24 Days to Go: Zimbabwe’s COBE Act Deadline Compliance Checklist for Digital Platforms and Fintechs

The clock is running. Zimbabwe’s Companies and Other Business Entities Act (COBE Act) re-registration deadline is April 20, 2026 — 24 days from today. For digital platforms, fintechs, and crypto operators with any Zimbabwe presence, this is not an administrative formality. It is a binary compliance event: re-register or lose legal existence.

BETAR.africa covered the headline obligations when the deadline entered the 30-day window (BETA-850). This follow-up is a step-by-step compliance checklist, incorporating new procedural requirements and a second regulatory layer — SI 155/2024 — that affects crypto and data-processing platforms specifically.

What Has Changed Since March 21

Two important developments add complexity to the April 20 deadline:

PACRA QR-coded certificates are mandatory. The Public Accountants and Auditors Board’s (PACRA) requirement — which parallels the Companies and Intellectual Property Commission re-registration requirement — means all corporate entities need updated certificates carrying a QR code that links to the live corporate register. Institutions including banks, payment processors, and licencing bodies will accept only QR-coded certificates as valid proof of corporate standing from April 21.

SI 155/2024 formally classifies crypto platforms as data controllers. Statutory Instrument 155 of 2024, Zimbabwe’s data protection implementation regulation, came into effect in late 2024 and is now fully enforceable. Under SI 155/2024, any entity operating a crypto exchange, digital wallet, or virtual asset service platform is classified as a data controller — triggering a separate compliance obligation with the Postal and Telecommunications Regulatory Authority of Zimbabwe (POTRAZ) that runs in parallel to COBE re-registration.

These two threads converge in April 2026 in a way that most compliance teams have not fully mapped.

The 24-Day Compliance Checklist

Step 1 — Verify current registration status (Do this today)

Log into the Companies and Intellectual Property Commission (CIPCO) online portal and confirm your entity’s current status. Entities registered under the old Companies Act (Chapter 24:03) that have not yet migrated to the COBE Act framework (Chapter 24:31) are at risk. A “registered” status may still reflect the old framework if the migration was not completed.

Red flags: Certificate issued before 2022 with no QR code; no record in the new digital register.

Step 2 — Initiate COBE re-registration (Days 1–5)

The re-registration process requires:

1. Updated memorandum and articles of association in digital format, aligned with COBE Act requirements
2. Current register of directors and shareholders (ultimate beneficial owner disclosure required)
3. Proof of registered office address in Zimbabwe (virtual offices may not qualify — confirm with CIPCO)
4. Application through the CIPCO e-services portal

Foreign-owned entities: At least one locally resident director is required. If your structure does not include one, this must be resolved before registration can complete.

Allow 5–10 working days for processing under normal volumes. With April 20 approaching, processing volumes will increase. Start now.

Step 3 — Obtain QR-coded certificate (Upon CIPCO approval)

Once CIPCO approves re-registration, download and print the new QR-coded Certificate of Incorporation. This document is the one that banks, the Reserve Bank of Zimbabwe (RBZ), the Securities and Exchange Commission of Zimbabwe (SECZ), and payment processors will require for KYB re-verification.

Distribute to: your primary banking relationship, any RBZ-licensed payment partner, SECZ (if VASP-registered), and any payment gateway or processor requiring up-to-date KYB documentation.

Step 4 — Crypto and VASP operators: file with POTRAZ under SI 155/2024

This step is separate from COBE re-registration and applies specifically to:

• Cryptocurrency exchanges
• Digital wallet providers
• Virtual asset service providers (VASPs) registered with SECZ
• Any platform that processes or stores personal data for Zimbabwean users as a core business function

SI 155/2024 obligations:

If your platform is already operating in Zimbabwe and has not filed with POTRAZ under SI 155/2024, you are currently non-compliant regardless of COBE status.

How to apply: Contact POTRAZ directly through its official licensing portal. The DPO must be a named individual — it can be a local representative rather than a full-time employee, but the appointment must be formally documented.

Step 5 — Update KYB records across your compliance stack (Days 10–20)

Once you hold the new QR-coded COBE certificate, initiate KYB updates with:

• Primary bank account: Provide updated certificate and beneficial ownership records
• RBZ payment licence file: If you hold an RBZ payment licence, update your licence file with the new COBE certificate
• SECZ VASP registration: File an updated corporate standing declaration
• Payment gateway / processor partners: Most will require updated KYB annually; the COBE re-registration is a trigger event

Failure to complete KYB updates means your certificate is valid but your downstream financial infrastructure may freeze accounts or suspend access when their own compliance systems flag the mismatch.

Step 6 — Tax compliance verification (Days 15–24)

The COBE deadline intersects with Zimbabwe’s digital tax stack. Confirm compliance with:

• 15% Digital Services Withholding Tax (DST): Applies to international digital service payments. Requires a registered local entity or appointed tax agent — both require current COBE standing
• 2% cross-border mobile money withholding: Applies to mobile money operators; RBZ licence requires current COBE certificate
• 7-year KYC/AML record retention: Re-registration is a good moment to verify your AML documentation is in order, as COBE renewal typically prompts financial institution KYB reviews that may expose AML documentation gaps

The Consequence Matrix

Who Must Act in the Next 24 Days

If you have any of the following in Zimbabwe, read this checklist as urgent:

• A subsidiary or wholly-owned local entity incorporated pre-2022
• An RBZ payment service provider licence
• A SECZ virtual asset service provider registration
• A bank account held in the name of a Zimbabwean entity
• A local entity registered solely for DST compliance (15% withholding tax requirement)

Notably: Foreign B2B SaaS and cloud providers that established local entities specifically to comply with the 15% DST are among the most likely to be caught short — these entities were often set up quickly with minimal ongoing compliance oversight, and may hold old Company Act registrations with no DPO, no POTRAZ filing, and outdated KYB records across their financial partners.

Practical Timeline

The Bottom Line

The April 20 deadline is not new. What is new is the convergence of COBE re-registration with SI 155/2024 data controller obligations — and the practical reality that POTRAZ licensing for data controllers was added in late 2024 and has not been widely communicated to foreign-operated platforms.

The combined compliance action — CIPCO re-registration, PACRA-validated QR certificate, POTRAZ data controller licence, DPO appointment, KYB updates across financial partners — requires 20–25 working days end to end under normal processing volumes. With April 20 twenty-four days away, the window is still viable but leaves no margin for delay.

Key Date: April 20, 2026 — COBE Act re-registration deadline

Related Coverage:
– BETA-850: Zimbabwe COBE Act Deadline — Overview (published March 21, 2026)
– BETA-322: Zimbabwe 15% Digital Services Withholding Tax (published)

Sources:
– Companies and Other Business Entities Act (COBE Act), Chapter 24:31, Zimbabwe
– Statutory Instrument 155 of 2024, Zimbabwe (Data Protection Implementation Regulations)
– Zimbabwe KYB Compliance 2025-2026 — voveid.com
– M&J Consultants: COBE Act Overview
– Tech In Africa: Zimbabwe 2026 Tech Regulations
– KYC Compliance Zimbabwe 2026 — voveid.com
– Kudfort: Re-register or Risk It