👨🏿‍🚀TechCabal Daily – Morocco takes the wheel

New car sales in South Africa may be brushing up against record highs, but that momentum clearly isn’t flowing back into local factories. South Africans bought over 590,000 new vehicles in 2025, yet fewer than that were built locally. In November, local production stood at just over 554,000 units—barely up year-on-year—while Morocco crossed the 1 million vehicle production mark in December. After nearly a century at the top, South Africa has lost its crown as Africa’s auto manufacturing hub.

What caused this? This didn’t happen overnight. Morocco’s rise is the product of a long, deliberate industrial strategy: aggressive tax incentives, free-trade access to the EU, US, and China, and a willingness to bet early on electric vehicles (EVs). Renault and Stellantis set up shop years ago, EV production began in 2021, and a fully home-grown electric car, E-NEO Dial-E by Neo Motors, priced at MAD 100,000 ($10,740), is set to roll off the line in 2026. Tesla, the largest EV maker in the US, now has an official presence in Casablanca, Morocco, signalling global interest.

South Africa, by contrast, spent much of the past decade firefighting. Chronic load-shedding raised costs, dented productivity, and scared off fresh investment just as global automakers were rethinking where to place their next generation of plants. Eskom’s coal-heavy energy mix doesn’t help either, especially as carbon border taxes loom. A 150% EV investment tax rebate is finally coming, but only from March 2026, and arguably a few years late.

Between the lines: This isn’t just about cars. It’s about industrial policy credibility. Morocco showed investors consistency, cheap power, and a clear EV roadmap. South Africa offered uncertainty, energy risk, and policy drift. Catching up is still possible—the skills and infrastructure exist—but reclaiming leadership will require more than incentives. It will require reliable electricity, faster policy execution, and a clear signal that auto manufacturing, not just consumption, still matters. 

Global EV market leaders are finding their way to South Africa for its perceived uptake potential, but that same enthusiasm is yet to catch up with local manufacturing setup.

From March 1, 2026, a new consumer protection framework will require near-instant refunds—within 30 seconds—when customers are debited for airtime or data they never receive. If it works as advertised, it could fix one of Nigeria’s most persistent everyday tech annoyances.

This rule is the outcome of months of engagement between the Central Bank of Nigeria (CBN), the Nigerian Communications Commission (NCC), mobile network operators, banks, and value-added service providers. That alone is notable in a system where accountability has often been fragmented.

Why now? According to the NCC, failed airtime and data purchases rank among the top three consumer complaints in Nigeria’s telecoms sector. Network outages, system glitches, wrong numbers, and ported lines have turned what should be low-friction micro-payments into daily irritations. Individually small, these failures add up in time lost, eroded trust, and millions of naira trapped in “pending” limbo.

What changes in practice: If an airtime or data transaction fails and your account is debited, the refund must land within 30 seconds. If a transaction remains pending, operators have up to 24 hours to resolve it. Telecom operators must also send SMS notifications confirming whether a purchase succeeds or fails, while a central monitoring dashboard will track failures and refunds in real time.

Between the lines: The 30-second refund rule is part of continued regulatory efforts to keep the telecoms industry accountable. In May 2025, the NCC launched a portal that tracks service outages from major providers across different cities and states in Nigeria. The new directive will force coordination and disclosure.

Penalties for missing the 30-second window haven’t been spelled out, and full implementation still depends on regulatory sign-off and the completion of shared technical infrastructure. Until then, the promise is clear, but the proof will be in execution.

South Africa’s National Credit Regulator (NCR) has been hit by a cyberattack, with ransomware-as-a-service group DragonForce claiming it stole and published more than 42GB of data on the dark web. The alleged leaked files are customer data records held by the NCR, the agency tasked with protecting consumers and overseeing responsible lending across the country’s credit industry.

Why this matters:  As the regulator of credit providers, bureaus, and debt counsellors, the NCR holds deeply sensitive information, including lender registration records, compliance audits, investigation and enforcement files, consumer complaints, and potentially personal data linked to credit providers and borrowers. In the wrong hands, such data can be exploited for fraud, targeted phishing, or extortion.

The incident itself isn’t new. The NCR acknowledged a cyberattack in December 2025 after some of its systems were disrupted. What remained unclear at the time was the scale of the compromise. That only became apparent months later, after DragonForce surfaced with what it claims are leaked internal files.

Who is Dragonforce? The group operates as a ransomware-as-a-service, offering affiliates tools for attack automation, campaign management, and up to 80% of ransom proceeds. In 2025, it repositioned itself as a ransomware “cartel,” adding data analysis and public leak-site services designed to increase pressure on victims. The group has previously been linked to attacks on major UK retailers.

Between the lines: In the past year, South Africa has seen a steady drumbeat of cyber incidents. The NCR breach fits into a broader pattern of repeated attacks on public and private institutions, raising uncomfortable questions about cyber resilience, disclosure practices, and whether regulators are as prepared as the entities they oversee.

Written by: Emmanuel Nwosu and Opeyemi Kareem

Edited by: Emmanuel Nwosu & Ganiu Oloruntade