restofworld.org web signal

South Africa withdraws AI policy over fabricated citations

TL;DR

  • South Africa withdrew its Draft National AI Policy in April 2026 after at least six of 67 bibliography sources were flagged as AI fabrications.
  • Deloitte refunded $290,000 of $440,000 charged to Australia's Department of Employment and Workplace Relations for a report with fabricated academic references.
  • EU cybersecurity agency ENISA admitted 26 of 492 footnotes in its threat reports were incorrect.

Rest of World has pulled together five recent cases where AI hallucinations turned into real problems for governments and the consulting firms they hire. The pattern that emerges is not that the models are getting worse. It is that policy documents and public-sector reports are being drafted with the same rushed workflows that produce fake citations in a student paper, and nobody in the review chain caught it before publication.

The clearest case is South Africa's Draft National Artificial Intelligence Policy, withdrawn in April 2026 after at least six of the 67 sources in its bibliography turned out to be fabricated, according to the civil rights group Article One. Minister Solly Malatsi told reporters that 'the most plausible explanation is that AI-generated citations were included without proper verification,' and News24 reported that several of the referenced academic journals were 'completely fictitious.'

The consulting side is worse. Deloitte's August 2025 report for Australia's Department of Employment and Workplace Relations contained fabricated academic references, and the firm ended up refunding $290,000 of the $440,000 it had charged. Three months later, another Deloitte team turned in a 526-page, $1.2 million healthcare report to Newfoundland and Labrador with more fake citations. Newfoundland's response was to update its Request for Proposals to require disclosure of 'all intended uses of AI/or machine learning,' the kind of procurement rule that will probably spread. A May 2025 Make America Healthy Again children's health report was caught with 'oaicite' markers still embedded in the file, a signature typically associated with ChatGPT; Press Secretary Karoline Leavitt downplayed these as 'formatting issues.' Europe's cybersecurity agency ENISA admitted 26 of 492 footnotes in its threat reports were wrong, and AI law researcher Chiara Gallese was blunt, saying ENISA had 'let AI touch the one layer it should never touch unguarded: the truth layer.'

The honest caveat is that Rest of World's list is a survey, not an audit. We do not know how many other reports are sitting in circulation with the same problem and simply have not been checked, and the piece does not say whether Deloitte has refunded any of the Canadian $1.2 million yet. What is worth watching is that procurement layer. If more governments follow Newfoundland and require explicit AI disclosure in bids, the firms that already run verified, auditable citation workflows are the ones that keep winning the work.

Shared on Bluesky by 4 AI experts