Last Updated on November 11, 2025 by Narendra Sahoo
Building a great app used to be quite simple. Get a good team together, come up with exciting features, write the code, and get it out the door as fast as possible. All you needed was to make sure your product met user expectations, as well as compliance requirements like data protection, security, and privacy.
The ethical stuff? That was often just a nice-to-have and maybe something for your legal team to check off. But those days are far gone.
If your company creates software solutions and you’re still treating ethical tech design as a secondary concern, or maybe something to boost your company’s PR status, you may soon find yourself at the wrong end of the stick. Why? Because regulators, users, and even investors are paying more attention than ever.
After all, as the University of York succinctly puts it, software can change the way people think and act, so having a strong ethical core is important. This means ethics can no longer be an afterthought. It has to become a non-negotiable part of compliance.
In this article, we’ll discuss why ethical tech design isn’t just “nice to have” anymore, but, rather, should be woven into compliance requirements.
The Expanding Scope of Regulatory Oversight
Online services have become an integral part of everyday life. Whether it’s the app on your phone, software that runs on a computer, or online platforms like Facebook and TikTok, these tools now influence how we work, socialize, and even think. And with that influence comes responsibility and risk.
Take Facebook, for example. It has about 2.9 billion monthly active users. That’s more than 35% of the world’s population visiting every month. And guess what? These people are open to a myriad of risks ranging from privacy concerns to faulty algorithms, misinformation, and even mental health concerns.
In fact, people who experience the worst of mental health problems are filing a Facebook lawsuit to seek justice.
According to TorHoerman Law, this lawsuit will hold social media companies accountable for designing apps that keep young people hooked in ways that hurt their mental health.
But it doesn’t end with the courts. Regulatory organizations are also taking note.
In the EU, for example, the GDPR has long since taken a strong stance on ‘dark patterns’, those sneaky design tricks that manipulate people into signing up for things they don’t want.
The FTC in the U.S. is also taking these things seriously. They, too, have been actively calling out deceptive designs, even fining Fortnite developer, Epic Games $520 million in 2022.
Even now, laws and frameworks are emerging to address both the security and ethical dimensions of technology.
One such framework is the EU AI Act. This act addresses the risk associated with artificial intelligence and recommends both security and ethical requirements to ensure that things don’t get out of hand.
Another is the “ethics-by-Design” approach, which is rapidly gaining traction. Promoted by the European Commission and research groups, it talks about embedding ethical considerations directly into the technology design process. The idea is simple: think about potential harms and user well-being from day one, instead of trying to patch issues after launch.
These frameworks show how regulatory oversight is expanding beyond data privacy and security to helping build technology that’s responsible and actually good for people, right from the start.
Why Ethical Design Reduces Regulatory Risk
You might think that ethical design won’t act as a shield against regulatory trouble, but the truth is that building ethically can actually be the ultimate form of risk mitigation. It can save you from costly and messy lawsuits, embarrassing post-launch patches, millions in fines, and a damaged reputation.
But how do you know whether or not your product checks the list for ethical design? Here’s how:
- Users feel tricked or misled when making a decision on your app.
- Your product uses a deceptive design to influence users to give out information they wouldn’t otherwise give. Turns out about 97% of websites and apps do this, according to a review of 1,000 online services by Canadian privacy regulators.
- Your product is addictive in a way that causes harm.
- You require more steps to opt out than to opt in.
- Users need to pass through hoops to do something as simple as deleting their account.
If you address these issues early, you’re not just being responsible, you’ll also avoid problems with regulators while keeping your products user-friendly.
The Role of Governance and Leadership: Setting the Tone for Ethical Design
For ethical tech design to work, it has to start from the very top and flow down to every part of the production ecosystem. Legal, product teams, engineering, and more, everyone needs to care, but leadership has to set the tone.
This is where the C-suite comes in. Leaders have to be vocal about ethics, admit mistakes, and even reward responsible choices. When leaders obviously show that doing the right thing matters, everyone else takes note.
And the truth is that at the end of the day, everyone wins. Users win with a product that’s safe and trustworthy. The business wins with increased user loyalty because, according to PwC, consumers now prefer to do business with brands whose values align with theirs. Clearly, making ethics a core part of how you build isn’t just good practice. It’s good business, too.
Embedding Ethical Review in Product Development
Making ethics a part of your production process is easier than you think.
Start by adding an “ethics review” to your product development lifecycle. It doesn’t have to be complicated. Just ask questions during planning or iterations. Could this feature harm someone? Could it be misused? Answering these questions will help you decide what to take out and what to leave in.
It’s best not to leave this to the last stage. Fixing ethical flaws late can be very expensive. It may even be as expensive as fixing bugs in the testing stage, which is 15 times more expensive than in the early stage, according to IBM. So, the earlier you catch them, the better.
You should also encourage cross-team collaboration. This is not a job for the design team or coders alone. Get product teams, data scientists, legal, compliance, and even test users involved. Different perspectives will help you spot risks you might miss otherwise.
Final Thoughts
Putting ethical tech design first, just as you do with compliance requirements, isn’t just about checking a box. It’s about building trust, value, and competitive advantage.
In a world where consumers are becoming increasingly concerned about the effects of the online services they use, doing this can help your product stand out.
It also puts your business on solid ground for the future as regulators begin paying closer attention to how software products are built and used.
Narendra Sahoo (PCI QPA, PCI QSA, PCI SSF ASSESSOR, CISSP, CISA, CRISC, 27001 LA) is the Founder and Director of VISTA InfoSec, a global Information Security Consulting firm, based in the US, Singapore & India. Mr. Sahoo holds more than 25 years of experience in the IT Industry, with expertise in Information Risk Consulting, Assessment, & Compliance services. VISTA InfoSec specializes in Information Security audit, consulting and certification services which include GDPR, HIPAA, CCPA, NESA, MAS-TRM, PCI DSS Compliance & Audit, PCI PIN, SOC2 Compliance & Audit, PDPA, PDPB to name a few. The company has for years (since 2004) worked with organizations across the globe to address the Regulatory and Information Security challenges in their industry. VISTA InfoSec has been instrumental in helping top multinational companies achieve compliance and secure their IT infrastructure.
