I often come across experts, journalists and the public asking for more ‘ethical standards’. However, I’m never really sure what is meant by these terms.

Here are a list of various different ‘buckets’ of standards that I see in the marketplace. Each has their own benefits and their own shortcomings. However, my hope is that we can become more specific in what kind of standards we talk about.

Different types of standards

Legislation: Legal standards are enforced standards where a company may be forced to change action, pay a fine, or stop doing business if these standards are not met. The GDPR is an example of a legal standard. The state governing body is responsible for creating and enforcing these standards. They are applicable to everybody within its jurisdictions.

Often legislation is not adequately enforced. Although something may be illegal, it may be the culture to break that law. For example, most adtech structures are breaking GDPR to some degree, and the enforcing bodies do not have the resources to implement the law. There are other mechanisms through which the law can be applied, like through class action lawsuits, and it’s really exciting to see these kind of mechanisms be applied from civil society and the public.

Enforced commercial standards: B-corp, for example, asks for a license fee from organisations which want to become certified a B-corp. This fee pays for the work to check whether an organisation is doing enough in governance, environment and social spaces to be awarded the badge for becoming a B-corp.

ISO standards are similar but cover many different topics from food hygiene to cyber security. You can purchase the guidance on a particular standard from their website, and then you can be audited so you are certified. The IEEE follows a similar model.

These are interesting and useful infrastructures, but ultimately, they should be seen as a ‘tick-box’ exercise. When it comes to ethics, we want to create cultures where employees and stakeholders are thinking carefully about the world that they want to aim towards, and to give them the skills and methods to work towards these aims. If we were just to rely on these enforced commercial standards, we risk a homogenous ethics landscape, and also one where innovative and critical thinking are not rewarded.

Non-enforced external ethical guidelines: There are non-enforced ethical guidelines. These are guidelines that are published but do not have any means to be audited and very few – if any – repercussions if they are violated. These kinds of guidelines can be very helpful if a company wants to understand best practice in an area and to create a culture which follows these standards. However, occasionally an industry might want to hide behind ethical standards that they write for themselves. Given they are not enforced, they are not enacted in the industry, but they are used as a screen to prevent legislation in that industry from a governmental body.

Certification of education: Finally, a person may be awarded a certificate if they have completed a curriculum in a certain subject. These may be from old institutions like universities and colleges, but more and more you can get certificates from online providers like General Assembly, LinkedIn Learning and so on. These certificates show that a person is qualified in a certain area, and so have the knowledge and experience to undertake a certain task.

Certifications are a useful heuristic, but they are just indications of competency at best. Often too much value is placed on them and they can be used to hide all manner of shortcomings. What’s more, they can perpetuate all sorts of societal biases. Oxford and Cambridge have a great reputation, but ultimately you are far more likely to have a qualification from these universities if you come from a privileged background.

Internal ethical guidelines: These guidelines are produced by the organisation in question and are enforced through their own disciplinary procedures and mechanisms and also promoted culture. Internal guidelines align with the values of the organisation.

What do you think of these buckets? Are there anymore categorisations that you would add?