A structural diagnosis of South Africa's State Information Technology Agency: why a mandate designed for procurement produces rent without performance, and what a reformed mandate would actually need to look like.
SITA does not fail because it is incompetent. It fails because its mandate produces the outcomes the mandate claims to prevent.
A monopoly integrator with no payment enforcement, no delivery liability, and no exit for customers will always extract rent without performance. Every other symptom in the state IT record is a consequence of those three missing constraints.
An operator without ownership. SITA hosts, administers and holds privileged access, but does not own the IP, the budget, or the procurement decision.
Core state systems are still classified as “procured IT services” even after they become sovereign infrastructure.
Centralisation gives SITA visibility, access and control. It does not give shutdown authority, escrow mandates, or sunset enforcement.
In a crisis, SITA retreats to process compliance, “awaiting instructions” and “procurement irregularity.”
Acting decisively carries personal audit exposure. Delaying diffuses responsibility. The system rewards inaction dressed as compliance.
“We'll just build another one.” But embedded systems take years to replicate, data gravity is enormous, and users resist.
No enforced rule says: if a system is mission-critical for X years, the state must own it or escrow it.
Departments decide. Ministers hesitate. Treasury negotiates. But SITA touches the servers and flips the switches.
SITA is a monopoly integrator with no payment enforcement, no delivery liability, and no exit for customers. Under those conditions the institution extracts rent without performance: income protected by authority rather than earned through delivery. Four mechanisms hold that equilibrium in place.
SITA is simultaneously regulator (standards, compliance), broker (procurement middleman), operator (hosting, networks), and builder (custom systems). These roles should never coexist inside the same entity. Their coexistence guarantees conflicts of interest and guarantees that no single role can be held to account without the other three being invoked in its defence.
In ordinary markets, if the buyer stops paying, the service degrades or stops. Inside SITA's arrangements, the buyer can stop paying and the service continues, while the vendor who cuts service is punished. Payment discipline is broken by design. That asymmetry alone explains most of the downstream dysfunction.
Compliance replaces competence. RFPs specify process, not outcomes. Delivery risk is transferred to vendors while control remains with SITA. The predictable result is that the worst vendors survive longest, because survival is rewarded by compliance documentation rather than by outcomes.
Top-tier engineers avoid SITA for three rational reasons: no delivery authority, no technical prestige, and high political risk. Over time, the organisation becomes administrative-heavy and engineering-light, which makes it structurally dependent on the outside vendors it is simultaneously punishing.
When access control is guaranteed and exit is forbidden, performance becomes optional.
The systems insightRead against the structural mechanisms above, SITA's own “About” page reads less like a mandate and more like a document written by an organisation that does not know what it is for.
Every verb in all three of those statements belongs to a procurement agent. Consolidate. Coordinate. Manage the procurement and delivery process. Achieve cost savings through scale. Improve service delivery through the provision of information technology. None of them describe the stewardship of infrastructure the state cannot turn off. The word ownership does not appear in any of them. Neither does continuity, escrow, sovereignty, lifecycle, sunset, or resolution. The copy is written as if the job ends at the tender award: once the contract is signed and the servers are humming, SITA's work is done and the rest is someone else's problem. And notably, this framing is not only on the website. It is in the Act of Parliament that created the organisation. The procurement-agent vocabulary was baked in at the founding. It has never been revised.
That is not a tone problem or a writing problem. It is a self-understanding problem. An organisation that describes itself only in the language of acquisition will, when dependency crises arrive, reach for the only instruments it believes it possesses: more procurement, more coordination, more delivery management. None of those instruments resolve HANIS. None of them resolve eNaTIS. None of them resolve the recurring court cases against the state's own operators. The vocabulary itself forecloses the possibility of a different kind of action, because there is no word for it in the brochure.
The values published alongside the mandate make the diagnosis sharper, not softer. Each one of them, set against the operational record, reveals a specific way the organisation has quietly stopped being able to recognise itself.
The first problem is that the customer, in SITA's model, is the department. Not the pensioner whose grant did not arrive because CPS and SASSA were still arguing about who had lawful authority to run the payment system. Not the new parent whose child's birth registration is trapped inside a HANIS replacement that has been “nearly ready” for the better part of fifteen years. Not the accused in a criminal matter whose trial is postponed because the digital recording system went down and no one can agree whose contract was supposed to be maintaining it.
