By Natasha Bhandari | Director, SkillzPage Published: March 2026 | Last updated: March 2026
Last updated: 23 March 2026
South African employers have always operated under a demanding legislative framework. The Labour Relations Act, the Basic Conditions of Employment Act, and the Employment Equity Act each impose specific obligations on how businesses recruit, hire, and manage people. For most of the past decade, enforcement was inconsistent enough that many companies treated compliance as a formality, something to address if and when an issue arose.
That is no longer a defensible approach. The Department of Employment and Labour has entered an active enforcement phase in 2026, with a significantly expanded inspector training programme and a renewed focus on hiring-stage compliance. The Employment Equity Amendment Act, which took effect on 1 January 2025 with new sectoral targets gazetted in April 2025, has materially raised the stakes for non-compliance. Fines for Employment Equity Act violations now start at R1.5 million or 2% of annual turnover for a first offence, escalating to R2.7 million or 10% of turnover for repeat violations.
Perhaps more consequentially: companies without a valid Employment Equity compliance certificate are now barred from holding government contracts. For any business in the IT, Engineering, or Finance sectors that counts the public sector among its clients, non-compliance carries a direct commercial cost — not merely a reputational one.
In our experience placing professionals across these sectors for nearly two decades, we have seen a consistent pattern: most compliance failures do not happen in boardrooms. They happen in hiring processes — in a poorly worded job advertisement, an interview question that should never have been asked, or a candidate's personal information handled without the protections the law requires. These are the areas where employer exposure is greatest and where the risks are most easily managed with the right approach.
The Employment Equity Amendment Act introduced the most significant changes to employment equity law in South Africa in years. Understanding what changed is not optional for employers actively recruiting — the obligations apply at the point of hire, not just in annual EE reports.
The most substantive change is the introduction of sector-specific numerical targets, gazetted by the Minister of Employment and Labour in April 2025. Where previously employers set their own EE targets based on a national economically active population benchmark, designated employers must now demonstrate progress against sector-specific targets. This directly affects recruitment decisions in the IT, Engineering, and Finance sectors, where SkillzPage operates.
The Act also tightens the enforcement mechanism. The certificate of compliance, required to hold government contracts — is now directly tied to verified progress against these sectoral targets, not merely to the submission of an EE report. An employer who submits their report on time but cannot demonstrate measurable progress will not receive certification.
For employers, the practical implication is this: recruitment decisions need to be made with equity planning in mind from the outset, not retrospectively adjusted when reporting season arrives. A specialist recruitment partner who understands your current EE profile and your sector's targets can help structure your hiring pipeline to address both talent quality and compliance requirements simultaneously — something a general-purpose job board or a non-specialist agency is not equipped to do.
Across nearly twenty years of facilitating recruitment for South African employers, the compliance failures we encounter most consistently fall into three categories. They do not involve complex legal judgements or ambiguous edge cases. They are structural, built into processes that nobody has reviewed recently, executed by hiring managers who were never trained on what the law actually prohibits.
The three areas are: job advertising, interview conduct, and candidate data handling. Each carries its own legislative framework, its own enforcement risk, and its own practical remedies. The sections that follow address each in turn.
What they share is that the risk is almost always preventable. Most of the legal exposure we see in hiring processes comes not from deliberate discrimination but from institutional habits, job description templates that nobody has updated in five years, interview question lists inherited from a previous HR manager, data storage practices imported from before POPIA came into force. A structured review of these three areas, conducted before the next hire, will eliminate the majority of the risk.
The Employment Equity Act prohibits unfair discrimination in any employment policy or practice and that prohibition applies to job advertisements. Section 6 of the Act explicitly covers the recruitment stage. An advertisement that specifies, implies, or signals a preference based on race, gender, sex, pregnancy, marital status, family responsibility, ethnic or social origin, colour, sexual orientation, age, disability, religion, HIV status, conscience, belief, political opinion, culture, language, or birth is unlawful.
