XR4Human Code of Conduct Version 1.0Code of Conduct for the Human-Centered and Ethical Development of Immersive Technologies Download Table of Contents: PreambleScopeGuiding PrinciplesArticle 1: User Transparency by DesignArticle 2: Data, Protection and Privacy by designArticle 3: Risk Management by DesignArticle 4: Well-being By DesignArticle 5: Identity, personas and avatarsArticle 6: Shared SpacesArticle 7: Engagement with Non-Human Resources Preamble This Code of Conduct (henceforth, Code) sets forth the ethical obligations for everyone involved in technological innovation and governance of immersive or extended reality (XR) technologies, including Virtual Reality (VR), Augmented Reality (AR), Mixed Reality (MR), as well as all current and other emerging and future technologies. This Code represents a statement of shared ethical values and responsibilities, written in consultation with academics, developers, and governmental agencies.It aims to set out a shared understanding of respect for human rights, protection of user privacy, promotion of inclusivity, and safeguarding of the mental, physical, and social well-being of all users. This Code applies to designers, developers, providers, and all XR industry stakeholders involved in the lifecycle of immersive technologies. The principles outlined here serve as a guide for creating immersive experiences that are ethical, inclusive, safe, and aligned with human rights standards. Guiding Principles Human-Centered Design Ensure that the needs, values, and well-being of users are guiding considerations in all stages of development. Ensure immersive technologies enhance user agency, allowing users to make informed decisions and control their digital interactions, avoiding deceptive techniques or manipulative design. Diversity, Inclusivity, Accessibility and Equitability Design immersive experiences that are inclusive and accessible to a diverse range of users, considering the intended use. Aim to reflect the needs of underrepresented, marginalised and vulnerable populations, including people with disabilities and the economically disadvantaged. Aim to foster fairness in immersive technologies while avoiding the reinforcement of existing or new inequalities. Trustworthiness and Transparency Maintain transparency throughout the design, development, and deployment of immersive technologies, particularly regarding data collection, processing, usage, retention, and destruction. Provide clear and understandable communication about the digital and non-digital nature of immersive environments, such as in AR and MR technologies. Privacy and Data Governance Respect user and bystander privacy and implement robust personal data protection measures. Inform users explicitly, in a manner that is understandable, and at predefined and reasonable intervals about the collection, usage, and sharing of their data, especially in cases involving third-party providers. Safe Experience Design immersive experiences to prevent harm to users and bystanders, including protection mechanisms against manipulation, abuse, and harassment. Develop and implement content moderation and community guidelines that promote safe and respectful behaviour. Identity and Right to Anonymity Allow users to own and control their identities, personas, and avatars, both during the users’ lifetime and after death, with the ability to customize and transport them across platforms, ensuring continuity and interoperability. Respect user preferences for anonymity. Sustainability Minimise the environmental impact of immersive technologies by promoting sustainable practices in their design, development and deployment, focusing on reducing energy consumption and waste. Technical Security and Interoperability Ensure the security of essential technical processes, such as digitally mediating functions, to prevent data breaches, hijacking and manipulation of the immersive experience by malicious entities. Foster the development of standards that allow for interoperability between different platforms and devices, enabling seamless transitions of digital identities and assets. Moral Dilemma Resolution and Risk Management Engage all relevant stakeholders when developing procedures for moral dilemma resolution and traceable risk management. Guarantee clear traceable responsibilities, ensuring that developers and providers are identifiable and accountable to warrant ethical and legal responses in the event of harm, abuse, or misuse. Article 1: User Transparency by Design 1. Clear Purpose Statement: Developers should include an easily accessible description of the application, its purpose, and features including compliance with this Code. Developers should specify who the application is designed for, the target demographics, and the specific user needs it addresses, to help users determine if the product is suitable for them. 2. Accessibility Limitations: Developers should outline any known limitations related to accessibility. This should be clearly communicated to set appropriate user expectations. 3. Risk Information: Developers should clearly communicate risks, uncertainties, or limitations associated with the technologies, especially regarding privacy, data usage, safety, or the robustness and reliability of features. 4. User Guide: Adequate resources, guidance and help should be provided to offer the full context and explain how specific features operate. 