Home > Code Of Ethics

ACM Code of Ethics and

Professional Conduct

ACM Code of Ethics and Professional Conduct

Preamble
Computing professionals' actions change the world. To act responsibly, they should reflect
upon the wider impacts of their work, consistently supporting the public good. The ACM
Code of Ethics and Professional Conduct ("the Code") expresses the conscience of the
profession.

The Code is designed to inspire and guide the ethical conduct of all computing
professionals, including current and aspiring practitioners, instructors, students, influencers,
and anyone who uses computing technology in an impactful way. Additionally, the Code
serves as a basis for remediation when violations occur. The Code includes principles
formulated as statements of responsibility, based on the understanding that the public good
is always the primary consideration. Each principle is supplemented by guidelines, which
provide explanations to assist computing professionals in understanding and applying the
principle.

Section 1 outlines fundamental ethical principles that form the basis for the remainder of the
Code. Section 2 addresses additional, more specific considerations of professional
responsibility. Section 3 guides individuals who have a leadership role, whether in the
workplace or in a volunteer professional capacity. Commitment to ethical conduct is required
of every ACM member, ACM SIG member, ACM award recipient, and ACM SIG award
recipient. Principles involving compliance with the Code are given in Section 4.

The Code as a whole is concerned with how fundamental ethical principles apply to a
computing professional's conduct. The Code is not an algorithm for solving ethical problems;
rather it serves as a basis for ethical decision-making. When thinking through a particular
issue, a computing professional may find that multiple principles should be taken into
account, and that different principles will have different relevance to the issue. Questions
related to these kinds of issues can best be answered by thoughtful consideration of the
fundamental ethical principles, understanding that the public good is the paramount
consideration. The entire computing profession benefits when the ethical decision-making
process is accountable to and transparent to all stakeholders. Open discussions about
ethical issues promote this accountability and transparency.

1. GENERAL ETHICAL PRINCIPLES.

A computing professional should...
1.1 Contribute to society and to human well-being,
acknowledging that all people are stakeholders in computing.
This principle, which concerns the quality of life of all people, affirms an obligation of
computing professionals, both individually and collectively, to use their skills for the benefit
of society, its members, and the environment surrounding them. This obligation includes
promoting fundamental human rights and protecting each individual's right to autonomy. An
essential aim of computing professionals is to minimize negative consequences of
computing, including threats to health, safety, personal security, and privacy. When the
interests of multiple groups conflict, the needs of those less advantaged should be given
increased attention and priority.

Computing professionals should consider whether the results of their efforts will respect
diversity, will be used in socially responsible ways, will meet social needs, and will be broadly
accessible. They are encouraged to actively contribute to society by engaging in pro bono or
volunteer work that benefits the public good.

In addition to a safe social environment, human well-being requires a safe natural

environment. Therefore, computing professionals should promote environmental
sustainability both locally and globally.

1.2 Avoid harm.

In this document, "harm" means negative consequences, especially when those
consequences are significant and unjust. Examples of harm include unjustified physical or
mental injury, unjustified destruction or disclosure of information, and unjustified damage to
property, reputation, and the environment. This list is not exhaustive.

Well-intended actions, including those that accomplish assigned duties, may lead to harm.
When that harm is unintended, those responsible are obliged to undo or mitigate the harm as
much as possible. Avoiding harm begins with careful consideration of potential impacts on
all those affected by decisions. When harm is an intentional part of the system, those
responsible are obligated to ensure that the harm is ethically justified. In either case, ensure
that all harm is minimized.

To minimize the possibility of indirectly or unintentionally harming others, computing

professionals should follow generally accepted best practices unless there is a compelling
ethical reason to do otherwise. Additionally, the consequences of data aggregation and
emergent properties of systems should be carefully analyzed. Those involved with pervasive
or infrastructure systems should also consider Principle 3.7.

A computing professional has an additional obligation to report any signs of system risks
that might result in harm. If leaders do not act to curtail or mitigate such risks, it may be
necessary to "blow the whistle" to reduce potential harm. However, capricious or misguided
reporting of risks can itself be harmful. Before reporting risks, a computing professional
should carefully assess relevant aspects of the situation.

