In August, the European Union enacted its AI law, a globally significant step in regulating the use of artificial intelligence. South Africa’s Department of Communications and Digital Technologies (DCDT) is reviewing whether these regulations align with the country’s policies. The upcoming regulations will form the foundation for AI use in South Africa and may potentially lead to an independent AI law.
Amid this regulatory momentum, there is growing concern within the financial services sector about the risks posed by AI-driven solutions. This has led to increasing demand for comprehensive risk mitigation strategies, including software escrow.
Guy Krige, Executive Risk Consultant at Escrowsure, emphasized that the growing adoption of AI increases risks and that stricter measures are needed. He stated, “AI models are increasingly essential to enhancing services and operations, but like any third-party software, they introduce risks. This is where software escrow comes into play.”
Software escrow, a best practice that protects the source code of third-party software under predetermined conditions, is being seen as a measure to counter the risks posed by AI.
Recently, concerns about the misuse of AI have reached alarming levels. 77% of businesses have reported AI-related security breaches to authorities. Vulnerabilities in the healthcare sector have emerged, and even attacks on Microsoft have enabled unauthorized access to executives’ emails, all made possible through AI.
Krige addressed this growing threat by stating, “Software escrow for AI is designed to protect both the AI models and the data, which are increasingly integral to companies’ functioning.” He added, “In the event of a vendor’s failure, software escrow ensures access to the source code, allowing the user to continue operating the AI software independently or transition smoothly to an alternative provider.”
As South Africa’s AI regulations evolve, especially in sensitive sectors like financial services, escrow agreements are expected to play a crucial role in regulatory compliance.
Krige concluded, “Guidelines from South Africa’s Financial Sector Conduct Authority emphasize the importance of continuity planning in technology outsourcing.”
