King V doesn’t just acknowledge the digital age -- it governs it. For technology, cyber security, and AI professionals, this Code hands you a board-level mandate. The question is: are you ready to use it?
Principle 10 (Data, Information and Technology) establishes that “the governing body governs data, information and technology in a way that enables the organisation to sustain and optimise its strategy and objectives.”
This is a decisive repositioning. Technology is no longer something the board delegates entirely to the CIO and moves on from. King V requires board-level accountability for “the effective, compliant and ethical acquisition, development, use and distribution of technology” (Practice 105). If you’ve struggled to get technology on the boardroom agenda, King V just changed the rules.
King V explicitly mandates “effective cybersecurity strategies and practices to protect technology assets, resources, products and services” (Practice 108e). Cyber security has officially left the IT department and taken a seat in the boardroom.
But the Code goes beyond prevention. Practice 108b mandates disaster recovery planning and testing, underscoring that cyberresilience -- the ability to anticipate, withstand, recover from, and adapt to cyber incidents -- is fundamental to organisational continuity. Being breached is no longer the question. How fast and how well you recover is.
This is where King V breaks genuinely new ground. Practice 109c establishes a comprehensive AI governance framework built around core values: ethics, human centricity, accountability, transparency, explainability, security, privacy, fairness and trustworthiness.
Critically, the Code requires “clear accountability for decisions, actions, outputs and outcomes” from AI systems -- including “human oversight and override mechanisms that are commensurate with the level of risk” (Practice 109c.ii). The “human-in-the-loop” principle is now a governance requirement, not a design preference. Organisations deploying AI for high-stakes decisions affecting people’s lives, livelihoods, or rights must be able to demonstrate meaningful human oversight. No exceptions.
Cloud services, SaaS platforms, third-party vendors -- King V closes the governance gap that many organisations have quietly ignored. Practice 108f requires effective management of risks from outsourced technologies, including minimum assurance requirements from service providers on the effectiveness of controls over significant risks.
Outsourcing a technology function does not mean outsourcing accountability for it. That message is now embedded in the Code.
King V represents a quantum leap from King IV on technology governance:
KCyber Security Professionals:
AI & Technology Governance Specialists:
Technology Leaders:
King V arrives at a pivotal moment -- when AI is reshaping industries, cyber threats are escalating, and technology is inseparable from organisational survival. For technology, cyber, and AI professionals, this Code isn’t just a compliance framework. It’s a strategic mandate to lead from the front. Your board needs your expertise now more than ever. King V makes that non-negotiable.