Customer-centricity, in a procurement frame, means making the departmental client happy in the moment of transaction. Citizen-centricity, which is the thing the Constitution actually asks for, means being accountable for the continuity of the service the citizen never sees and only notices when it breaks. SITA's copy cannot tell the difference between those two things, and that confusion is not decorative. It is the reason a payment can lapse, a court recording can stall, a forensic system can sit under interdict, and no one inside the organisation feels that the person at the end of the chain is, strictly speaking, their customer at all.
The judicial record sits at the exact opposite end of the word “innovation” from where SITA's About page places it. What the courts describe is an organisation whose instinctive answer, when a dependency becomes uncomfortable, is to modify copyrighted source code it has no licence to touch, switch the system back on in defiance of a vendor cut-off, and then pursue a shadow replacement while denying that the original agreement existed at all. That is not innovation. It is improvisation under legal duress, dressed up as a roadmap.
Real innovation in state IT, in the current moment, would look like things SITA has never publicly proposed. A classification doctrine that distinguishes commodity IT from sovereign infrastructure. A standing escrow regime for any system that crosses the critical threshold. A formal sunset protocol with legal cover for the official who has to sign it. A transition fund. A lifecycle owner. None of these are technically hard. They are institutionally hard, because they require the organisation to stop thinking of itself as a buyer. “Thought leadership,” as a published value, has produced none of them. What it has produced is the word “modernisation” deployed as a negotiating tactic against the vendors of systems the state can no longer operate without.
Gauteng High Court judgments have made explicit findings of mala fides, bad faith, against the state's conduct in IT disputes. That is not a procedural irregularity finding. It is not “the paperwork was wrong.” It is a judge, looking at the record, and saying that over a period of years the state denied arrangements it knew existed, used software it knew it had no lawful right to run, and reactivated systems that had been placed under interdict. Integrity, in the sense the About page uses the word, is a culture-building aspiration. Integrity, in the sense the court uses the word, is a finding about what actually happened.
A values statement and a court judgment cannot both be true in the same way at the same time. The honest thing to do, if SITA believed its own published value, would be to treat those findings as a constitutional event and rewrite the organisation around preventing them. Instead, the more characteristic response has been to argue that each one was an unusual case, an unusual vendor, an unusual set of circumstances. They are not. They are the cases in which a vendor had the resources to litigate far enough for the pattern to become visible on the public record.
eNaTIS has been waiting for a serious replacement conversation since 2007. HANIS has been inside a replacement process whose end date keeps receding since the early 2010s. The PRASA signalling estate degraded visibly for the better part of a decade while the contracts to replace it were fought over. Whatever word one uses to describe an institution whose replacement cycles are measured in decades, “agile” is not it. Neither is “adaptive.” Neither is “responsive.”
What SITA exhibits, in the judicial record, is something closer to the opposite of agility: a reflexive retreat, in every crisis, to the safest possible bureaucratic posture. “Awaiting instructions.” “Procurement irregularity under review.” “The matter is the subject of legal proceedings.” These phrases are not agility. They are the organisational equivalent of freezing. The evolving environment the value statement gestures at is the environment in which embedded systems become national infrastructure within a few years of installation, and no state IT agency in the world can afford to meet that timescale with a decade-long replacement conversation. Relevance and competitive advantage, in that environment, accrue to the institutions willing to own what they run. SITA is not yet one of them.
The collaboration value, read against the court record, is the one that stings. Judgments describe situations in which the state was actively running a proprietary system under a contractual arrangement it was simultaneously denying in writing, while in parallel commissioning work on a replacement intended to displace the same vendor whose software was still keeping the lights on. That is not collaboration. It is, in the plainest possible terms, the opposite of collaboration conducted under the heading of collaboration.
