Developer notes · May 2026

AI, data & ethics — how I map it to engineering work

Single-page notes on the data lifecycle, familiar ethics pillars, EU AI Act / GDPR / NIST / ISO frames (as engineers actually use them), controls, eval habits, and checklists. I reach for this in design reviews—not as legal advice, but so “ethics” becomes tickets and tests instead of a vague slide.

Linh Truong, MA (Harvard), MBA · LinhTruong.com · Linh@Alumni.Harvard.edu

Source: if you redistribute this file, link LinhTruong.com so the copy people get still shows authorship.

For: software / ML / platform engineers Spans: data → model → deploy → governance Revised: May 2026

1. Opening summary

For me, ethics stopped being “someone else’s slide deck” once it collided with audits, DPIAs, and release gates. Regulators can pursue serious penalties under frameworks like the EU AI Act; GDPR still bites on sloppy data handling; buyers ask for model cards; a bad launch is a trust problem, not just a metric blip. What follows is the map I use: controls, lifecycle, architecture sketches, and checklists—so “responsible AI” shows up as code and reviews, not vibes.

Risk

Non-compliant systems face fines, takedowns, and reputational harm.

Trust

Documented provenance and evaluation are now a procurement requirement.

Quality

When fairness, safety, and drift get the same care as latency, I see fewer ugly surprises after launch.

Velocity

Reusable guardrails accelerate, not slow, future releases.

2. Why Data Ethics Matters for Engineers

Software engineers are the last mile of ethical AI. Policies become real only when expressed as code: data filters, eval gates, RBAC rules, audit logs, content-safety checks, retention jobs, and rollback triggers. Treat ethics as a non-functional requirement on equal footing with availability, latency, and security.

Engineer-Owned Concerns

  • Data collection & consent surfaces
  • PII handling, masking, retention
  • Bias evaluation in CI/CD
  • Prompt-injection and jailbreak defenses
  • Model and data lineage
  • Logging, audit, and right-to-explanation APIs

Shared with Product/Legal

  • Lawful basis for processing
  • Risk classification (EU AI Act)
  • Disclosure / labeling decisions
  • DPIAs & algorithmic impact assessments
  • Human-oversight UX patterns

Owned by Org/Governance

  • AI policy & ISO/IEC 42001 program
  • Vendor due diligence
  • Acceptable-use policies
  • Regulator notifications
  • Incident disclosure

3. The Six Pillars of AI Ethics

OECD, UNESCO, NIST, and EU High-Level Expert Group language mostly lines up on six themes. I use them as a rubric when I'm sanity-checking a system—not as a substitute for your counsel's risk tiering.

Six Pillars of Trustworthy AI Engineering-actionable framing aligned with NIST AI RMF & EU AI Act Fairness Bias audits Subgroup metrics Balanced datasets Counterfactual tests non-discrimination Privacy Data minimization Differential privacy PII redaction Consent & retention GDPR/CCPA aligned Transparency Model cards Datasheets Provenance / C2PA AI-output labeling explainable, disclosed Accountability RACI roles Audit logs Versioned lineage Right to redress traceable decisions Safety & Security Adversarial testing Prompt-injection guards Sandboxed tools Red-team gates robust under attack Human Agency HITL workflows Override controls Contestability Meaningful consent people stay in control
Figure 1. Six engineering-actionable pillars of trustworthy AI.

4. The AI Data Lifecycle — Where Ethics Lives

Ethical risk is introduced — and must be mitigated — at every stage of the pipeline. The diagram below maps the eight canonical stages with the controls a software engineer is expected to implement at each.

AI Data Lifecycle & Embedded Ethical Controls 1. Problem Framing Risk class · Affected groups · Avoidable use 2. Data Collection Lawful basis · Consent · Source vetting 3. Curation & Labeling Bias audits · Inter-annotator agreement 4. Training DP · Poisoning checks · Carbon tracking 8. Decommission Deletion · Unlearning · Archive lineage 7. Monitoring Drift · Fairness telemetry · Incidents 6. Deployment Guardrails · Disclosure · Rate limits 5. Evaluation Bench · Red team · Subgroup eval Continuous: Governance, Documentation, Audit Model Cards · Datasheets · DPIA · Risk Register ISO/IEC 42001 · NIST AI RMF · EU AI Act dossiers
Figure 2. The eight-stage AI data lifecycle. Ethics is enforced as code at every stage; governance wraps the loop.