In practice, the violations we see most frequently in job specifications are subtler than explicit exclusions. Requirements like "must be a South African citizen" where citizenship is not a genuine operational requirement, age ranges framed as experience proxies ("5-10 years' experience" that effectively excludes candidates under 30), and language requirements that go beyond what the role actually demands all carry equity risk. Physical requirements that are not genuinely necessary for the role and that are not supported by a functional assessment — can constitute disability discrimination.
One pattern we encounter regularly in the IT and Engineering sectors deserves specific mention. Job advertisements that specify a very narrow list of tertiary institutions, or that require qualifications from particular countries or academic traditions, can inadvertently discriminate on the basis of ethnic or social origin. South Africa has produced world-class engineering and technology talent through a range of educational pathways. A job specification that effectively excludes candidates from historically disadvantaged institutions is not only legally questionable — it also significantly narrows the talent pool.
Writing a compliant job advertisement requires more than removing overtly offensive language. It requires a clear analysis of what the role genuinely requires, careful framing of each requirement in terms of competencies and outcomes rather than proxies, and a review against the legislative framework before the advertisement is published. When SkillzPage works with an employer's job specification, this review happens as a matter of course — before a single candidate sees the role.
The Employment Equity Act's prohibition on unfair discrimination extends through the entire hiring process, including the interview. Questions that solicit information about a protected characteristic — even when asked conversationally, without discriminatory intent — expose the employer to legal risk. The relevant protected grounds under Section 6 of the Act are the same ones that govern job advertising.
The prohibited questions we encounter most frequently in client interview processes include:
The reason these questions persist is rarely malice. It is almost always habit. Hiring managers who have been running interviews for years often carry a set of questions they have always asked, without knowing that the legal landscape shifted around them. In our experience supporting structured interview processes for clients across the IT, Engineering, and Finance sectors, the most effective intervention is a simple one: replacing the informal question list with a structured competency framework that keeps every question anchored to the role's genuine requirements.
When SkillzPage manages the interview process or provides structured interview frameworks to clients, this alignment is built in. The hiring manager's focus stays on what the candidate can do, not on personal characteristics that have no bearing on their ability to perform.
Of the three compliance areas covered in this article, the one where we see the greatest gap between legal obligation and actual practice is candidate data. The Protection of Personal Information Act (POPIA), which came into full effect in July 2021, applies comprehensively to the recruitment process. Most employers are aware of POPIA in the context of customer data. Far fewer have assessed their exposure in the context of candidate data — which is equally regulated and, in some respects, more sensitive.
Consider what a typical recruitment process involves: a candidate's CV, which contains their home address, employment history, educational qualifications, and personal references; salary slips and banking details if requested; identity documents; contact numbers; and potentially assessment results and medical certifications. Every piece of this is personal information under POPIA. The Act requires that it be collected lawfully, stored securely, processed only for the purpose for which it was collected, and retained only for as long as that purpose requires.
The consequences of non-compliance are significant. POPIA fines can reach R10 million, and the Act carries the possibility of imprisonment for up to ten years in cases of deliberate or reckless breach. The Information Regulator, established under the Act, has signalled an increasingly active enforcement posture.
The specific POPIA obligations most relevant to recruitment are:
Consent and purpose: Candidates must be informed of the purpose for which their personal information is being collected. Using a CV received for one role to shortlist the candidate for a different role, without their knowledge, is a breach. Storing CVs in a talent pool without explicit consent is a breach.
Retention and deletion: Personal information must not be retained beyond the period for which it is needed for its stated purpose. CVs and supporting documents for unsuccessful candidates must be securely deleted within a reasonable period unless the candidate has explicitly consented to retention.
Third-party sharing: Sharing candidate information with a client, another recruiter, or any third party without the candidate's knowledge and consent is a breach. This applies to salary history, references, and medical information in particular.
