.jpg)
On 22 May 2026, the Information Regulator of South Africa issued a significant enforcement notice against Sibanye-Stillwater Limited ("Sibanye"), a mining company listed on the Johannesburg Stock Exchange. The notice was issued in terms of section 77J(1)(a) of the Promotion of Access to Information Act, 2000 ("PAIA") and directed Sibanye's Deputy Information Officer ("DIO") to grant the complainant access to all annual compliance reports submitted in terms of section 25(2)(h) of the Mineral and Petroleum Resources Development Act, 2002 ("MPRDA") for the 2019 to 2023 Social and Labour Plans ("SLPs") for the Eastern and Western Platinum Mines.
This ruling is of considerable importance for all private bodies in South Africa, as it reinforces the Regulator's willingness to exercise its enforcement powers robustly and underscores the serious consequences of non-compliance, including imprisonment.
The facts of the case
The complainant was the Centre for Applied Legal Studies ("CALS"), a research centre and law clinic affiliated with the University of the Witwatersrand, Johannesburg. On 10 August 2023, CALS submitted a request to Sibanye for access to two categories of records: firstly, all annual compliance reports under section 25(2)(h) of the MPRDA for the 2019 to 2023 SLPs for the Eastern and Western Platinum Mines; and secondly, any amendments in terms of section 102 of the MPRDA in respect of those SLPs.
On 22 August 2023, Sibanye's DIO refused access to the requested records, relying on sections 68(1)(b) and 68(1)(c)(i) of PAIA, both of which relate to the commercial information of a private body. The complainant thereupon lodged a complaint with the PAIA Division of the Regulator on 15 September 2023.
The PAIA Division conducted a pre-investigation and subsequently a full investigation, during which Sibanye was requested to respond to the complaint and to produce substantiated reasons for its refusal. Through a conciliation meeting held on 28 February 2024, the parties partially settled the complaint, with Sibanye accepting, by way of affidavit under section 55 of PAIA, that the approved amendments under section 102 of the MPRDA for the relevant mining operations did not exist.
However, the dispute regarding the annual compliance reports remained unresolved. The PAIA Division issued an investigation report in terms of section 77C(1)(a), finding in favour of the complainant and recommending that the DIO's decision be set aside. Sibanye rejected these findings and made further submissions to the Enforcement Committee.
The Regulator's analysis and findings
Legislative framework
The Regulator emphasised that PAIA extends to information in private hands, stating that the Act assumes that any information held by a private body with a "demonstrable and sufficient connection to the exercise or protection of any rights, legitimately belongs in the public domain". This is consistent with section 9(e) of PAIA, which is intended to promote transparency, accountability and effective governance of all public and private bodies.
The Regulator relied on the three fundamental principles identified in Smuts N.O. and Others v Members of the Executive Council: Eastern Cape Department of Economic Development, Environmental Affairs and Tourism and Others:
1. Access to information is the norm and exemptions are the exception;
2. Withholding information is permitted only in instances described in PAIA and those exemptions must be narrowly construed; and
3. The burden of justifying a limitation of a right falls on the party wishing to do so, not on the right-holder.
Whether the records were required for the exercise or protection of rights
The Regulator examined whether the records were "required" within the meaning of section 50 of PAIA, which provides that a requester must be given access to any record of a private body if that record is required for the exercise or protection of any rights. Relying on the Supreme Court of Appeal's interpretation in Cape Metropolitan Council v Metro Inspection Services (Western Cape) CC and Others [2001] ZASCA 56, the Regulator adopted the test that a requester must:
- State what right they wish to exercise or protect;
- Specify the information required, and
- Explain how that information would assist them.
The Regulator was satisfied that the records were required for the purpose of determining how compliance, or failure to comply, with the SLPs is impacting the affected community and beneficiaries, and for determining whether the Department of Mineral Resources and Energy ("DMRE") is properly regulating compliance with the licence conditions. This was aligned to CALS' core research function and thus met the threshold for the exercise of a right.