5. User Data Transparency: Developers should be explicit about what the application does with user data. Inform users clearly and frequently, if possible, at predefined intervals, about the collection, usage and sharing of their data, especially in cases involving third-party providers (cf. Article 2). 5. User Feedback and Problem Reporting: Developers should establish a clear and accessible process for users to report problems, suggest improvements, or provide feedback on the application. This ensures ongoing improvement and responsiveness to user needs. Article 2: Data Protection and Privacy by Design 1. Designing Privacy-Sensitive Experiences: Privacy as a core consideration should be integrated into every phase of design of immersive technologies. Wherever feasible, data should be processed on-device to reduce dependence on cloud-based solutions and minimise exposure to security risks. 2. Respect for Bystanders: Developers should account for the rights to privacy and lawful personal data processing of bystanders who may be inadvertently captured or involved in the immersive experiences of others. Developers should take measures to protect bystanders’ privacy and make all reasonable efforts to inform them of any relevant impacts. 3. Empowerment Tools: Provide users with intuitive tools to manage their privacy settings and access to clear information about how their data is being used and shared. Information should be provided in multiple formats — such as audio, video, and at varying levels of language proficiency — to be comprehensible to the broadest range of users. 4. Respecting Data Rights: Respectusers’ rights to their personal data, including the right to access and delete their data. Developers should clearly indicate types of data (e.g., biometric data, sensitive personal data etc.) and the rights associated with each type. Article 3: Risk Management by Design 1. Risk Management and Communication: Developers should continuously and sufficiently assess and transparently mitigate risks related to data security, privacy breaches, and critical vulnerabilities in the immersive technology experience. Developers or Data Controllers should make users aware of whether and how their personal data and other data captured could be or has been misused or compromised. 2. Promote Sustainable Practices: Developers should promote sustainable practices in the design, development, and deployment of immersive experiences to minimise negative impacts and promote efficiency during the product lifecycle. 3. Risk of Obsolescence: Developers should make all reasonable efforts to extend the horizon of obsolescence to prolong and support schemes for repair, reuse, and recycling 4. Establishing and Adopting Standards Across Industries: Developers should use open and widely supported file formats and utilise metadata and annotate frameworks that enhance content discovery and accessibility. Developers should adopt and advance interoperability across platforms, systems, processes, workflows, and industries, including integration of existing and future standards. Article 4: Well-being By Design 1. Promote & Support Well-being: Developers should design immersive experiences that uphold the mental and physical well-being of users. Customisable (personalised) ergonomic design features should be built into the experience. This is to encourage users to engage in healthier behaviours and time management, such as taking breaks, limiting screen time, avoiding prolonged and/or uncomfortable physical actions, and maintaining awareness of their physical surroundings. 2. Safety Features: Developers should implement features that support user safety. This includes taking reasonable steps to mitigate potential risks associated with overuse, addiction, physical strain (e.g., visual discomfort, muscle or joint strain), or disembodiment. This could be supported by time and usage monitoring, combined with adaptive suggestions based on age, gender, or other characteristics. 3. Special Protections for Vulnerable Groups: Developers should include special considerations for children and other vulnerable persons[1] including those with limited digital proficiency, ensuring that immersive content is appropriate and fosters a safe and inclusive experience. [1] Directive 2013/33/EU defines vulnerable persons to include the following: “minors, unaccompanied minors, disabled people, elderly people, pregnant women, single parents with minor children, victims of trafficking in human beings, persons with serious illnesses, persons with mental disorders and persons who have been subjected to torture, rape or other serious forms of psychological, physical or sexual violence, such as victims of female genital mutilation” Article 5: Identity, personas and avatars 1. Identity, Persona & Avatar Ownership: Developers should ensure that users have control over relevant elements of their identities, personas and avatars to the extent feasible within the platform’s commercial operations. Users should be able to transfer their avatars across platforms. 2. Special Protections for Children and Other Vulnerable Groups: Developers should include specific safeguards to protect children and other vulnerable groups, ensuring that their online presence is secure and free from exploitation. 