ARTICLE
19 November 2025

King v: Data, Information And Technology – What You Need To Know

E
ENS

Contributor

ENS logo
ENS is an independent law firm with over 200 years of experience. The firm has over 600 practitioners in 14 offices on the continent, in Ghana, Mauritius, Namibia, Rwanda, South Africa, Tanzania and Uganda.
Explore Firm Details
King V is the fifth iteration of South Africa's corporate governance reports which was released on 31 October 2025 by the Institute of Directors in South Africa...
South Africa Corporate/Commercial Law
Ridwaan Boda and Rakhee Dullabh
Your Author LinkedIn Connections
Ridwaan Boda’s articles from ENS are most popular:
  • in United Arab Emirates
  • with readers working within the Accounting & Consultancy industries
ENS are most popular:
  • within International Law, Law Department Performance and Environment topic(s)

King V is the fifth iteration of South Africa's corporate governance reports which was released on 31 October 2025 by the Institute of Directors in South Africa (IoDSA) and the King Committee of South Africa. It supersedes King IV and is effective for financial years beginning on or after 1 January 2026, with early adoption encouraged. For a summary on the updates to the Code, read more here.

The Code identifies that the changing global and local conditions requires South African organisations to adopt a code of governance that responds appropriately to these challenges, the challenges being: climate change and the disruption to supply chains, insurance and compliance costs; escalating geopolitical tensions and regional conflicts; and the rapid pace of technology innovation. The Code also reflects updates to law and regulations.

An area of key importance is data, information and technology. The Code introduces new obligations on the governing body of an organisation to ensure that it governs data, information and technology in a way that enables the organisation to sustain and optimise its strategies and objectives.

In respect of data and information, the governing body is expected to provide strategic direction and be accountable for effective, compliant and ethical management and control of data and information. This includes the acquisition, creation, use, dissemination and disposal thereof. Such responsibility may be delegated to the appropriate risk governance committee. The Code provides that this is achieved through the implementation and execution of policies, standards and frameworks. Practically, organisations should consider their internal practices and policies and ensure that they are legally sound, robust to cover all risks associated with data and information and continuously monitor and audit it's practices to ensure that it complies with the Code. Key risks identified includes data management, data privacy law compliance, information security, ensuring the integrity of data, third party data management and cross-border data transfers.

In relation to technology, similarly, the governing body is expected to provide strategic direction and be accountable for effective, compliant and ethical acquisition, development, use and distribution of technology. Again, such responsibility may be delegated to the appropriate risk governance committee. The Code also provides that this is achieved through the implementation and execution of policies, standards and frameworks. Practically, organisations should consider compliance with laws and regulations, ensure that sound disaster recovery plans and processes are implemented (including ensuring regular testing is conducted), employ effective cyber security strategies, dispose obsolete technologies responsibly, conduct a risk-benefit analysis to ensure that benefits in using technologies are realised and are commensurate with the investment made, and manage outsourced technologies appropriately.

Specifically, when considering the adoption of emerging technologies (including AI), organisations should employ appropriate governance regarding its use and adoption. A focus on the values of ethics, human centricity, accountability, transparency, explainability, security, privacy, fairness and trustworthiness should be adopted when considering AI. Organisations must demonstrate clear accountability for decisions, actions, outputs and outcomes – which includes subjecting the processes, data, models, algorithms, resources and tools used in the development, implementation, monitoring and management of automated technologies to human oversight and override mechanisms that are commensurate with the level of risk to the organisation and its stakeholders.

Our Technology, Media and Telecommunications team at ENS can help you with your governance strategies when it comes to data, information and technology by:

  • compliance assessment against King V for data, information and technology;
  • drafting appropriate and robust policies regarding the governance of data, information and technology;
  • advising on your compliance with data privacy, technology and related laws;
  • advising on third party risks associated with data, information and technology;
  • drafting appropriate data processing agreements, data services agreements, third party data sharing agreements, cross-border data transfer agreements, technology outsourcing agreements, technology implementation agreements, etc.;
  • conducting data privacy impact assessments or risk assessments;
  • drafting artificial intelligence (AI) policies; and
  • training your staff and governing bodies on legal risks associated with data, information and technology and how to effectively manage these risks.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Photo of Ridwaan Boda
Ridwaan Boda
Photo of Rakhee Dullabh
Rakhee Dullabh
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More