What South Africa’s ICT Procurement Practices Mean for National Sovereignty
Given SHINGANGE
There is a particular kind of vulnerability that does not announce itself. It does not arrive with a cyberattack or a diplomatic incident. It accumulates quietly, one procurement decision at a time, buried in departmental budgets and IT specifications that no one outside a technical committee ever reads. South Africa has been building this kind of vulnerability for decades. We have constructed a digital government on a foundation of disconnected systems, unexamined dependencies, and procurement practices that serve institutional convenience more than national interest. The time for a frank accounting has come.
A Government of Silos
Walk through any government department and you will find a familiar story: a system procured five years ago that cannot talk to the system procured three years later, which in turn cannot share data with the platform introduced last year. Each department has its own ICT architecture, its own vendor relationships, and its own logic for why its approach makes sense. What no one has done systematically is ask what all of this looks like from above, what the aggregate picture of our digital government actually is.
The Public Finance Management Act (PFMA) and its accompanying Treasury Regulations do provide a framework for government procurement, including ICT procurement. The intent is sound. But the framework was not designed with systems integration as a primary objective. The result is that departments procure in compliance with the law while simultaneously creating a national ICT landscape that is, in aggregate, fragmented, redundant, and strategically blind. Compliance and coherence are not the same thing, and we have optimised relentlessly for the former at the expense of the latter.
It would be naïve to treat this entirely as a coordination failure. Fragmented procurement concentrates revenue in specific channels. Consolidated, interoperable government systems would disrupt established commercial relationships. This is not an accusation, it is an observation about incentive structures that any serious reform effort must confront honestly. The question of who benefits from the current architecture is as important as the question of who bears its costs.
The Geopolitics Hidden in Your Server Room
Here is something that rarely appears in procurement policy discussions but should sit at the centre of them: the interoperability of technology systems is not a purely technical matter. It is a geopolitical one. The major technology ecosystems of our time are not neutral. They are built by states and corporations with specific interests, and the systems they produce are designed to work seamlessly with each other, and less seamlessly, sometimes not at all, with systems from competing ecosystems.
What this means in practice is that early procurement choices are not just purchases — they are ecosystem commitments. Once a department’s foundational infrastructure is built on a particular technology stack, subsequent procurement is constrained. You cannot simply choose the better or cheaper product from a different ecosystem if that product will not integrate with what you already have. The architecture of your existing systems becomes, in effect, a procurement policy, one that nobody voted for and that most officials are not even aware of.
South Africa’s digital government infrastructure is, broadly speaking, Western-origin in its foundational layers. This is a historical reality, not a conspiracy. But it carries a consequence: our effective range of procurement choices is narrower than our stated policy of non-alignment would suggest. When we speak of an independent foreign policy and strategic autonomy in international affairs, we should be asking whether our technology infrastructure gives us the flexibility to actually exercise that autonomy, or whether our server rooms have already made certain choices on our behalf.
Mapping What We Do Not Know
Before South Africa can make strategic decisions about its ICT dependencies, it must first know what those dependencies are. This sounds obvious. It is not being done. There is no comprehensive, current map of the technologies deployed across government departments, their countries of origin, their underlying architectures, their interdependencies, and the risks they introduce. Without this map, every procurement decision is made partially blind.
The Protection of Personal Information Act (POPIA) has, to its credit, forced some degree of discipline around data governance and the systems that process personal information. But POPIA is a data protection instrument, not a national technology sovereignty instrument. It asks “how is data handled?” It does not ask “where does the underlying technology come from, who controls it, and what happens to our ability to operate if that relationship changes?” Those are different questions, and they require a different framework to answer.
A national technology dependency audit, covering all organs of state, cataloguing the origin and architecture of critical systems, and identifying single points of failure or external control, is not a radical proposal. It is basic due diligence for a state that takes its sovereignty seriously. It should be a standing function of government, not a once-off exercise. The National Cybersecurity Policy Framework provides a basis for this kind of work; what has been missing is the institutional will and the designated mandate to actually do it.
The Autonomy Trap
A tempting response to all of this is to pursue technological self-sufficiency, to build our own systems, develop our own platforms, and reduce dependence on foreign technology. The instinct is understandable. The outcome, however, is likely to be the opposite of what is intended. Attempting to develop and maintain critical technology infrastructure in isolation, without the scale, investment, and talent pipelines that the major technology powers have built over decades, does not produce sovereignty. It produces fragility.
The strategic goal is not independence from technology ecosystems. It is deliberate, mapped, and diversified interdependence. This means knowing which systems are critical to state function and ensuring that no single external actor has the ability to switch them off or compromise them unilaterally. It means building procurement policies that consciously distribute risk across ecosystems, rather than consolidating it. It means investing in the human capital to understand, manage, and where necessary adapt the systems we depend on. And it means engaging in the international governance of technology, at the African Union, at the United Nations, in bilateral agreements, with the same sophistication we bring to trade or security negotiations.
What We Should Be Obsessed With
South Africa occupies an unusual position in the world. We are active in the geopolitical space, we carry significant weight on the African continent, and we have a stated commitment to a foreign policy that is independent of great power blocs. That position has value. But its value diminishes every year that our technology infrastructure becomes more entrenched in dependencies we have not examined and cannot easily exit.
Policy makers and legislators should be asking three questions with far more urgency than they currently do. First, do we know what we depend on? Not in a general sense, specifically, systemically, and with a clear picture of the risks each dependency carries. Second, does our procurement framework actively shape our technology exposure, or does it merely regulate the process by which we accumulate it? And third, do we have the institutional capacity to manage our technology dependencies as a strategic asset, rather than as an administrative function?
The invisible architecture of our digital government is not invisible because it is hidden. It is invisible because we have not chosen to look. That choice, to look, to map, to govern deliberately, is available to us. It requires political will more than it requires resources. And the cost of continuing not to make it grows with every procurement cycle that passes without a strategic framework to guide it.
Given Shingange writes on South African governance, national security, and digital policy. This post reflects his personal analysis and does not represent the views of any institution.
Given SHINGANGE 