Data security: Personal information must be stored with appropriate technical and organisational safeguards. Spreadsheets of candidate information stored on personal drives, CVs forwarded via unsecured personal email accounts, and shared drives accessible to staff who have no recruitment function are all examples of inadequate data security.
When SkillzPage manages the recruitment process on behalf of an employer, candidate data is handled under our own POPIA-compliant framework. We hold the data. We manage consent. We handle retention and deletion. The employer's own POPIA exposure for that data is substantially reduced — not because we absorb it, but because we ensure the process is structured correctly from the outset.
The legal risk in a hiring process does not end when a decision is made. How an employer communicates a rejection can itself constitute unfair discrimination if the communication discloses or implies that the decision was based on a protected ground.
"You didn't fit our company culture" is the phrase that causes more legal trouble than almost any other in recruitment. It is genuinely meaningless as a reason for rejection, culture fit is not a legally defined concept, and when challenged, it almost always collapses into a set of unstated preferences that can appear discriminatory. "We hired someone younger," "we went with someone more in line with our team dynamic," and "you were overqualified" are variations of the same problem: they imply that the decision was based on something other than the candidate's ability to perform the role.
A lawful rejection communicates, briefly and professionally, that the candidate was unsuccessful and that another candidate was selected. It does not speculate about the reasons for the decision, it does not reference personal characteristics, and it does not make comparative assessments. If an employer chooses to offer feedback which is admirable and relatively rare, that feedback should be confined to specific, role-relevant observations about skills or experience.
SkillzPage manages rejection communication on behalf of our clients as a standard part of the recruitment process. Candidates receive professional, legally sound communications, and the employer's name is protected from the legal and reputational exposure that poor rejection handling creates. In the specialist markets where we work — IT, Engineering, and Finance — candidate networks are tight and employer reputations travel quickly. How a company treats unsuccessful candidates is as visible as how it treats the ones it hires.
There is a version of recruitment agency work that amounts to forwarding CVs. A client sends a job specification, the agency searches its database, CVs arrive in the client's inbox. The compliance risk in that model rests entirely with the employer — the agency has added no value to the hiring process beyond matching keywords.
That is not the model SkillzPage operates. After nearly twenty years of placing IT, Engineering, and Finance professionals across South Africa, we function as a recruitment partner — which means we engage with the hiring process, not just the output.
In practice, that means the following. When a client brings us a job specification, we review it against the Employment Equity Act before we advertise. We apply the requirements literally: does each criterion reflect a genuine operational need? Is the language framed in terms of competencies and outcomes? Are any criteria creating inadvertent barriers that the client has not considered? The job specification that goes to market is compliant.
When we manage the interview process or prepare structured interview frameworks for client hiring panels, the question set is anchored to role requirements. Prohibited questions are not asked because we do not include them in the framework, and we brief hiring managers accordingly.
When we handle candidate data, we do so under our own POPIA-compliant data management framework. Candidates know how their data is being used. The employer receives what they need to make a hiring decision — not a data liability.
And when the decision is made, we handle rejection communication professionally. Candidates receive timely, respectful, legally sound communications. The employer's brand in the talent market is protected.
This is what the distinction between a compliance partner and a CV-forwarding service means in concrete terms. The employer who works with SkillzPage is not simply accessing a talent pipeline. They are accessing a hiring process that has been reviewed, structured, and managed against the legal framework they are required to operate within.
For roles in IT, software development, cybersecurity, engineering, finance, and fintech — the sectors where we have operated for nearly two decades — we combine this compliance framework with deep market knowledge. We know the talent pools, we know the salary expectations, and we know the hiring patterns in these sectors in a way that a generalist agency does not.
What are the penalties for non-compliance with the Employment Equity Act in South Africa?
Under the Employment Equity Amendment Act, which took effect on 1 January 2025, fines for first-time non-compliance start at R1.5 million or 2% of annual turnover, whichever is greater. Repeat violations carry penalties of up to R2.7 million or 10% of annual turnover. Beyond financial penalties, companies without a valid Employment Equity compliance certificate are barred from holding government contracts — a consequential commercial restriction for businesses operating in sectors that service the public sector.
