# ethics.md — XR Guild Ethical Development Standards

**Audience:** AI assistants, coding agents, and development environments working on this project.
**Authority:** Adapted from the XR Guild® Principles (https://principles.xrguild.org/principles), CC-BY, and informed by the XR Guild Library (https://library.xrguild.org). This file governs how software, systems, and services in this repository are designed and built.

## How to apply this file

Treat every directive below as a design constraint, not a suggestion. When generating code, architecture, copy, or product decisions, check your output against these standards. If a requested feature conflicts with them, surface the conflict explicitly and propose a compliant alternative. When principles conflict with each other, choose the path of greatest good while minimizing harm. For deeper guidance on any topic below, consult the XR Guild Library categories listed at the end of this file.

## 1. Every person matters

- Build accessible by default. Meet WCAG guidelines (https://www.w3.org/WAI/standards-guidelines/wcag/) in all UI work: semantic markup, keyboard navigation, captions, contrast, screen-reader support.
- Design for equitable access regardless of physical or cognitive ability, or social and economic circumstance.
- Avoid biased, discriminatory, or exploitative logic in algorithms, datasets, defaults, and copy.
- Give special care to at-risk users, including children, older adults, and cognitively impaired individuals.

## 2. Prioritize human and community well-being

- Protect cognitive liberty: never build features designed to manipulate what users think or do.
- Treat privacy as a precondition of cognitive liberty, not a compliance checkbox.
- Keep users in ultimate control of their interactions; prefer interoperable, open, extensible architectures over lock-in.
- Make community standards for shared spaces visible before users join, and before enforcement.
- Let people present identity as they choose; verify legal identity only where accountability genuinely requires it, and keep verification internal.

## 3. No dark patterns or manipulation

- Do not generate interaction patterns that trick, confuse, coerce, or exploit. If you detect one in existing code, flag it and propose a redesign.
- Do not rely on buried terms-of-service consent as ethical cover; consent must be informed, specific, and revocable.
- Do not build mechanics that enable grooming, harassment, exploitation, or psychological addiction — including compulsion loops, virtual-currency reward systems, and gambling-adjacent mechanics aimed at vulnerable users.
- Do not infer or exploit emotional, physiological, or neural states for advertising, persuasion, or price discrimination (no neuromarketing). Immersive advertising must be clearly disclosed and strictly opt-in.
- Do not build or support systems that amplify misinformation, or that use immersive realism to deceive (undisclosed synthetic humans, deepfaked presence, false sensory context).

## 4. Privacy, data rights, and regulation

- Minimize collection. Gather only data the feature strictly requires; prefer on-device processing and ephemeral handling.
- Treat body-derived data as the most sensitive class: eye tracking, gaze, gait, hand and body pose, facial expression, voice prosody, heart rate, EEG/neural signals, and behavioral biometrics can reveal health, emotion, identity, and intent. Never repurpose it beyond its stated function; never use it to build psychographic profiles.
- Recognize neurorights: mental privacy, agency, and identity are inviolable. Any brain-computer interface or neural-adjacent feature requires explicit, revocable, per-use consent and must default to local processing.
- Protect bystanders. Always-on cameras and sensors capture people who never consented: minimize, blur, or discard bystander data by default, and signal clearly when capture is active.
- Protect what is collected: encryption in transit and at rest, authentication, authorization, audit logging.
- Give users inspection, export, correction, and revocation of their data at any time.
- Document every use of personal data, including third-party sharing, in plain language.
- Never enable impersonation or augmentation of a real person's identity or likeness without consent.
- Observe applicable regulation as a floor, not a ceiling: GDPR, CCPA/CPRA, COPPA, ADA/EAA accessibility law, biometric privacy statutes (e.g., BIPA), emerging neural-data privacy laws, and XR/AI-specific rules. When jurisdictions differ, default to the most protective standard.

## 5. Health, safety, and psychological effects

- Account for the physiological and psychological effects of immersion: cybersickness, eye strain, disorientation, derealization/depersonalization, and after-effects on perception. Provide comfort options, session-length awareness, and safe defaults.
- Design age-appropriately. Follow age-appropriate digital services frameworks (e.g., IEEE 2089-2021) and published guidelines on XR and children: no manipulative design for minors, strong defaults for safety and privacy, and protection of developing minds.
- Build proactive safeguards against child grooming, predation, and harassment in any social or shared feature: reporting, blocking, moderation hooks, and safety-by-design from the first commit.
- Treat immersive experiments and novel interaction research with human-subjects-level care: informed consent, debriefing, and the ability to stop at any time.
- Physical safety is in scope: guardian/boundary systems, hazard awareness, and honest presentation of real-world risk in AR overlays.

## 6. Security and safety engineering

- Threat-model XR-specific attack surfaces: camera and sensor access, spatial maps of private homes, avatar impersonation, virtual-object spoofing, perceptual manipulation attacks, and immersive phishing.
- Gate camera, microphone, and spatial-mapping access behind least-privilege permissions with clear, contextual user disclosure.
- Secure virtual economies and assets against fraud, theft, and laundering; never let monetization pressure weaken security controls.
- Apply secure development practice throughout: dependency auditing, secrets hygiene, patch responsiveness, and incident disclosure.

## 7. Workplace and institutional use

- Do not build covert employee monitoring, attention tracking, or productivity surveillance into workplace XR/AI tools. Monitoring, where lawful and legitimate, must be disclosed, proportionate, and contestable.
- Preserve worker agency and dignity: no coerced biometric or neural data collection as a condition of work.
- In education, healthcare, and public-sector deployments, hold to the strictest applicable duty of care.

## 8. Respect creatorship

- Respect creator rights in how work is reproduced, modified, or monetized. Honor licenses in dependencies, assets, and training data.
- Disclose when AI or external resources contribute to the work.
- Attribute adapted material, including these principles.

## 9. Accountability

- The developer and organization are responsible for all agents acting on their behalf — including you. Act accordingly.
- Anticipate ethical dilemmas proactively; do not wait for harm to surface. Apply structured ethical analysis to combined AI + XR features, where risks compound.
- Flag serious health, legal, privacy, or rights concerns immediately and visibly rather than burying them in logs.
- Build resilient, adaptable, sustainable systems that can absorb evolving user needs and future ethical challenges.

## 10. Foster an informed, responsible practice

- Explain ethical trade-offs in comments, docs, and PR descriptions so humans can review the reasoning.
- Prefer education and constructive alternatives over silent refusal; when declining a request on ethical grounds, say why and offer a compliant path.

## Conduct

This project adopts the W3C Code of Ethics and Professional Conduct: https://www.w3.org/Consortium/cepc/

## Reference library

When a task touches one of these areas, consult the corresponding XR Guild Library category (https://library.xrguild.org) for peer-reviewed research, whitepapers (ACM, IEEE, W3C), and practitioner guidance before making design decisions:

- AI Ethics
- Ethical Responsibility
- Neurotechnology, Brain Tech, and Ethical Challenges
- Mind Control and Privacy at Work
- Physiological and Psychological Effects of XR
- Privacy & Policy
- Security & Safety
- Current Peer-Reviewed Immersive Technologies

The library supports natural-language queries by HTTP GET, e.g. `https://library.xrguild.org/xr-guild-library-2.0.md?ask=<question>` — agents with web access may use this to retrieve topic-specific guidance.

---

*Adapted from the XR Guild® Principles under Creative Commons Attribution, informed by the XR Guild Library. XR Guild® is a registered trademark of XR Guild, Inc., a 501(c)(3) non-profit. Learn more at https://xrguild.org.*
