CLOSE ✕
Get in Touch
Thank you for your interest! Please fill out the form below if you would like to work together.

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form

King V Code: What it really means for technology, AI and cyber sercurity

Michael Davies
|
20 Feb 2026

King V doesn’t just acknowledge the digital age -- it governs it. For technology, cyber security, and AI professionals, this Code hands you a board-level mandate. The question is: are you ready to use it?

Technology Governance: From IT Function to Board Imperative

Principle 10 (Data, Information and Technology) establishes that “the governing body governs data, information and technology in a way that enables the organisation to sustain and optimise its strategy and objectives.”

This is a decisive repositioning. Technology is no longer something the board delegates entirely to the CIO and moves on from. King V requires board-level accountability for “the effective, compliant and ethical acquisition, development, use and distribution of technology” (Practice 105). If you’ve struggled to get technology on the boardroom agenda, King V just changed the rules.

Cyber Security & Cyber Resilience: Now a Governance Imperative

King V explicitly mandates “effective cybersecurity strategies and practices to protect technology assets, resources, products and services” (Practice 108e). Cyber security has officially left the IT department and taken a seat in the boardroom.

But the Code goes beyond prevention. Practice 108b mandates disaster recovery planning and testing, underscoring that cyberresilience -- the ability to anticipate, withstand, recover from, and adapt to cyber incidents -- is fundamental to organisational continuity. Being breached is no longer the question. How fast and how well you recover is.

AI Governance: Groundbreaking and Unavoidable

This is where King V breaks genuinely new ground. Practice 109c establishes a comprehensive AI governance framework built around core values: ethics, human centricity, accountability, transparency, explainability, security, privacy, fairness and trustworthiness.

Critically, the Code requires “clear accountability for decisions, actions, outputs and outcomes” from AI systems -- including “human oversight and override mechanisms that are commensurate with the level of risk” (Practice 109c.ii). The “human-in-the-loop” principle is now a governance requirement, not a design preference. Organisations deploying AI for high-stakes decisions affecting people’s lives, livelihoods, or rights must be able to demonstrate meaningful human oversight. No exceptions.

Outsourced Technology: Governance Doesn’t Stop at Your Firewall

Cloud services, SaaS platforms, third-party vendors -- King V closes the governance gap that many organisations have quietly ignored. Practice 108f requires effective management of risks from outsourced technologies, including minimum assurance requirements from service providers on the effectiveness of controls over significant risks.

Outsourcing a technology function does not mean outsourcing accountability for it. That message is now embedded in the Code.

What’s New vs King IV?

King V represents a quantum leap from King IV on technology governance:

  • Explicit cyber security and cyber resilience requirements -- absent from King IV’sprinciples
  • A comprehensive AI governance framework -- entirely new territory reflecting rapid AI adoption
  • Detailed emphasis on emerging and disruptive technologies (Practice 109)
  • Stronger integration between technology governance and sustainable value creation
  • More explicit requirements for oversight of outsourced technology services

How Practitioners Can Leverage King V

KCyber Security Professionals:

  • Elevate cyber security from technical function to board-level strategic priority
  • Secure resources for cyber resilience programmes including incident response, recovery testing, and continuous monitoring
  • Integrate cyber risk into enterprise risk management frameworks
  • Demonstrate cyber security’s contribution to organisational legitimacy and stakeholder trust

AI & Technology Governance Specialists:

  • Establish AI ethics committees and governance frameworks aligned with King V’s eight core values
  • Implement human oversight and override mechanisms for automated decision-making systems
  • Develop transparency and explainability standards for AI systems in use across the organisation
  • Create clear accountability frameworks thatassign responsibility for AI outputs and outcomes

Technology Leaders:

  • Justify technology investments through explicit linkage to strategic objectives and value creation
  • Implement robust vendor management frameworks for outsourced services
  • Ensure disaster recovery and business continuity arrangements fully cover technology dependencies
  • Use Practice 110’s assurance requirements as leverage for continuous improvement in technology governance

The Bottom Line

King V arrives at a pivotal moment -- when AI is reshaping industries, cyber threats are escalating, and technology is inseparable from organisational survival. For technology, cyber, and AI professionals, this Code isn’t just a compliance framework. It’s a strategic mandate to lead from the front. Your board needs your expertise now more than ever. King V makes that non-negotiable.

Michael Davies
Managing Director of Pax Resilience

Other Articles

28 May 2026
View article
How AI is reshaping the Risk Management profession
By eliminating longstanding constraints, artificial intelligence enables risk professionals to deliver deeper insights with greater speed, scale, and precision.
Written by
Michael Davies
27 Feb 2026
View article
King V Code: What BCM Practitioners Should Know
South Africa’s King V Code has recently been released and for Business Continuity Management (BCM) practitioners, there is a subtle but important governance shift we’ve been waiting for.
Written by
Michael Davies
15 June 2024
View article
What now, DORA?
The European Union's Digital Operational Resilience Act (DORA) is a significant piece of legislation aimed at enhancing the resilience and security of the financial sector against cyber threats and operational disruptions.
Written by
Michael Davies
Lets Work Together
Contact