For South Africa’s small and mid-sized businesses (SMMEs), the gap between past compliance and present law is becoming a dangerous fault line. Labour law, in particular, can be a minefield.
In 2019, the Commission for Conciliation, Mediation and Arbitration (CCMA) reported that 80% of its cases originated from small businesses, and the risk is even greater now: the Code of Practice on Dismissal, effective from September 2025, replaces earlier guidelines, and employment contracts that do not reflect these changes are at risk of being unenforceable.
Karabo Kopeka, MD of Clientèle Legal, says that they have worked on 2,533 unfair dismissal claims in 2025, as at end-September.
Among the notable updates, the Code recognises the realities faced by SMMEs, allowing them to adopt simpler, less formal processes when managing dismissals. However, it expands the purpose of probation beyond performance to also include broader suitability for employment. It clarifies that prior warnings may not always be required when poor performance involves senior managers or specialised employees whose judgment should equip them to meet expectations.
The Code also widens the definition of incapacity to cover incompatibility or situations such as imprisonment, and it introduces refreshed guidance on unprotected strikes and legitimate grounds for retrenchment.
While not specifically addressed in the Code, employment contracts drafted before the rise of remote work are another potential stumbling block. They often do not cover data use outside the office, performance management at home, or working hours. “A dismissal of a remote worker for underperformance must comply with current labour laws, and must be supported by remote work policies and an employment contract that sets out remote work expectations. If the policies or contracts are unclear, a case of unfair dismissal could be brought against the employer at the CCMA,” warns Kopeka.
It is equally irresponsible to be non-compliant with the Employment Equity Amendment Act of 2022, which imposes strict demographic targets for employers with 50 or more staff, with fines of up to R2,7-million, or 10% of its turnover, for non-adherence.
The POPI Act is Act 4 of 2013 compels companies to demonstrate strict compliance in how they collect, process, and store personal information, yet many SMMEs are still relying on contracts or policies that predate this law. A privacy clause drafted just a few years ago may not even scratch the surface of today’s requirements, creating a direct path to penalties of up to R10 million or even imprisonment.
Kopeka warns that risk is not limited to a single type of document. From supplier agreements and service contracts to HR policies, any clause that fails to reflect current legislation leaves businesses exposed to significant legal risks. And given that regulations evolve across multiple fronts, the exposure is often broader than business owners realise.
The solution, says Kopeka, lies in reframing compliance from a tick-box exercise to a strategic shield: “Regular reviews protect your business from avoidable shocks, and these reviews don’t need to be overwhelming or unaffordable.”
Practical steps include auditing all contracts annually, conducting internal risk assessments, and ensuring that HR and operations teams stay abreast of legislative changes through ongoing education.