1.3 Be honest and trustworthy.

Honesty is an essential component of trustworthiness. A computing professional should be
transparent and provide full disclosure of all pertinent system capabilities, limitations, and
potential problems to the appropriate parties. Making deliberately false or misleading claims,
fabricating or falsifying data, offering or accepting bribes, and other dishonest conduct are
violations of the Code.
Computing professionals should be honest about their qualifications, and about any
limitations in their competence to complete a task. Computing professionals should be
forthright about any circumstances that might lead to either real or perceived conflicts of
interest or otherwise tend to undermine the independence of their judgment. Furthermore,
commitments should be honored.

Computing professionals should not misrepresent an organization's policies or procedures,

and should not speak on behalf of an organization unless authorized to do so.

1.4 Be fair and take action not to discriminate.

The values of equality, tolerance, respect for others, and justice govern this principle.
Fairness requires that even careful decision processes provide some avenue for redress of
grievances.

Computing professionals should foster fair participation of all people, including those of
underrepresented groups. Prejudicial discrimination on the basis of age, color, disability,
ethnicity, family status, gender identity, labor union membership, military status, nationality,
race, religion or belief, sex, sexual orientation, or any other inappropriate factor is an explicit
violation of the Code. Harassment, including sexual harassment, bullying, and other abuses
of power and authority, is a form of discrimination that, amongst other harms, limits fair
access to the virtual and physical spaces where such harassment takes place.

The use of information and technology may cause new, or enhance existing, inequities.
Technologies and practices should be as inclusive and accessible as possible and
computing professionals should take action to avoid creating systems or technologies that
disenfranchise or oppress people. Failure to design for inclusiveness and accessibility may
constitute unfair discrimination.

1.5 Respect the work required to produce new ideas, inventions,

creative works, and computing artifacts.
Developing new ideas, inventions, creative works, and computing artifacts creates value for
society, and those who expend this effort should expect to gain value from their work.
Computing professionals should therefore credit the creators of ideas, inventions, work, and
artifacts, and respect copyrights, patents, trade secrets, license agreements, and other
methods of protecting authors' works.

Both custom and the law recognize that some exceptions to a creator's control of a work are
necessary for the public good. Computing professionals should not unduly oppose
reasonable uses of their intellectual works. Efforts to help others by contributing time and
energy to projects that help society illustrate a positive aspect of this principle. Such efforts
include free and open source software and work put into the public domain. Computing
professionals should not claim private ownership of work that they or others have shared as
public resources.

1.6 Respect privacy.

The responsibility of respecting privacy applies to computing professionals in a particularly
profound way. Technology enables the collection, monitoring, and exchange of personal
information quickly, inexpensively, and often without the knowledge of the people affected.
Therefore, a computing professional should become conversant in the various definitions
and forms of privacy and should understand the rights and responsibilities associated with
the collection and use of personal information.
Computing professionals should only use personal information for legitimate ends and
without violating the rights of individuals and groups. This requires taking precautions to
prevent re-identification of anonymized data or unauthorized data collection, ensuring the
accuracy of data, understanding the provenance of the data, and protecting it from
unauthorized access and accidental disclosure. Computing professionals should establish
transparent policies and procedures that allow individuals to understand what data is being
collected and how it is being used, to give informed consent for automatic data collection,
and to review, obtain, correct inaccuracies in, and delete their personal data.

Only the minimum amount of personal information necessary should be collected in a

system. The retention and disposal periods for that information should be clearly defined,
enforced, and communicated to data subjects. Personal information gathered for a specific
purpose should not be used for other purposes without the person's consent. Merged data
collections can compromise privacy features present in the original collections. Therefore,
computing professionals should take special care for privacy when merging data collections.

