Photo of Ahmed Mokdad

Ahmed Mokdad

Ahmed Mokdad is an associate based in the Johannesburg office, and a member of the firm’s White Collar Defense and Investigations and Anti-Corruption Practice Groups, as well as the Privacy and Cyber Security Practice Group. With a depth of experience representing clients across various sectors, Ahmed regularly assists clients navigate and mitigate a broad spectrum of regulatory and compliance risks.

Ahmed’s investigations practice includes internal and government investigations into anti-corruption, anti-money laundering, fraud, and financial crimes matters more generally. Complementing his investigations practice, Ahmed has a broad-based compliance advisory practice in these areas and in data protection and information security matters. This includes assisting clients in numerous sectors with compliance under South Africa’s Protection of Personal Information Act (POPIA).

Adding to his investigative, regulatory and compliance advisory experience, Ahmed has extensive experience advising on numerous M&A and complex financial transactions. He has also been involved in several high profile international arbitrations, and litigious matters before the South African courts relating to, among other things, commercial and tax disputes, exchange control violations, government procurement irregularities, and defending white collar crimes. This experience gives Ahmed valuable perspectives and insights when advising on compliance advisory matters.

For international clients facing compliance issues cutting into Africa, Ahmed regularly advises on a range of issues that can arise in such context, e.g., labor and employment considerations, legal professional privilege, whistleblower protections, corporate governance reporting obligations, and control processes and protocols for engaging with government and law enforcement agencies. Ahmed is recognized by clients for providing practical advice and solutions on complex legal issues in ambiguous statutory regimes.

Contact:Read more about Ahmed MokdadEmail

Kenya has released its first National Artificial Intelligence Strategy (2025–2030), a landmark document on the continent that sets out a government-led vision for ethical, inclusive, and innovation-driven AI adoption. Framed as a foundational step in the country’s digital transformation agenda, the strategy articulates policy ambitions that will be of interest to global companies developing, deploying, or investing in AI technologies across Africa.

While the strategy is explicitly domestic in focus, its framing—and the architecture of its governance, infrastructure, and data pillars—reflects a broader trend, i.e., the localization of global AI governance norms in high-growth, emerging markets.

What the Strategy Means for Global Technology Governance

The strategy touches on several themes that intersect with enterprise risk, product development, and regulatory foresight for multinationals:

  • Data governance and sovereignty: Kenya signals a strong intent to develop AI within national parameters, grounded in local data ecosystems. The strategy explicitly references data privacy, cybersecurity, and ethics as core enablers of the AI ecosystem. For global companies with cloud-based models or cross-border data transfer frameworks, these developments may signal localization pressures or evolving consent standards.
  • Sector-specific use cases: Healthcare, agriculture, financial services, and public administration are named as strategic AI priorities. Companies operating in the life sciences, health tech, or diagnostics space should watch closely for how regulatory authorities may interpret and apply ethical or risk-based AI guidelines—especially where AI is used in clinical decision-making, diagnostics, or personalized medicine.
  • Public-private AI infrastructure development: The strategy envisages expanded digital infrastructure, data centers, and cloud resources, as well as national research hubs. This may create commercial opportunities—but could also trigger localization requirements or procurement-related restrictions, particularly for telecommunications and hyperscale cloud providers.
  • Future legal frameworks: The current strategy is not itself a binding legal instrument, but it points to future policy development—especially around governance, regulatory oversight, and risk classification of AI systems. Teams advising on AI risk, litigation exposure, and AI-assisted products (including generative tools) will want to track the next wave of draft legislation and implementation guidance.

Continue Reading Kenya’s AI Strategy 2025–2030: Signals for Global Companies Operating in Africa

The Information Regulator recently published its Guidance Note on Direct Marketing (“Guidance Note”), providing clarity on how personal information can be lawfully processed under the Protection of Personal Information Act (“POPIA”). The Guidance Note offers actionable steps for organizations to align their marketing practices with these principles, fostering responsible marketing that complies with both the letter and spirit of the law.

In this blog, we briefly examine POPIA’s rules on direct marketing, and some of the key highlights from the Guidance Note.

How Direct Marketing is Regulated under POPIA

POPIA regulates direct marketing by establishing strict conditions for the lawful processing of personal information. It requires “responsible parties” (more commonly known as ‘controllers’) to ensure that personal data is collected and used transparently, fairly, and only for a specific, legitimate purpose.

For direct marketing:

  • Consent is the default requirement for unsolicited electronic communications (e.g., emails, SMSs, and automated calls). Section 69 of POPIA explicitly prohibits such communications unless the data subject has given prior consent or is an existing customer under specific conditions.
  • Legitimate interests may only serve as a justification for non-electronic direct marketing (e.g., postal mail or in-person promotions) under section 11, provided the responsible party conducts a legitimate interest assessment and complies with all conditions for lawful processing.

These rules emphasize data subjects’ control over their personal information, highlighting the importance of consent and the right to object.Continue Reading Long-Awaited POPIA Guidance on Direct Marketing Published by South Africa’s Information Regulator

In Episode 12 of our Inside Privacy Audiocast, together with special guest Advocate Pansy Tlakula, Chairperson of the Information Regulator of South Africa, we discussed the Information Regulator’s mandate, and the implementation of data protection legislation in South Africa.  Now, with less than a month to go before South Africa’s


Continue Reading Final Countdown to POPIA Compliance – Five Critical Steps to Take Before July 1st, 2021

On June 22, 2020, the South African President announced that certain provisions of POPIA would take effect on July 1, provisions which most regard as essential to the statute, such as those imposing conditions on the lawful processing of personal information, procedures for handling complaints, and general enforcement provisions. Only


Continue Reading Inside Privacy Audiocast: Episode 5 – View From Johannesburg Part I: GDPR vs. POPIA – What Should Businesses Be Considering?

Companies today face increasingly complex regulatory frameworks globally and intense levels of corporate scrutiny from government enforcement agencies around the world. As government agencies embrace sophisticated crime-busting technology and the world shrinks through greater inter-agency cooperation, there are more ways than ever for governments to identify misconduct and hold companies


Continue Reading Five Key Considerations For Handling Internal Corporate Investigations