Stage-by-stage engineering controls

StageRiskEngineering control
1. FramingSolving the wrong problem; harmful use caseAlgorithmic Impact Assessment (AIA); proportionality review; “should we build it?” memo
2. CollectionUnlawful, biased, or non-consensual sourcingSource whitelist; consent capture; robots.txt & ToS check; provenance signatures (C2PA)
3. LabelingAnnotator bias; harmful labor practicesAnnotator guidelines; agreement metrics (Krippendorff α); fair-pay attestation
4. TrainingMemorization of PII; poisoningDe-duplication; PII scrubbing; differential privacy; checkpoint signing
5. EvaluationHidden subgroup failuresDisaggregated metrics; red-teaming; jailbreak suites; capability evals
6. DeploymentMisuse, hallucination, prompt injectionSystem-prompt hardening; output filters; rate limits; user-visible disclosure
7. MonitoringDrift, regression, emerging harmsProduction fairness dashboards; user-feedback loop; incident hotline
8. DecommissionStale models causing harm; retention violationsSunset policy; deletion / unlearning workflows; archive of lineage

5. Reference Architecture (Engineering Stack)

The following stack is what most regulated AI products look like in 2026. Each layer pairs a capability with the controls that make it ethical and auditable.

Ethical AI Reference Architecture Eight horizontal layers · governance & observability run vertically User & Consent Consent capture · Disclosure UI · Opt-out · Contestability surfaces Application Feature flags · A/B with fairness gates · HITL overrides · UX for explanations Guardrails Input filters · Output safety · Prompt-injection defense · Tool allowlists · PII redaction Model Serving Versioned weights · Signed artifacts · Canary rollouts · Eval gates in CI/CD Training & Fine-Tune Reproducible runs · DP-SGD · Bias mitigation · Carbon & cost tracking Data Platform Catalog · Lineage · RBAC/ABAC · Encryption · PII tags · Retention & deletion jobs Sources First-party · Licensed · Open · Synthetic · Provenance signatures (C2PA) Infrastructure Region pinning · KMS · Confidential compute · Secrets · SBOM & supply-chain scans Governance AI Act GDPR ISO 42001 NIST RMF Model Cards DPIA Risk Reg. Audit Log Vendor DD Policy Observability · SLOs · Drift · Fairness · Incidents
Figure 3. Reference architecture. Governance and observability are cross-cutting concerns, not afterthoughts.

6. Regulatory Landscape (2026)

Multiple regimes now apply concurrently. Engineers do not need to be lawyers, but must know which controls satisfy which regime so technical decisions don't undo legal posture.

RegulationScopeStatus (May 2026)Engineer-facing requirements
EU AI ActRisk-tiered AI systems sold/used in EUIn force; high-risk obligations apply from Aug 2026; GPAI obligations activeRisk classification, technical docs (Annex IV), logging, human oversight, post-market monitoring, conformity assessment
GDPRPersonal data of EU residentsIn forceLawful basis, DPIA, data minimization, Art. 22 automated-decision rights, deletion/portability
NIST AI RMF 1.0US guidance, gov & contractorsVoluntary, widely adoptedMap · Measure · Manage · Govern functions
ISO/IEC 42001AI management system standardCertification trackAIMS policies, controls, internal audit, continual improvement
ISO/IEC 23894AI risk management guidanceReferenceRisk identification, treatment, monitoring
Colorado AI Act / NYC LL144US state & municipal AI lawsIn forceBias audits, candidate notice, impact assessments
UK AI Bill (2026)UK domestic regimeSectoral guidance from regulatorsTransparency, safety testing for frontier models
HIPAA / FDA SaMDUS health AIIn forceValidation, change-control, predetermined change-control plans (PCCP)
EU AI Act risk tiers (engineer mental model): Prohibited social scoring, manipulative AI, certain biometric uses · High-risk employment, credit, education, critical infra, law enforcement · Limited risk chatbots, deepfakes — disclosure required · Minimal spam filters, game NPCs.

7. Bias, Fairness & Representation

Bias is rarely a single bug. It is the cumulative effect of which data was collected, who labeled it, what objective was optimized, and who used the output. Engineers must measure it explicitly — disaggregated metrics, not aggregate accuracy.

Common fairness definitions

  • Demographic parity: P(ŷ=1|A=a) equal across groups
  • Equalized odds: equal TPR & FPR across groups
  • Equal opportunity: equal TPR across groups
  • Calibration: predicted probabilities match observed outcomes per group
  • Counterfactual fairness: output unchanged if protected attribute is flipped

No single metric satisfies all definitions simultaneously — choose deliberately and document the trade-off.

