King V and the rise of data governance: When technology becomes trust

Nathan-Ross Adams, Founder and MD, ITLawCo. (Image: ITLawCo)

---

Beneath the technical polish of South Africa’s new King V Code on Corporate Governance lies a philosophical rupture. 

For the first time, data, information, and technology are not treated as infrastructure: they are as ethics in motion. 

10 of the Code declares that the governing body must govern “data, information and technology in a way that enables the organisation to sustain and optimise its strategy and objectives”.

This change is more than procedural reform. It’s a redefinition of what it means to lead. IT, once a department, has become a mirror—reflecting not how efficient an organisation is, but how trustworthy it is.

King V expands the ethical perimeter of the boardroom. No longer confined to financial prudence, directors must now ask:

• Is our data collected and used ethically?
• Are our AI systems explainable and subject to human oversight?
• Do our cybersecurity practices preserve not only confidentiality but confidence?

These questions are not technical; they are foundational. In the King V Disclosure Framework, each organisation must publicly affirm whether it is satisfied that its digital practices are effective, compliant, and ethical. In effect, the IT audit has evolved into an ethical audit: a statement of integrity published for shareholders, regulators, and citizens to review. 

King V’s Foundational Concepts introduce a powerful metaphor: the organisation as an ecosystem of capitals—financial, human, social, and now digital. Here, data and technology stand alongside capital itself: assets that can create or erode value, depending on how responsibly they are governed.

Where King IV urged integrated reporting, King V demands integrated thinking. It reminds boards that information and trust move together—across servers, sensors, and societies alike. A breach in one is a fracture in the other.

For boards, the Code’s proportionality principle means scale does not excuse negligence. Smaller entities may implement leaner mechanisms, but no entity is exempt from ethical duty. As a result, IT governance should now include:

• A dedicated or cross-functional IT governance committee.
• Defined lines of accountability between data officers, CIOs, and the board.
• Regular assurance over cybersecurity, data quality, and AI ethics.
• Transparent disclosure of findings in annual or sustainability reports.

In essence, King V replaces compliance theatre with ethical architecture. Accountability is no longer a matter of performance; it’s a matter of design.

There is a commercial dimension to this ethical turn. The 2024 Edelman–LinkedIn B2B Thought Leadership Report found that 75% of decision-makers research new providers after engaging with credible thought leadership, and 70% reconsider their current vendors. The pattern holds true for governance: credibility attracts capital.

When an organisation demonstrates mastery of digital ethics—when it can show how it governs, not merely that it governs—it builds the kind of reputational equity that cannot be bought through marketing. King V codifies this principle: trust is a measurable asset, and governance is its ledger.

There is an irony (perhaps even a paradox) at the heart of King V. Technology once promised neutrality: machines would make objective decisions free from human bias. King V quietly rejects that myth, recognising that neutrality without ethics becomes negligence.

In this framework, every line of code, every data field, every automation policy carries ethical weight. Digital governance is therefore not about control; it is about ethics engineered at scale.

Applying Principle 10 need not overwhelm the boardroom. It requires coherence, not complexity:

1. Map your digital capitals—know which data and systems create value and where they expose risk.
2. Define accountability lines—document who governs, who manages, and who assures.
3. Embed ethics in design—require privacy-by-design, bias testing, and human-override controls in AI projects.
4. Disclose transparently—report progress and exceptions publicly (within reason), linking IT oversight to organisational outcomes.

Governance, in this sense, is not a compliance checklist but a continuous narrative of how a company earns and maintains trust.

King V’s cadence is deliberate. Where King I taught integrity, King II professionalised oversight, King III united sustainability, and King IV operationalised outcomes, King V synthesises them through data.

It’s governance for the algorithmic age—paced, deliberate, and human-centred.

The repeated refrain across its principles could almost form an anaphora: Govern ethically. Govern effectively. Govern transparently. Govern digitally.

Each repetition reinforces the same pulse: responsibility is the new rhythm of resilience.

In the emerging economy, data is capital, technology is conduct, and governance is currency. Boards that internalise this will not simply comply with King V; they will outpace it.

Because in the end, the Code’s true innovation is not structural but philosophical: it redefines leadership as the ability to turn systems into symbols of ethical integrity. When technology becomes trust, governance stops being a rulebook—it becomes reputation itself.