The regulatory overlay for SA ed-tech
POPIA — Children's Data (s 34, 35)
Processing personal information of children (under 18 under POPIA) is generally prohibited except with consent of a competent person (typically a parent or guardian). Heightened safeguards required.
CAPS + Department of Basic Education
Ed-tech that interfaces with formal schooling must navigate the Curriculum and Assessment Policy Statement, and provincial DoE procurement standards. Public-sector schools have specific procurement constraints.
NQF + SAQA (Higher Education)
Tech offering qualifications, micro-credentials, or formal-learning outcomes interacts with the National Qualifications Framework. SAQA accreditation may be required for credentialing functionality.
BBBEE Procurement
Schools, universities and public-sector buyers are subject to BBBEE procurement preferences. Ed-tech businesses need BBBEE scorecards to compete effectively for public-sector contracts.
Frequently asked
What POPIA rules apply to processing children's data in ed-tech?
Section 34 of POPIA prohibits processing personal information of children except with the consent of a competent person (parent or guardian), where the processing is necessary for the exercise of a right or obligation in law, or where the processing is for legitimate research purposes. Section 35 adds further safeguards. Ed-tech platforms used by under-18s must build consent flows that capture parental/guardian consent and revise their privacy notices to address children's data specifically.
Can my ed-tech platform offer qualifications?
Offering a "qualification" in the formal sense (e.g. a Diploma, Certificate, Degree, or NQF-aligned credential) requires accreditation with the relevant Quality Council (CHE for higher education, Umalusi for general/further education, QCTO for occupational qualifications). Offering informal certificates of completion, badges, or skills-recognition is generally not regulated, but should not be marketed in language that implies formal accreditation.
How do I sell ed-tech into SA public schools?
Public school procurement is constrained by provincial Department of Basic Education frameworks. The most accessible path is via the Department of Communications and Digital Technologies' SchoolTech procurement vehicles, or through provincial e-Education programmes. BBBEE scorecards, SAHRA-equivalent compliance attestations, and SARS tax-clearance are typical procurement prerequisites.
What contract stack does a SA ed-tech startup need?
Beyond standard SaaS contracting: a children's-data-specific privacy notice and consent framework; schools/parent terms that allocate operator vs responsible party correctly; BBBEE scorecard preparation if targeting public sector; SAQA / Quality Council attestations if credentialing; specific terms for tutor / student / institution / parent roles. Stack from R30,000; ongoing retainer R7,500–R15,000/month.
Are international ed-tech rules (FERPA, COPPA) relevant?
FERPA (US) and COPPA (US) apply to US-resident students and operators. For SA students, POPIA is the governing framework. If your platform serves both SA and US students, dual compliance is needed. The POPIA s 34 children's framework is comparable to COPPA in concept; the operator-agreement framework is comparable to FERPA in concept.