Ethical Software Development — Published Best Practices

This is a curated list of publicly available frameworks, guidelines, and standards on ethical software development, with URL references, organised by theme. This is a wiki post, so you can add to this post; please feel free to enrich/improve where you can!!

Note: all links were verified in May 2026. Last update: May 2026

---

1. General Codes of Professional Ethics

• Ethical Android Development — Murena blog post about ethical development for platforms based on the Android Open Source Project (AOSP)

  • https://murena.com/ethical-android-development/

• ACM/IEEE-CS Software Engineering Code of Ethics and Professional Practice — the joint task force code, eight principles (public, client/employer, product, judgement, management, profession, colleagues, self). The de facto professional standard.

  • https://www.acm.org/code-of-ethics/software-engineering-code
  • https://ethics.acm.org/code-of-ethics/software-engineering-code/

• ACM Code of Ethics and Professional Conduct — broader code for all computing professionals.

  • https://www.acm.org/code-of-ethics

• IEEE Code of Ethics

  • https://www.ieee.org/about/corporate/governance/p7-8.html

---

2. Privacy & Data Protection

• Privacy by Design — the 7 Foundational Principles (Ann Cavoukian). The foundational framework underpinning GDPR Article 25.

  • https://www.ipc.on.ca/wp-content/uploads/resources/7foundationalprinciples.pdf
  • https://privacysecurityacademy.com/wp-content/uploads/2020/08/PbD-Principles-and-Mapping.pdf

• GDPR — full text (EU Regulation 2016/679), with Article 25 on Data Protection by Design and by Default.

  • https://gdpr-info.eu/
  • https://gdpr-info.eu/art-25-gdpr/

• EDPB Guidelines 4/2019 on Data Protection by Design and by Default

  • https://www.edpb.europa.eu/our-work-tools/our-documents/guidelines/guidelines-42019-article-25-data-protection-design-and_en

• OECD Privacy Guidelines — Fair Information Practice Principles, foundational for most modern privacy law.

  • https://www.oecd.org/en/topics/sub-issues/privacy.html

• NIST Privacy Framework

  • https://www.nist.gov/privacy-framework

---

3. Security & Secure Development

• OWASP Top 10 — most common web application security risks.

  • https://owasp.org/www-project-top-ten/

• OWASP Secure Coding Practices — Quick Reference Guide (now migrated into the OWASP Developer Guide).

  • https://owasp.org/www-project-secure-coding-practices-quick-reference-guide/
  • https://devguide.owasp.org/

• OWASP Application Security Verification Standard (ASVS) — auditable security requirements.

  • https://owasp.org/www-project-application-security-verification-standard/

• OWASP SAMM (Software Assurance Maturity Model)

  • https://owaspsamm.org/

• NIST Secure Software Development Framework (SSDF) — SP 800-218

  • https://csrc.nist.gov/projects/ssdf
  • https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-218.pdf

• CISA Secure by Design — joint cybersecurity-agency guidance.

  • https://www.cisa.gov/securebydesign

• BSIMM (Building Security In Maturity Model)

  • https://www.bsimm.com/

• CERT Secure Coding Standards (SEI/Carnegie Mellon).

  • https://wiki.sei.cmu.edu/confluence/display/seccode

• Open Source Security Foundation (OpenSSF) Best Practices Badge

  • https://www.bestpractices.dev/

---

4. Accessibility & Inclusive Design

• Web Content Accessibility Guidelines (WCAG) 2.2 — W3C Recommendation, the international accessibility standard (also published as ISO/IEC 40500).

  • https://www.w3.org/TR/WCAG22/
  • https://www.w3.org/WAI/standards-guidelines/wcag/

• W3C Web Accessibility Initiative (WAI) — full resources

  • https://www.w3.org/WAI/

• Authoring Tool Accessibility Guidelines (ATAG) 2.0

  • https://www.w3.org/TR/ATAG20/

• EN 301 549 — European accessibility standard, mandatory for public-sector ICT procurement in the EU.

  • https://www.etsi.org/deliver/etsi_en/301500_301599/301549/

• European Accessibility Act (Directive 2019/882) — applies to a wide range of products and services from 28 June 2025.

  • https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32019L0882

• Microsoft Inclusive Design Toolkit — three principles: recognise exclusion; learn from diversity; solve for one, extend to many.