1.7 Honor confidentiality.

Computing professionals are often entrusted with confidential information such as trade
secrets, client data, nonpublic business strategies, financial information, research data, pre-
publication scholarly articles, and patent applications. Computing professionals should
protect confidentiality except in cases where it is evidence of the violation of law, of
organizational regulations, or of the Code. In these cases, the nature or contents of that
information should not be disclosed except to appropriate authorities. A computing
professional should consider thoughtfully whether such disclosures are consistent with the
Code.

2. PROFESSIONAL RESPONSIBILITIES.
A computing professional should...

2.1 Strive to achieve high quality in both the processes and

products of professional work.
Computing professionals should insist on and support high quality work from themselves
and from colleagues. The dignity of employers, employees, colleagues, clients, users, and
anyone else affected either directly or indirectly by the work should be respected throughout
the process. Computing professionals should respect the right of those involved to
transparent communication about the project. Professionals should be cognizant of any
serious negative consequences affecting any stakeholder that may result from poor quality
work and should resist inducements to neglect this responsibility.

2.2 Maintain high standards of professional competence,

conduct, and ethical practice.
High quality computing depends on individuals and teams who take personal and group
responsibility for acquiring and maintaining professional competence. Professional
competence starts with technical knowledge and with awareness of the social context in
which their work may be deployed. Professional competence also requires skill in
communication, in reflective analysis, and in recognizing and navigating ethical challenges.
Upgrading skills should be an ongoing process and might include independent study,
attending conferences or seminars, and other informal or formal education. Professional
organizations and employers should encourage and facilitate these activities.
2.3 Know and respect existing rules pertaining to professional
work.
"Rules" here include local, regional, national, and international laws and regulations, as well
as any policies and procedures of the organizations to which the professional belongs.
Computing professionals must abide by these rules unless there is a compelling ethical
justification to do otherwise. Rules that are judged unethical should be challenged. A rule
may be unethical when it has an inadequate moral basis or causes recognizable harm. A
computing professional should consider challenging the rule through existing channels
before violating the rule. A computing professional who decides to violate a rule because it is
unethical, or for any other reason, must consider potential consequences and accept
responsibility for that action.

2.4 Accept and provide appropriate professional review.

High quality professional work in computing depends on professional review at all stages.
Whenever appropriate, computing professionals should seek and utilize peer and
stakeholder review. Computing professionals should also provide constructive, critical
reviews of others' work.

2.5 Give comprehensive and thorough evaluations of computer

systems and their impacts, including analysis of possible risks.
Computing professionals are in a position of trust, and therefore have a special responsibility
to provide objective, credible evaluations and testimony to employers, employees, clients,
users, and the public. Computing professionals should strive to be perceptive, thorough, and
objective when evaluating, recommending, and presenting system descriptions and
alternatives. Extraordinary care should be taken to identify and mitigate potential risks in
machine learning systems. A system for which future risks cannot be reliably predicted
requires frequent reassessment of risk as the system evolves in use, or it should not be
deployed. Any issues that might result in major risk must be reported to appropriate parties.

2.6 Perform work only in areas of competence.

A computing professional is responsible for evaluating potential work assignments. This
includes evaluating the work's feasibility and advisability, and making a judgment about
whether the work assignment is within the professional's areas of competence. If at any time
before or during the work assignment the professional identifies a lack of a necessary
expertise, they must disclose this to the employer or client. The client or employer may
decide to pursue the assignment with the professional after additional time to acquire the
necessary competencies, to pursue the assignment with someone else who has the required
expertise, or to forgo the assignment. A computing professional's ethical judgment should
be the final guide in deciding whether to work on the assignment.

2.7 Foster public awareness and understanding of computing,

related technologies, and their consequences.
As appropriate to the context and one's abilities, computing professionals should share
technical knowledge with the public, foster awareness of computing, and encourage
understanding of computing. These communications with the public should be clear,
respectful, and welcoming. Important issues include the impacts of computer systems, their
limitations, their vulnerabilities, and the opportunities that they present. Additionally, a
computing professional should respectfully address inaccurate or misleading information
related to computing.