Mitigation patterns

  • Pre-processing: re-weighting, re-sampling, representative collection
  • In-processing: fairness constraints, adversarial debiasing
  • Post-processing: threshold tuning per group, reject-option classification
  • Generative-AI specific: prompt scaffolding, RLHF on diverse raters, refusal calibration
# Disaggregated evaluation skeleton (illustrative)
for group in df["protected_attr"].unique():
    sub = df[df["protected_attr"] == group]
    metrics[group] = {
        "n": len(sub),
        "accuracy": accuracy(sub.y_true, sub.y_pred),
        "tpr": recall_score(sub.y_true, sub.y_pred),
        "fpr": false_positive_rate(sub.y_true, sub.y_pred),
        "calibration_ece": expected_calibration_error(sub.y_true, sub.y_prob),
    }
assert max_gap(metrics, "tpr") < 0.05, "TPR disparity exceeds threshold"

8. Privacy & Data Protection

Foundational principles (GDPR-aligned)

  1. Lawfulness, fairness, transparency
  2. Purpose limitation
  3. Data minimization
  4. Accuracy
  5. Storage limitation
  6. Integrity & confidentiality
  7. Accountability

Engineering techniques

  • PII detection & redaction at ingestion (regex + NER + classifier)
  • Tokenization / pseudonymization with key separation
  • Differential privacy (DP-SGD, output noise) for training and analytics
  • Federated learning for on-device training
  • Confidential compute (TEEs) for sensitive workloads
  • Right-to-be-forgotten: deletion + machine unlearning roadmap
  • Retention jobs tied to data classification
Engineer rule of thumb: If you can't articulate the lawful basis and retention period for a dataset in one sentence, you should not be training on it yet.

9. Security & Adversarial Robustness

AI systems inherit classical software risk and add a new attack surface (model behavior). Map your threats with frameworks like MITRE ATLAS and the OWASP Top 10 for LLM Applications.

ThreatWhere it hitsMitigation
Prompt injection (direct & indirect)LLM input from users / retrieved docsContent provenance tagging, instruction-isolation, allowlisted tools, output validation
Training-data poisoningCrawled or third-party corporaSource vetting, anomaly detection, signed datasets, dedup & canaries
Model extraction / theftPublic APIsRate limits, watermarking, query budgets, auth
Membership inferenceModels trained on PIIDP-SGD, regularization, output perturbation
JailbreaksAligned modelsSystem-prompt hardening, classifier ensembles, refusal training, red-team CI
Tool/agent abuseAutonomous agentsCapability tokens, human approval for high-impact actions, sandboxing
Supply-chainModels/weights from hubsSBOM, hash pinning, provenance attestations (SLSA, Sigstore)

10. Transparency, Explainability & Provenance

Model Cards

Short, structured documentation of intended use, limits, evaluation, and ethical considerations.

Datasheets for Datasets

Source, collection method, motivation, composition, preprocessing, distribution.

C2PA & Content Credentials

Cryptographic provenance for generated media; required for many EU "limited-risk" disclosure cases.

Explainability

Feature attributions (SHAP, IG), example-based (influence functions), surrogate models, chain-of-thought traces (with care).

Right to explanation

Article 22 GDPR & AI Act: meaningful info about logic, significance, consequences.

Audit trails

Append-only logs: model version, prompt, context, output, user, override, justification.

11. Human Oversight & Human-in-the-Loop

The EU AI Act mandates "effective human oversight" for high-risk systems. That is concrete: a person must be able to interpret the output, override it, and stop the system.

Design the override path first. If a reviewer cannot disagree easily, the oversight is theatre.

12. Governance & Documentation Artifacts

ArtifactPurposeOwnerTrigger
AI Use-Case Intake FormCapture purpose, data, risk classProduct + EngineeringNew AI feature proposed
Algorithmic Impact AssessmentIdentify affected populations & harmsEthics/Policy + EngBefore training
DPIAPrivacy risk analysisDPO + EngPersonal data involved
DatasheetDocument datasetData EngPer dataset version
Model CardDocument modelML EngPer model release
Risk RegisterTrack top risks & statusAI GovernanceContinuous
Annex IV Tech FileEU AI Act conformity dossierEng Lead + LegalHigh-risk systems
Post-market Monitoring PlanDetect & respond to harmsSRE + ML OpsAt launch

13. Implementation Strategy

13.1 Operating model (lightweight RACI)

ActivityEngineerML LeadProductLegal/DPOAI Governance
Risk classificationCCRAC
Dataset approvalRACCI
Model cardCR/ACII
Bias evaluationRACIC
Production guardrailsR/ACCII
Incident responseRCCCA

13.2 12-month rollout roadmap

Phased Adoption Roadmap Phase 1 · Q1 Baseline · Inventory Policy · Risk register Phase 2 · Q2 Data platform controls PII · Lineage · RBAC Phase 3 · Q3 Eval & guardrails in CI Model cards · Red team Phase 4 · Q4 Audit · Certification ISO 42001 · Continuous improvement AI inventory · gap analysis Catalog · lineage · access CI gates · documentation External audit · publish
Figure 4. Four-phase rollout from inventory to certification.

