Digital Ethics & AI Policy
Assesses whether the organization has a forward-looking policy on the ethical use of digital technologies, data analytics, and Artificial Intelligence (AI) to ensure fairness, transparency, and prevent bias. This includes defining the scope of 'digital ethics' to cover targeted fundraising/advertising, profiling, recommender systems, biometric analytics, and design practices that may manipulate behaviour (dark patterns), ensuring moral implications are addressed alongside data protection.
| Metric | Digital Ethics Composite Score |
|---|---|
| Target | 100% on all compliance metrics |
| Frequency | Quarterly |
| Method | Average of: 1. % AI systems in Register; 2. % High-risk systems with DPIA; 3. Bias audit completion rate; 4. Staff training completion rate. |
| Unit | Percentage |
Level 1: Initial/Ad-hoc
Awareness of digital ethical issues is informal and inconsistent. There is no documented policy, and decisions are made on an ad-hoc basis, primarily driven by immediate technical or legal needs rather than ethical considerations.
Level 2: Developing
A basic policy exists, but it is primarily focused on data protection and privacy compliance. It lacks specific guidance on the ethical implications of AI, algorithmic bias, or data analytics. No formal AI register exists.
Level 3: Established
A formal Digital Ethics & AI Policy is established. An AI & Analytics Register is maintained with basic risk tiering. Staff in relevant roles have received initial training. Initial DPIA templates are adopted.
Level 4: Advanced
The policy is actively implemented. All high-risk systems undergo DPIA and AI Impact Assessments before launch. Bias tests are documented, and vendor due diligence is standardized. An ethics committee conducts regular reviews.
Level 5: Optimizing
The organization is a thought leader, proactively shaping its digital ecosystem based on Islamic ethical principles (`ʿAdl`, `Iḥsān`). It publishes annual transparency reports, obtains external assurance on high-risk AI, and contributes to public discourse.
Organisation Types
By Organisation Size
| Size | Applicability | Notes |
|---|---|---|
| Micro | exempt | Disproportionate; micro charities do not use complex automated decision-making, profiling, or bespoke AI systems. |
| Small | exempt | Disproportionate; highly unlikely to engage in automated profiling or high-risk AI use cases requiring formal registers. |
| Medium | optional | Nice-to-have for basic AI tool usage (e.g., generative AI guidelines), but formal AI registers and algorithm logs are generally overkill. |
| Large | partial | Requires an AI policy and DPIAs for automated profiling (e.g., fundraising analytics), but algorithm change logs may not apply if only using standard SaaS. |
| Major | full | Fully applicable due to the scale of data processing, automated profiling, and potential custom AI deployments. |
Applicable When
- The organization uses any form of digital technology or data analytics in its operations.
- The organization collects, processes, or stores any personal data.
- The organization uses automated decision-making processes.
- The organization engages with stakeholders online or digitally.
Not Applicable When
- The organization operates entirely offline with no digital footprint and collects no data whatsoever.
Related Criteria
Discussion (1)
📋 **Version updated: 1.0.0 → 2.9.7** **Changes:** Updated islamic_references from mizan-297.json
Sign in to post a comment.