In 2023, global smart glasses shipments increased by 210% year-on-year, and ABI Research has predicted that shipments will grow from 5.9 million in 2024 to 114.1 million by 2030.

The technology is moving faster than awareness, regulation or governance, and South Africa is sitting closer to the edge of privacy and regulatory controversy than most people realise.

This controversy has already affected East Africa. In early 2026, Kenyan and Ghanaian authorities identified Vladislav Luilkov as the Russian vlogger who travelled through Kenya and Ghana wearing the Ray-Ban Meta smart glasses, recording intimate encounters with women without their knowledge and posting the footage online for profit. In the UK, a BBC investigation documented how a woman was covertly filmed at a beach, with the footage receiving around one million views online.

By May 2026, a second victim was also reported by the BBC. She was told that the footage would only be removed as a paid service, which was effectively extortion.

Smart glasses with inconspicuous cameras extend patterns already seen with smartphones – they make it easier to capture and distribute images or video of women in public and private spaces without their knowledge, in a society where harassment, exploitation, and violations of privacy remain widespread.

Wearers can potentially discover a person’s identity, address, and other personal details and share these, along with video footage, with anyone they want, on any platform they want, and this creates significant security and privacy risks.

Two Harvard students recently showed how the footage streamed through these glasses could be linked to external AI facial recognition tools allowing strangers to be identified in real time with names, home addresses and personal information pulled from the internet.

Smart glasses are also an Internet of Things (IoT) device with connected hardware running software that can be targeted in the same way any connected device can.

Research by ESET has found that specific attack vectors such as unpatched firmware vulnerabilities, compromised companion apps, and malicious Wi-Fi hotspots are gaining in momentum and capability.

These threats can compromise the glasses or the device they are paired with, and the attacker gains access to everything the wearer sees.

South Africa has begun to adapt its legal framework to digital abuse, including the Cybercrimes Act, the Protection from Harassment Act, the Domestic Violence Amendment Act, and the Film and Publications Act. These all apply to online harassment, harmful content and image-based abuse. Smart glasses are already changing the boundaries of privacy.

These devices represent high-risk AI systems that capture biometric data in public spaces without meaningful consent mechanisms, process footage through offshore contractors beyond South African data protection oversight, and directly challenge POPIA’s consent framework, designed before invisible, wearable surveillance became normalised.

Under POPIA, biometric information is categorised as ‘special personal information’ with processing generally prohibited unless authorised.

South Africa has both the constitutional foundation and the legislative architecture through POPIA to lead African wearable AI governance.

The country, as Africa’s most technologically advanced economy with BRICS ties and a mature data-protection framework, is uniquely positioned to do for African wearable regulation what the GDPR did for Europe and establish a high-water mark that neighbouring jurisdictions can copy. And now is the time to get it right.

However, global turmoil and its anticipated impact on our market have added considerable concerns about currency swings, steep fuel price hikes, and the knock-on effects these will have on both interest rates and the economy as a whole.

This environment means that every necessary technology investment is under increased scrutiny.

This is because the instinct in many C-suites is to view cloudification, and, increasingly, multicloud architectures, through the lens of cost only. In other words, they see it as a line item that can be minimised, postponed or negotiated down. This framing is problematic.

If we look at high-growth and critical sectors in the South African economy, such as banking and fintech, education, healthcare, retail and telecommunications, a well-designed multicloud strategy is far more than just an IT upgrade.

When done correctly, the adoption of multicloud environments is a compliance ally, a resilience mechanism and an enabler to help businesses move faster, serve customers better and survive shocks.

The truth is that the question has long since evolved from whether a business can afford a multicloud environment to whether it can afford to ignore it.

Multicloud as an incentive

If we consider POPIA and what it demands, any organisation that has embarked on a cloudification journey has a strong incentive to build multicloud environments.

Regulations are explicitly clear about how personally identifiable information must be treated. Certain categories of customer data must reside in South Africa. This isn’t a suggestion; it is a legal requirement.

Sensitive data must be stored in a cloud environment that is physically resident in South Africa, configured to meet regulatory requirements.

Less sensitive or anonymised data, such as analytics, some application services and testing environments, can be hosted with global hyperscalers, where organisations can take advantage of powerful platforms, tools and innovation at scale.

It’s not “either-or”

Executives may ask: if we can build a robust private cloud locally, why do we need a multicloud strategy at all?

This is a valid question because it is absolutely true that South Africa is not technologically behind the rest of the world.

This country has the skills and infrastructure to build private clouds that match, and in some instances, exceed, global standards. Of course, this is complicated by electricity supply issues but there are workable solutions to mitigate against that.

A well-architected private cloud can deliver exceptional security because you control the entire security stack, not just your slice of it.

However, in sectors such as banking, fintech and education, among others, downtime is not just a nuisance; it can be an existential risk.

A well-designed multicloud environment ensures there is always a failover if one environment goes down. In addition to this, many South African organisations serve pan-African and global customers.

Locating workloads closer to end users reduces latency and improves the customer experience, something that a single local cloud cannot always guarantee.

As is evident, the debate is not about a private cloud versus AWS or Azure, but rather about what combination of private and public cloud environments gives us the right balance of compliance, resilience, performance and cost control.

Cloud is an enabler, not an IT refresh

One of the real superpowers of the cloud is its impact on time to market. Before, servers needed to be ordered, delivered, racked and configured.

IT teams would be busy for weeks or months leading to a scenario where, in many cases, product launches were dictated more by hardware lead times than creativity or real-time market demand.

In a fiercely competitive landscape where speed is a strategic advantage, a multicloud strategy gives organisations multiple environments to test, scale and optimise without betting everything on a single provider.

Cybercrime is real, but fear is not a strategy

A traditional cybersecurity narrative would pivot into fear. Yes, cybercrime, including ransomware, is persistent and real. However, dwelling on catastrophe does not help executives make better decisions.

Businesses should ask: “How do we design our cloud journey so that ransomware and other cyber threats become manageable risks, not existential ones?”

One practical answer lies in prevention‑first, intelligence‑driven security, coupled with robust backup and recovery. For example, endpoint‑driven ransomware remediation approaches are effective preventive remedy measures. For example, modern ransomware remediation capabilities can contain and roll back attacks at the endpoint, while secure, regularly tested backups ensure data can be fully restored if needed.

That shifts the dynamic. When criminals encrypt data and demand a ransom, their leverage depends on a lack of options. If a business has clean, recent, secure backups and a tested recovery process, it can restore operations quickly and avoid funding the criminal ecosystem.

Security should not be about scaring businesses into buying tools. It should be about preserving their ability to operate and innovate, even when incidents occur.

The sobering truth is that when organisations expand their cloud footprint without security baked in from day one, they are effectively building on quicksand.

Security should never be an afterthought. It should not be seen as something you “bolt on”. In a cloud‑first world, it must be designed into the architecture from the start. That means:

• Security and compliance teams participating in product and architecture discussions early in the process
• Investing in cloud‑based, centralised security operations to replace a patchwork of disjointed consoles and tools
• Treating configuration, monitoring and incident response as “living disciplines”, not once‑off projects

Organisations would do well to work with security partners who understand that the same cloud and AI capabilities that can propel them forward can just as quickly amplify its mistakes.

You see, the dominant narrative, one of fear and complexity, forces organisations to either delay necessary moves or rush them in a panic. Neither outcome serves businesses and their customers.

Organisations that treat multicloud as a way to comply, stay online and keep innovating, with security baked in from day one, will be the ones that remain competitive and resilient.