2.8 Access computing and communication resources only when

authorized or when compelled by the public good.
Individuals and organizations have the right to restrict access to their systems and data so
long as the restrictions are consistent with other principles in the Code. Consequently,
computing professionals should not access another's computer system, software, or data
without a reasonable belief that such an action would be authorized or a compelling belief
that it is consistent with the public good. A system being publicly accessible is not sufficient
grounds on its own to imply authorization. Under exceptional circumstances a computing
professional may use unauthorized access to disrupt or inhibit the functioning of malicious
systems; extraordinary precautions must be taken in these instances to avoid harm to
others.

2.9 Design and implement systems that are robustly and usably
secure.
Breaches of computer security cause harm. Robust security should be a primary
consideration when designing and implementing systems. Computing professionals should
perform due diligence to ensure the system functions as intended, and take appropriate
action to secure resources against accidental and intentional misuse, modification, and
denial of service. As threats can arise and change after a system is deployed, computing
professionals should integrate mitigation techniques and policies, such as monitoring,
patching, and vulnerability reporting. Computing professionals should also take steps to
ensure parties affected by data breaches are notified in a timely and clear manner, providing
appropriate guidance and remediation.

To ensure the system achieves its intended purpose, security features should be designed to
be as intuitive and easy to use as possible. Computing professionals should discourage
security precautions that are too confusing, are situationally inappropriate, or otherwise
inhibit legitimate use.

In cases where misuse or harm are predictable or unavoidable, the best option may be to not
implement the system.

3. PROFESSIONAL LEADERSHIP PRINCIPLES.

Leadership may either be a formal designation or arise informally from influence over others.
In this section, "leader" means any member of an organization or group who has influence,
educational responsibilities, or managerial responsibilities. While these principles apply to all
computing professionals, leaders bear a heightened responsibility to uphold and promote
them, both within and through their organizations.

A computing professional, especially one acting as a leader, should...

3.1 Ensure that the public good is the central concern during all
professional computing work.
People—including users, customers, colleagues, and others affected directly or indirectly—
should always be the central concern in computing. The public good should always be an
explicit consideration when evaluating tasks associated with research, requirements
analysis, design, implementation, testing, validation, deployment, maintenance, retirement,
and disposal. Computing professionals should keep this focus no matter which
methodologies or techniques they use in their practice.

3.2 Articulate, encourage acceptance of, and evaluate fulfillment

of social responsibilities by members of the organization or
group.
Technical organizations and groups affect broader society, and their leaders should accept
the associated responsibilities. Organizations—through procedures and attitudes oriented
toward quality, transparency, and the welfare of society—reduce harm to the public and raise
awareness of the influence of technology in our lives. Therefore, leaders should encourage
full participation of computing professionals in meeting relevant social responsibilities and
discourage tendencies to do otherwise.

3.3 Manage personnel and resources to enhance the quality of

working life.
Leaders should ensure that they enhance, not degrade, the quality of working life. Leaders
should consider the personal and professional development, accessibility requirements,
physical safety, psychological well-being, and human dignity of all workers. Appropriate
human-computer ergonomic standards should be used in the workplace.

3.4 Articulate, apply, and support policies and processes that

reflect the principles of the Code.
Leaders should pursue clearly defined organizational policies that are consistent with the
Code and effectively communicate them to relevant stakeholders. In addition, leaders should
encourage and reward compliance with those policies, and take appropriate action when
policies are violated. Designing or implementing processes that deliberately or negligently
violate, or tend to enable the violation of, the Code's principles is ethically unacceptable.