  • https://inclusive.microsoft.design/
  • https://inclusive.microsoft.design/tools-and-activities/Inclusive101Guidebook.pdf

• Microsoft Inclusive Design for Cognition Guidebook

  • https://inclusive.microsoft.design/tools-and-activities/InclusiveDesignForCognitionGuidebook.pdf

• Apple Human Interface Guidelines — Accessibility & Inclusion

  • https://developer.apple.com/design/human-interface-guidelines/accessibility
  • https://developer.apple.com/design/human-interface-guidelines/inclusion

• GOV.UK Design Principles

  • https://www.gov.uk/guidance/government-design-principles

---

5. Environmental Impact / Green Software

• Green Software Foundation — Principles of Green Software (carbon efficiency, energy efficiency, carbon awareness, hardware efficiency, measurement, climate commitments).

  • https://greensoftware.foundation/
  • https://principles.green/

• Green Software Foundation — Green Software Patterns

  • https://patterns.greensoftware.foundation/

• Software Carbon Intensity (SCI) Specification — a methodology to score software systems’ carbon impact.

  • https://sci.greensoftware.foundation/
  • https://github.com/Green-Software-Foundation/sci

• Green Software for Practitioners (LF training, free)

  • https://training.linuxfoundation.org/training/green-software-for-practitioners-lfc131/

• W3C Web Sustainability Guidelines (WSG 1.0) — draft, but the most comprehensive web-specific framework.

  • https://www.w3.org/TR/web-sustainability-guidelines/

• Sustainable Web Manifesto

  • https://www.sustainablewebmanifesto.com/

---

6. Responsible / Ethical AI

• EU High-Level Expert Group — Ethics Guidelines for Trustworthy AI (the “seven requirements”: human agency and oversight; technical robustness and safety; privacy and data governance; transparency; diversity, non-discrimination and fairness; societal and environmental well-being; accountability). Underlies the EU AI Act.

  • https://digital-strategy.ec.europa.eu/en/library/ethics-guidelines-trustworthy-ai
  • ALTAI assessment list: https://digital-strategy.ec.europa.eu/en/library/assessment-list-trustworthy-artificial-intelligence-altai-self-assessment

• EU AI Act (Regulation 2024/1689)

  • https://eur-lex.europa.eu/eli/reg/2024/1689/oj
  • https://artificialintelligenceact.eu/

• OECD AI Principles — first intergovernmental AI standard (adopted 2019, revised 2024).

  • https://www.oecd.org/en/topics/ai-principles.html
  • https://oecd.ai/en/ai-principles

• UNESCO Recommendation on the Ethics of Artificial Intelligence — adopted by 193 member states.

  • https://www.unesco.org/en/articles/recommendation-ethics-artificial-intelligence
  • https://unesdoc.unesco.org/ark:/48223/pf0000381137

• IEEE Ethically Aligned Design (A/IS) — engineering-community-led ethics framework for autonomous and intelligent systems.

  • https://standards.ieee.org/wp-content/uploads/import/documents/other/ead_v2.pdf
  • https://standards.ieee.org/initiatives/autonomous-intelligence-systems/

• IEEE 7000 family of standards (transparency, data privacy, algorithmic bias, etc.)

  • https://standards.ieee.org/initiatives/artificial-intelligence-systems/

• NIST AI Risk Management Framework (AI RMF 1.0)

  • https://www.nist.gov/itl/ai-risk-management-framework
  • https://nvlpubs.nist.gov/nistpubs/ai/NIST.AI.100-1.pdf

• ISO/IEC 42001 — AI management system standard.

  • https://www.iso.org/standard/42001

• Asilomar AI Principles

  • https://futureoflife.org/open-letter/ai-principles/

• Montreal Declaration for Responsible AI

  • https://montrealdeclaration-responsibleai.com/

• Google AI Principles

  • https://ai.google/responsibility/principles/

• Microsoft Responsible AI Standard

  • https://www.microsoft.com/en-us/ai/responsible-ai

• Partnership on AI

  • https://partnershiponai.org/

---

7. User Autonomy — Deceptive / Dark Patterns

• Deceptive Patterns (Harry Brignull’s site, formerly darkpatterns.org) — the canonical taxonomy.

  • https://www.deceptive.design/

• EDPB Guidelines 03/2022 on Deceptive Design Patterns in Social Media Platform Interfaces

  • https://www.edpb.europa.eu/our-work-tools/our-documents/guidelines/guidelines-032022-deceptive-design-patterns-social-media_en

• OECD report — Dark Commercial Patterns

  • https://www.oecd.org/en/publications/dark-commercial-patterns_44f5e846-en.html

• US FTC report — Bringing Dark Patterns to Light

  • https://www.ftc.gov/reports/bringing-dark-patterns-light

• Nielsen Norman Group — Deceptive Patterns in UX

  • https://www.nngroup.com/articles/deceptive-patterns/

• EU Digital Services Act (DSA) — Article 25 on dark patterns

  • https://eur-lex.europa.eu/eli/reg/2022/2065/oj

---

8. Open Source — Community, Governance & Sustainability

• Contributor Covenant — the most widely adopted code of conduct for open source.