The difficult question the value raises is not whether SITA collaborates with its staff, with its board, or with other departments. It plainly does. The question is whether it can collaborate with the outside parties whose work has become infrastructure for the state, once the commercial relationship becomes inconvenient. The answer, on the record, is that it cannot. And because it cannot, the eventual resolution of every one of these disputes has to arrive through litigation, through Treasury intervention, or through collapse. None of those are collaborative instruments. They are the instruments that activate when collaboration has already failed.
This is the sentence that most completely gives the game away. Read it carefully. ICT investment must be equated with growth, impact and citizen satisfaction. The unit of analysis is investment: the act of buying. Not operation. Not ownership. Not continuity. The implicit theory of change is that the state procures the right things, and the rest takes care of itself. That is a theory that can only survive in an organisation that has not yet noticed that the hardest part of state IT is what happens after the money has been spent.
If ICT is genuinely a socio-economic game-changer, then the institution responsible for it cannot also treat it as a procurement line item. Those two framings are mutually exclusive. Infrastructure is not purchased once and then managed through a series of vendor contracts; it is inhabited, maintained, evolved, and occasionally rebuilt from the inside by people who understand it well enough to know when to stop paying a vendor and when not to. SITA's own framing, in this one sentence, collapses the category the reform depends on. You cannot be the steward of something you still describe as a purchase. And until the About page is rewritten to describe a different kind of institution, every reform proposal (including the eight in the section below) will land on an organisation that does not yet have the vocabulary to receive them.
The structural diagnosis is not a reading between the lines. It is visible in SITA’s own audited annual report and in the findings of a Parliamentary Portfolio Committee oversight visit conducted in December 2024. These are primary documents. They confirm the pattern from the inside.
Across eight documented cases the same sequence plays out: a mission-critical system becomes infrastructure, procurement logic fails, and litigation or collapse forces resolution.
| Case | Period | Pattern |
|---|---|---|
| SASSA / CPS grants | 2012–2018 | Contract lapsed; system kept running under Constitutional Court supervision to prevent social collapse. |
| Home Affairs HANIS / ABIS | 2000s–2020s | Biometric backbone. Replacement stalled by procurement disputes; parallel systems, years of limbo. |
| SARS Modernisation | 2014–2018 | Working compliance and investigative IT dismantled under “governance correction.” Revenue collapsed. |
| RTMC eNaTIS | 2007–present | Single embedded licensing database. Weak redundancy. Replacement perpetually deferred. |
| PRASA signalling | 2015–2022 | Ageing proprietary rail systems. Replacement contested; safety degraded before transition. |
| DOJ&CD court recording | 2010s | Vendor dependency; disputed contracts; courts reverting to manual. Legal system exposed to IT fragility. |
| Eskom IT estate | 2010s–present | Failed ERP transitions; informal maintenance tolerated to avoid outages. |
| SITA (cross-cutting) | Ongoing | Central procurement without lifecycle governance. Access without ownership clarity. Audited target achievement: 42.86% in 2024/25; 61.9% the year prior. |
The core shift is one sentence: SITA must move from central IT procurement agent to state digital infrastructure steward.
Statutory authority to issue a Critical Infrastructure Determination that formally distinguishes commodity IT from national digital infrastructure. The determination triggers mandatory downstream obligations.
If the state relies on a system for core sovereign functions beyond a defined threshold, it must either own the IP or hold enforceable source-code escrow with step-in rights, lodged at Treasury.
Not just acquisition and hosting, but exit, sunset, buy-out and forced migration. SITA must be able to impose transition deadlines and escalate unresolved systems to Treasury and Cabinet.
A formal, time-bound continued-use framework with automatic compensation accrual and transparent reporting. Removes the incentive to deny agreements or invent procurement excuses.
Explicit power, with legal protection for the official exercising it, to declare that a system cannot lawfully be used after a specified date unless defined conditions are met.
Before SITA may endorse or fund a replacement, it must certify realistic timelines, migration feasibility, data portability and overlap plans. No more “we'll build another one” as a tactic.
When a critical system enters frozen-payment, lapsed-contract limbo beyond a fixed window, SITA must trigger a Treasury-led resolution: binding valuation, exit or buy-out, ring-fenced budget.
Stop counting tenders processed. Start measuring the percentage of critical systems with clear ownership, time spent in transition, and the count of systems operating post-contract.