3.5 Create opportunities for members of the organization or

group to grow as professionals.
Educational opportunities are essential for all organization and group members. Leaders
should ensure that opportunities are available to computing professionals to help them
improve their knowledge and skills in professionalism, in the practice of ethics, and in their
technical specialties. These opportunities should include experiences that familiarize
computing professionals with the consequences and limitations of particular types of
systems. Computing professionals should be fully aware of the dangers of oversimplified
approaches, the improbability of anticipating every possible operating condition, the
inevitability of software errors, the interactions of systems and their contexts, and other
issues related to the complexity of their profession—and thus be confident in taking on
responsibilities for the work that they do.
3.6 Use care when modifying or retiring systems.
Interface changes, the removal of features, and even software updates have an impact on
the productivity of users and the quality of their work. Leaders should take care when
changing or discontinuing support for system features on which people still depend. Leaders
should thoroughly investigate viable alternatives to removing support for a legacy system. If
these alternatives are unacceptably risky or impractical, the developer should assist
stakeholders' graceful migration from the system to an alternative. Users should be notified
of the risks of continued use of the unsupported system long before support ends.
Computing professionals should assist system users in monitoring the operational viability
of their computing systems, and help them understand that timely replacement of
inappropriate or outdated features or entire systems may be needed.

3.7 Recognize and take special care of systems that become

integrated into the infrastructure of society.
Even the simplest computer systems have the potential to impact all aspects of society
when integrated with everyday activities such as commerce, travel, government, healthcare,
and education. When organizations and groups develop systems that become an important
part of the infrastructure of society, their leaders have an added responsibility to be good
stewards of these systems. Part of that stewardship requires establishing policies for fair
system access, including for those who may have been excluded. That stewardship also
requires that computing professionals monitor the level of integration of their systems into
the infrastructure of society. As the level of adoption changes, the ethical responsibilities of
the organization or group are likely to change as well. Continual monitoring of how society is
using a system will allow the organization or group to remain consistent with their ethical
obligations outlined in the Code. When appropriate standards of care do not exist, computing
professionals have a duty to ensure they are developed.

4. COMPLIANCE WITH THE CODE.

A computing professional should...

4.1 Uphold, promote, and respect the principles of the Code.

The future of computing depends on both technical and ethical excellence. Computing
professionals should adhere to the principles of the Code and contribute to improving them.
Computing professionals who recognize breaches of the Code should take actions to resolve
the ethical issues they recognize, including, when reasonable, expressing their concern to the
person or persons thought to be violating the Code.

4.2 Treat violations of the Code as inconsistent with membership

in the ACM.
Each ACM member should encourage and support adherence by all computing professionals
regardless of ACM membership. ACM members who recognize a breach of the Code should
consider reporting the violation to the ACM, which may result in remedial action as specified
in the ACM's Code of Ethics and Professional Conduct Enforcement Policy.

The Code and guidelines were developed by the ACM Code 2018 Task Force: Executive
Committee Don Gotterbarn (Chair), Bo Brinkman, Catherine Flick, Michael S Kirkpatrick, Keith
Miller, Kate Varansky, and Marty J Wolf. Members: Eve Anderson, Ron Anderson, Amy
Bruckman, Karla Carter, Michael Davis, Penny Duquenoy, Jeremy Epstein, Kai Kimppa, Lorraine
Kisselburgh, Shrawan Kumar, Andrew McGettrick, Natasa Milic-Frayling, Denise Oram, Simon
Rogerson, David Shamma, Janice Sipior, Eugene Spafford, and Les Waguespack. The Task
Force was organized by the ACM Committee on Professional Ethics. Significant contributions
to the Code were also made by the broader international ACM membership. This Code and its
guidelines were adopted by the ACM Council on June 22nd, 2018.

This Code may be published without permission as long as it is not changed in any way and it
carries the copyright notice. Copyright (c) 2018 by the Association for Computing Machinery.
On This Page