14. Metrics, Evaluation & KPIs

Capability & quality

  • Task accuracy, F1, BLEU/ROUGE — by subgroup
  • Calibration (ECE) — by subgroup
  • Hallucination rate & faithfulness (RAG: groundedness)
  • Latency p50/p95 and cost per request

Safety & ethics

  • Toxicity / harmful-content rate (per category)
  • Refusal precision & over-refusal rate
  • Jailbreak success rate against red-team suite
  • PII leak rate (canary & memorization probes)
  • Fairness disparity (TPR/FPR gap, calibration gap)
  • Override / appeal rate — and resolution time

Operational

  • Coverage of model cards & datasheets (%)
  • Time to remediate a flagged incident
  • Drift detection lead time
  • % of changes passing automated ethics gates

Governance

  • Risk register currency (≤30 days)
  • DPIA / AIA completion before launch
  • Vendor due-diligence coverage
  • Audit findings closed on time

15. Engineer's Pre-Production Checklist

Data
  • [ ] Lawful basis recorded; consent stored where required
  • [ ] Source license/ToS reviewed (no robots.txt or ToS violations)
  • [ ] PII detected, classified, masked, or removed
  • [ ] Dataset version pinned; hash recorded; datasheet committed
  • [ ] Bias audit run; subgroup coverage documented
Model
  • [ ] Reproducible training run (config + seeds + commit pinned)
  • [ ] Eval suite includes fairness, safety, and capability — disaggregated
  • [ ] Red-team / jailbreak suite passed (or risks accepted & mitigated)
  • [ ] Model card published; intended use & out-of-scope use stated
  • [ ] Weights signed; provenance attestation produced
Deployment
  • [ ] System prompts hardened; tool allowlist explicit
  • [ ] Output guardrails (toxicity, PII, secrets) enabled
  • [ ] AI-generated content disclosed in UX (where applicable)
  • [ ] Rate limits, auth, abuse signals in place
  • [ ] Human override path documented & tested
Operations
  • [ ] Telemetry: usage, errors, drift, fairness, refusal rates
  • [ ] On-call runbook for AI-specific incidents
  • [ ] Feedback & appeal channel exposed to users
  • [ ] Sunset date or review date set
  • [ ] Deletion / retention jobs configured & tested

16. Incident Response & Red-Teaming

AI incidents differ from classic outages: nothing is broken, the system is just wrong, harmful, or unsafe. Build an AI-specific IR playbook.

  1. Detect — user reports, drift alarms, content-safety spikes, regulator inquiries
  2. Triage — severity by reach × harm × reversibility
  3. Contain — feature flag off, route to fallback, downgrade model, throttle
  4. Eradicate — patch prompt, retrain, retire dataset
  5. Recover — canary, monitor, re-enable
  6. Learn — post-mortem with ethics lens; add to red-team suite; update model card
Red-team continuously. A jailbreak that worked last quarter will be tried again next quarter. Maintain a versioned adversarial suite that runs on every model release.

17. Tooling Cheat Sheet (illustrative, not exhaustive)

NeedOpen-source / standardsNotes
Fairness metricsFairlearn, AIF360, What-If ToolUse disaggregated metrics, not a single number
ExplainabilitySHAP, Captum, InterpretMLMatch technique to model class & audience
PrivacyOpacus (DP-SGD), TensorFlow Privacy, Presidio (PII)Validate ε budget & downstream utility
Eval frameworkslm-eval-harness, HELM, BIG-bench, InspectAdd internal red-team suite
GuardrailsNeMo Guardrails, Guardrails AI, LLM GuardDefense-in-depth, not single-layer
ProvenanceC2PA, Sigstore, SLSASign artifacts and content
Lineage / catalogOpenLineage, DataHub, Unity CatalogRequired for "explain why" requests
Risk & governanceNIST AI RMF Playbook, ISO/IEC 42001 controlsMap controls to existing SOC2/ISO 27001

18. References & Further Reading

Diagrams and narrative in §1–§17 are my synthesis for engineering readers; §18 lists primary standards and papers to verify details. Author: Linh Truong · LinhTruong.com.

Educational engineering reference only—not legal, compliance, or security advice for your jurisdiction. Check current legal texts and qualified counsel before you rely on penalty figures or risk labels in production decisions.

© 2026 Linh Truong · Single-file HTML · print-friendly

About the author

Linh Truong, MA (Harvard), MBA
Linh@Alumni.Harvard.edu
LinhTruong.com

Penalty amounts and regulatory summaries here are abbreviated; always read the official instrument and your local implementation.