3. Prevention of Identity, Persona and Avatar Theft: Developers should implement robust security measures to protect users from identity, persona and avatar theft, including unauthorised use or replication of their personas and avatars. This includes mechanisms such as multi-factor authentication, secure user verification, and alerts for suspicious activity. Developers are encouraged to follow industry best practices for user protection to safeguard users against impersonation and misuse of their identities, personas and avatars. 4. Appropriate Avatar Customisation: User should have access to diverse and inclusive customisation options when creating their avatars allowing for diverse self-representation. Developers should implement safeguards to discourage the creation of avatars that may be harmful, offensive, or cause distress to others. This includes following standards for avatar customisation that discourage disturbing representations depending on context. Developers should offer avatar moderation tools, community policies, and reporting features that allow users to flag inappropriate avatars, triggering corrective action when necessary. Article 6: Shared Spaces 1. Community Guidelines: Developers should establish clear community guidelines for acceptable behaviour (such as refraining from profanities) within shared immersive spaces. These guidelines should be designed to promote respect, inclusivity, and safety for all participants. 2. Content Moderation: Developers should be responsible for implementing robust moderation tools that allow for the prevention and/or removal of abusive or harmful content in shared immersive environments. 3. Private and Public Spaces: Developers should design clear distinctions between private and public spaces within immersive environments, ensuring users understand the implications of engaging in each type of space. Users should have control over their level of visibility and interaction in shared environments. For example, developers should clearly communicate whether invisible observers or any form of recording are allowed and provide users with the option to opt out or adjust their settings accordingly. This transparency helps users make informed decisions about their participation and privacy in shared digital environments. 4. Transparency of Roles: Developers should clearly and frequently inform users regarding the entities and persons who have authority to make changes, moderate, or control the space, along with an accessible history of such actions. 5. Transparency of Experience: Developers should clearly and frequently communicate the differences in users’ experience, including but not limited to differences based on users’ access to devices (e.g., mobile, PC, HMDs, wearables, glasses and other devices such as trackers, gloves and suits) to ensure all participants are aware of the variations in affordances and experiences. 6. Transparency of Actions: Developers should ensure that actions that may be invisible to other users, such as recording or capturing screenshots, are clearly signalled to all users. 7. Transparency of Digitally Mediated Processes: Developers should always disclose any augmentations and alterations to users’ representations, such as avatars, animated expressions, filters, or voice modifications, to maintain users’ trust and awareness of the role played by digital mediation. 8. Transparency in Alteration of Bystanders, Personas and Avatars: Developers should take steps to disclose and ensure that any alteration or augmentation of bystander appearances, personas, or avatars is done with consent if no other legal basis applies. Any alteration or augmentation should be respectful of human dignity and sensitive to the identities of others, while ensuring mitigation of potential risks or threats. Article 7: Engagement with Non-Human Resources 1. Altering Physical Environments: Developers should engage with relevant stakeholders when altering properties of the physical environment through augmentation or digitalisation. These alterations should be respectful and sensitive to the social and cultural contexts of the objects and mitigate potential risks or threats (e.g., XR users and stakeholders present in the physical space). 2. Transparency & Traceability: Developers should provide mechanisms that allow users to easily distinguish between non-digital representations and digital creations such as human-driven entities and AI-driven entities, ensuring transparency in immersive environments. The transparent identification of AI agents as non-human entities and disclosing their purpose and capabilities should be provided. Additionally, developers should be able to trace the origins of digital assets and verify that the usage of digital assets in the virtual worlds does not violate the platforms’ terms and conditions. 3. Deployment of Socially-Interactive AI Agents: Developers should assess and address the impact of socially-interactive AI agents on end-users, promoting supportive, non-exploitative interactions that prioritise user well-being. This includes promoting sincere identity by providing clear and understandable communication to the user about the nature of digital identities they encounter – human-driven entities or AI-driven entities. Users should retain autonomy through explicit consent mechanisms and control over their interactions with AI-driven entities. Download as PDF Explore the Rating Repository