  • https://www.contributor-covenant.org/

• Open Source Guides (GitHub) — community-tested practices.

  • https://opensource.guide/

• CHAOSS (Community Health Analytics for Open Source Software) — metrics for project health and D&I.

  • https://chaoss.community/

• Open Source Initiative — Open Source Definition

  • https://opensource.org/osd

• REUSE Software (FSFE) — best practice for licensing and copyright in open source.

  • https://reuse.software/

• Open Source Security Foundation (OpenSSF)

  • https://openssf.org/

• Ethical Source — definition and principles

  • https://ethicalsource.dev/

---

9. Data Ethics, Governance & Stewardship

• FAIR Data Principles (Findable, Accessible, Interoperable, Reusable) — Wilkinson et al., 2016.

  • https://www.go-fair.org/fair-principles/
  • https://www.nature.com/articles/sdata201618

• CARE Principles for Indigenous Data Governance — complementary to FAIR.

  • https://www.gida-global.org/care

• Open Data Charter — International Open Data Principles

  • https://opendatacharter.org/principles/

• Datasheets for Datasets (Gebru et al.) — documentation standard for ML datasets.

  • https://arxiv.org/abs/1803.09010

• Model Cards for Model Reporting (Mitchell et al.)

  • https://arxiv.org/abs/1810.03677

---

10. Digital Rights & Web Governance

• Contract for the Web (World Wide Web Foundation / Tim Berners-Lee) — nine principles for governments, companies and citizens.

  • https://contractfortheweb.org/
  • https://webfoundation.org/about/vision/contract-for-the-web/

• UN Guiding Principles on Business and Human Rights

  • https://www.ohchr.org/sites/default/files/Documents/Publications/GuidingPrinciplesBusinessHR_EN.pdf

• Council of Europe — Guidelines on Human Rights for Internet Users

  • https://www.coe.int/en/web/internet-users-rights/guide

• Ranking Digital Rights — Corporate Accountability Index (methodology for evaluating tech-company human-rights practices).

  • https://rankingdigitalrights.org/

---

11. Children’s Rights & Vulnerable Users

• UK ICO — Age Appropriate Design Code (Children’s Code) — 15 standards for online services likely to be accessed by children.

  • https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/childrens-information/childrens-code-guidance-and-resources/age-appropriate-design-a-code-of-practice-for-online-services/

• UNICEF — Policy Guidance on AI for Children

  • https://www.unicef.org/innovation/reports/policy-guidance-ai-children

• 5Rights Foundation

  • https://5rightsfoundation.com/

---

12. Algorithmic Fairness & Accountability

• ACM FAccT Conference resources (Fairness, Accountability, and Transparency)

  • https://facctconference.org/

• Fairness Definitions Explained (Verma & Rubin, 2018) — survey of definitions.

  • https://fairware.cs.umass.edu/papers/Verma.pdf

• Aequitas — bias audit toolkit (University of Chicago)

  • https://github.com/dssg/aequitas

• AI Fairness 360 (IBM Research)

  • https://aif360.res.ibm.com/

• Algorithmic Justice League

  • https://www.ajl.org/

---

13. Digital Sovereignty & European Tech Independence

• NLnet Foundation — funded projects directory (open-source/sovereignty ecosystem).

  • https://nlnet.nl/

• EuroStack initiative

  • https://euro-stack.eu/

• OpenForum Europe — policy papers on digital sovereignty

  • https://openforumeurope.org/

• Sovereign Tech Fund (Germany)

  • https://www.sovereigntechfund.de/

• EU Data Act

  • https://eur-lex.europa.eu/eli/reg/2023/2854/oj

---

14. Governance, Audit & Whistleblowing

• ISO/IEC 27001 — information security management.

  • https://www.iso.org/standard/27001

• ISO/IEC 27701 — privacy information management.

  • https://www.iso.org/standard/71670.html

• EU Whistleblower Protection Directive (2019/1937)

  • https://eur-lex.europa.eu/eli/dir/2019/1937/oj

• B Corp Certification — standards

  • https://www.bcorporation.net/en-us/certification/

---

15. Labour & Supply Chain

• Responsible Business Alliance — Code of Conduct (electronics supply chain).

  • https://www.responsiblebusiness.org/code-of-conduct/

• Fairwork Foundation — ratings of platform-work conditions

  • https://fair.work/

• EU Corporate Sustainability Due Diligence Directive (CSDDD)

  • https://eur-lex.europa.eu/eli/dir/2024/1760/oj