Preamble
1. GENERAL ETHICAL PRINCIPLES.
1.1 Contribute to society and to human well-being, acknowledging that all people
are stakeholders in computing.
1.2 Avoid harm.
1.3 Be honest and trustworthy.
1.4 Be fair and take action not to discriminate.
1.5 Respect the work required to produce new ideas, inventions, creative works,
and computing artifacts.
1.6 Respect privacy.
1.7 Honor confidentiality.
2. PROFESSIONAL RESPONSIBILITIES.
2.1 Strive to achieve high quality in both the processes and products of
professional work.
2.2 Maintain high standards of professional competence, conduct, and ethical
practice.
2.3 Know and respect existing rules pertaining to professional work.
2.4 Accept and provide appropriate professional review.
2.5 Give comprehensive and thorough evaluations of computer systems and their
impacts, including analysis of possible risks.
2.6 Perform work only in areas of competence.
2.7 Foster public awareness and understanding of computing, related
technologies, and their consequences.
2.8 Access computing and communication resources only when authorized or
when compelled by the public good.
2.9 Design and implement systems that are robustly and usably secure.
3. PROFESSIONAL LEADERSHIP PRINCIPLES.
3.1 Ensure that the public good is the central concern during all professional
computing work.
3.2 Articulate, encourage acceptance of, and evaluate fulfillment of social
responsibilities by members of the organization or group.
3.3 Manage personnel and resources to enhance the quality of working life.
3.4 Articulate, apply, and support policies and processes that reflect the
principles of the Code.
3.5 Create opportunities for members of the organization or group to grow as
professionals.
3.6 Use care when modifying or retiring systems.
3.7 Recognize and take special care of systems that become integrated into the
infrastructure of society.
4. COMPLIANCE WITH THE CODE.
4.1 Uphold, promote, and respect the principles of the Code.
 4.2 Treat violations of the Code as

Download a PDF of the ACM Code Booklet 

ACM recently updated its Code of Ethics and Professional Conduct. The revised Code
of Ethics addresses the significant advances in computing technology since the 1992
version, as well as the growing pervasiveness of computing in all aspects of society. To
promote the Code throughout the computing community, ACM created a booklet, which
includes the Code, case studies that illustrate how the Code can be applied to
situations that arise in everyday practice and suggestions on how the Code can be used
in educational settings and in companies and organizations.

PDF of the ACM Code of Ethics 

计算机协会道德୚职业行为准则

Código de Ética y Conducta Profesional de ACM

Supporting the Professionalism of ACM Members 

The ACM Committee on Professional Ethics (COPE) is responsible for promoting
ethical conduct among computing professionals by publicizing the Code of Ethics and
by offering interpretations of the Code; planning and reviewing activities to educate
membership in ethical decision making on issues of professional conduct; and
reviewing and recommending updates to the Code of Ethics and its guidelines.

Guidance in Addressing Real-World Ethical Challenges 

The Integrity Project, created by ACM's Committee on Professional Ethics, is a series of
resources designed to aid ethical decision making. It includes case studies
demonstrating how the principles can be applied to specific ethical challenges, and an
Ask an Ethicist advice column to help computing professionals navigate the sometimes
challenging choices that can arise in the course of their work.
 Ask an Ethicist 
Ask an Ethicist invites ethics questions related to computing or technology. Have an
interesting question, puzzle or conundrum? Submit yours via a form, and the ACM
Committee on Professional Ethics (COPE) will answer a selection of them on the site.

Using the Code

With the release of the updated Code of Ethics, ACM has created companion case
studies that demonstrate how the principles of the Code can be applied to specific
ethical challenges. Illustrative examples of hypothetical violations of or adherence to
specific principles found in the Code—highlighting key nuances and directives—form the
basis of the case studies.

Code of Ethics Enforcement Procedures

ACM expects all ACM and ACM Special Interest Group (SIG) members to make a
commitment to engage in ethical professional conduct and abide by ACM’s Code of
Ethics. This policy describes ACM’s procedure for enforcing the Code and may be used
for complaints brought to ACM via ACM's other policies.

IFIP Bases New Code of Ethics on ACM's

At its virtual General Assembly held in September, the International Federation for
Information Processing (IFIP) adopted a new IFIP Code of Ethics and Professional
Conduct. The code was adapted from ACM's Code of Ethics , which itself had been
through consultation and development with members of IFIP, IEEE and other national
and international bodies and companies. "As an international member of IFIP, ACM
endorses the proposed IFIP Code of Ethics as a common international standard for
computing and the profession," said ACM CEO Vicki Hanson. Read the IFIP news
release .

Copyright © 2024, ACM, Inc