction becomes difficult. Evidence is discounted. Motives are assumed.

Algorithmic amplification and outrage economics

Digital platforms reward reaction. Content that provokes anger, fear, certainty, or moral judgement travels faster than content that explains complexity.

This creates an economy of outrage. Extreme positions gain visibility. Moderation struggles. Nuance is crowded out.

Influence operations do not need to dominate the information space. They need only to shape its emotional tone.

Why local government elections magnify vulnerability

Local government elections sit at the intersection of these dynamics.

They are emotionally proximate, tied to daily life, embedded in community identity, and less consistently scrutinised. Narratives spread through informal channels where verification is weak and trust is relational.

Influence operations can operate below national radar while producing immediate effects: protests, delegitimised councillors, contested outcomes, and community instability.

Local disruption does not need to scale nationally to be strategically effective.

Structural vulnerability is not public failure

It is tempting to interpret vulnerability as public ignorance or irresponsibility. This is inaccurate and counterproductive.

Structural vulnerability reflects historical inequality, socio-economic stress, governance failure, and information overload. Citizens responding emotionally to these conditions are not failing democracy. Democracy is failing to protect them from manipulation in a high-pressure environment.

Recognising vulnerability is not an insult. It is preparation.

Toward resilience grounded in realism

The solution is not censorship, surveillance, or panic. It is realism.

Resilience begins with acknowledging that South Africa’s exposure is structural. It requires institutions to treat cognitive risk as part of electoral integrity, political actors to compete without weaponising fracture irresponsibly, and public discourse that recognises emotion without surrendering to it.

Without this realism, technical interventions will fail. With it, preparation becomes possible.