The grounds for refusal under section 68
The central question was whether Sibanye's reliance on sections 68(1)(b) and 68(1)(c)(i) of PAIA was justified. Section 68(1)(b) permits a private body to refuse access where a record contains financial, commercial, scientific or technical information, the disclosure of which "would be likely to cause harm" to the commercial or financial interests of the body. Section 68(1)(c)(i) permits refusal where disclosure "could reasonably be expected" to put the private body at a disadvantage in contractual or other negotiations.
The Regulator accepted that the compliance reports might contain commercial information, satisfying the first leg of section 68(1)(b) test. However, it was found that Sibanye had failed to discharge the burden of establishing the second leg, namely that disclosure would be likely to cause harm to its commercial or financial interests. The Regulator found that Sibanye's submissions amounted to speculation that CALS or third parties might misconstrue the content of the compliance reports, thereby damaging Sibanye's reputation and share price. The Regulator held that suspicion of what the complainant might do with the records does not constitute an independent ground of refusal under PAIA, and that the private body's contentions were "mere speculation". This is an interesting finding and we think it is worth challenging. PAIA uses the words, “likely to cause harm” and “could reasonably be expected”, one could therefore argue that PAIA merely requires a form of speculation and not factual determination that it will in fact happen.
Similarly, regarding section 68(1)(c)(i), the Regulator found that Sibanye's claim that disclosure would create a perception of non-compliance, placing Sibanye at a disadvantage with suppliers and the DMRE, amounted to "mere conjecture and speculation". The Regulator further observed that public disclosure of the records is more likely to promote transparency and accountability, which could in fact offset any potential disadvantage to Sibanye.
Impact on private bodies
This enforcement notice carries several significant implications for private bodies in South Africa.
The Regulator expressly endorsed the principle that "simply quoting the provisions of the exemption, is not adequate". Private bodies that wish to refuse access to records must be prepared to adduce specific, factual evidence demonstrating why the exemption applies, and to do so on a balance of probabilities. Bare assertions of commercial harm, speculation about the requester's intentions, or generalised claims about reputational damage will not suffice. In our view, the Regulator’s requirement to provide factual evidence is a higher standard than required in PAIA, which, as we stated above, uses “lighter” terms, such as “likely to” and “reasonably be expected”.
The ruling sends a strong signal about the Regulator's evolving enforcement posture. This aligns with the Information Regulator's 2025/26 Annual Performance Plan, which signals a firmer enforcement stance and a drive to modernise PAIA, with immediate implications for governance and access-to-information workflows. Organisations should expect more proactive audits and higher expectations on PAIA compliance.
For mining companies and other holders of mining rights, the ruling has particular significance. The Regulator has accepted that SLP compliance reports, although containing commercial information, are records in which affected communities have a legitimate interest, and that the public interest in transparency and accountability in the mining sector is considerable. This may open the door to further requests for access to similar records across the mining industry.
The warning of imprisonment or fine for non-compliance
The enforcement notice gives an unequivocal warning regarding the consequences of non-compliance. The notice states that the head of a private body who fails to comply with the enforcement notice is guilty of an offence and liable upon conviction to a fine or imprisonment or both.
The prospect of criminal prosecution, including imprisonment, adds a personal dimension to compliance risk. It means that the individual head of a private body, not merely the organization, faces potential criminal liability for failing to comply with an enforcement notice. This should serve as a powerful incentive for senior executives and information officers of private bodies to ensure that they take enforcement notices seriously, respond within the prescribed compliance period, and implement the Regulator's directions promptly.
Sibanye has been given a compliance period of 31 days from the date of receipt of the notice to comply, and the head of the private body retains the right to apply to a court for appropriate relief under section 82 of PAIA within 180 days of receipt.
Conclusion
Private bodies across all sectors should take note of the Regulator's increasingly assertive posture and should review their PAIA compliance frameworks, including the adequacy of their grounds for refusal and the processes for responding to access requests and enforcement notices. The threat of personal criminal liability, including imprisonment for up to three years, adds a genuine urgency to ensuring compliance
--
Read the original publication at ENS