Which interview questions are prohibited under South African employment law?
The Employment Equity Act prohibits questions that solicit information about any protected characteristic, including marital status, family responsibility, pregnancy, religion, age, medical conditions, disability, HIV status, race, and sexual orientation. The prohibition is not limited to explicitly discriminatory questions, questions that indirectly reveal information about these characteristics are equally problematic. Structured interview frameworks anchored to role competencies are the most effective practical safeguard.
Does POPIA apply to recruitment and candidate data?
Yes, comprehensively. The Protection of Personal Information Act applies to any personal information collected, stored, or processed in the recruitment process — including CVs, salary slips, identity documents, assessment results, and reference contacts. Employers are required to collect candidate data lawfully, inform candidates of its intended use, retain it only for as long as its purpose requires, and store it with appropriate security measures. POPIA fines can reach R10 million, and the Act carries criminal sanctions of up to ten years' imprisonment in cases of deliberate breach.
Can an employer use a candidate's CV to consider them for future roles without their consent?
No. Under POPIA, personal information must be collected and processed for a specific, defined purpose that the data subject has been informed of. Using a CV received for one advertised role to consider the candidate for a different role — or retaining it in a talent pool — requires explicit consent. Employers and agencies who maintain unsolicited talent pools without a clear consent mechanism are in breach of the Act.
What does the Employment Equity Amendment Act mean for employers in the IT, Engineering, and Finance sectors specifically?
The April 2025 gazetting of sector-specific numerical targets means that employers in designated sectors must now demonstrate progress against targets calibrated for their industry — not simply against a national benchmark. For employers in IT, Engineering, and Finance, this requires that recruitment decisions be made with sector-specific equity planning in mind. A specialist recruitment partner with insight into the current talent landscape and EE profile of your sector can help structure a hiring pipeline that meets both talent quality and compliance requirements.
What is the role of the CCMA in recruitment-related disputes?
The CCMA (Commission for Conciliation, Mediation and Arbitration) has jurisdiction over unfair labour practice disputes, which can include certain pre-employment matters. Disputes involving alleged discrimination in the hiring process are typically referred to the Equality Court under the Promotion of Equality and Prevention of Unfair Discrimination Act, rather than the CCMA directly. However, the CCMA plays a significant role in post-employment disputes that have their origins in the hiring process — particularly where the grounds for dismissal relate to characteristics that should not have influenced the original hiring decision. Our article on the role of the CCMA in South Africa provides a fuller overview of its jurisdiction and procedures.
How does SkillzPage manage POPIA compliance in the recruitment process?
SkillzPage manages candidate data under a POPIA-compliant data management framework. Candidates are informed of the purpose for which their personal information is being collected. Data is stored securely, shared only with the employer for whom the relevant search is being conducted, and retained or deleted in accordance with defined retention periods. When SkillzPage manages the full recruitment process on behalf of an employer, the employer's direct data handling exposure is substantially reduced.
If your business is hiring in IT, Engineering, Finance, or Executive roles, the compliance framework governing that process is more demanding than it was five years ago — and enforcement in 2026 is more active than it has been at any point in the past decade. Getting the process right before the first advertisement goes out is considerably less costly than addressing a complaint, an inspection, or a Equality Court referral after the fact.
SkillzPage has been placing specialist professionals across South Africa for nearly twenty years. We combine deep market knowledge with a structured, legally reviewed recruitment process. If you would like to discuss a current hiring requirement, a review of your existing job specifications, or a structured interview framework for your hiring team, we would welcome the conversation.
Contact SkillzPage:
You may also find these related articles useful as you review your hiring processes:
Related Resources
Internal:
External:
Disclaimer: This article is intended for general information purposes only and does not constitute legal advice. Employment equity and data protection obligations vary by employer size, sector, and circumstances. Employers should seek qualified legal counsel when assessing their specific compliance obligations.
