Human rights and ICT standardization: What is W3C doing about this?

On April 14, 2026, in Brussels, I participated on behalf of W3C in the Seminar on Human Rights and ICT Standardization, organized by the European Commission in collaboration with OHCHR and ITU, with the support of StandICT.eu 2029, INSTAR, and InDiCo Global.

In the seminar, it was clear that Human Rights in Technical Standardization had entered a new phase. It was no longer about debating whether human rights are relevant to standardization, but about figuring how to bring them into technical processes without turning them into a rhetorical layer added as an after thought, once the architecture, data flows, and responsibilities have already been set.

W3C spoke on the third panel, What are standards organizations doing for human rights?, along with other standards organizations that are experimenting with different ways to make these concepts viable. The value of the day was bringing standards development organizations, policy makers, technical experts, lawyers, civil society, and the human rights community to the same table. It is not an easy composition. Languages change, priorities change, and even the word “impact” often does not mean the same thing to those writing a specification, those assessing legal risk, or those representing a user group exposed to exclusion, surveillance, or discrimination.

W3C principles and Human Rights

W3C has been actively discussing human rights in the context of standardization for many years now. The Ethical Web Principles already indicate that the web must support human rights, dignity, and personal agency, and explicitly call for putting human rights at the heart of the web platform, and it is connected to the great emphasis that W3C commits to - accessibility, internationalization, privacy, and security. Also, even before the language of human rights became so prevalent in discussions of emerging technologies, the Web Accessibility Initiative has been active since 1997 in crafting resources and building into web standards ways that operationalize similar principles.

Tensions in operationalizing Human Rights

But since the focus of the seminar was on how to operationalize Human Rights principles, the main challenges that emerged can be summarized by some polls that were taken during the seminar.

One poll focused on the main challenge today in linking human rights and ICT standardization, 38% of participants indicated the difficulty of translating human rights principles into technical requirements; 26% indicated business pressure or time-to-market. Others indicated a lack of awareness, insufficient involvement of human rights experts, and lack of coordination.

Then, another poll confirmed the same tension, but from a different angle. Participants were asked what is needed to make human rights more operational in ICT standardization. 39% of the participants called for practical tools and assessment methods for those developing standards. This is important in specification work, as you have to decide whether a piece of data is needed, whether a fallback is necessary, or whether an actor can correlate information across different services. 28% called for greater presence of human rights experts in technical work, and 22% called for greater participation by civil society and other relevant stakeholders. Taken together, these figures tell less about a preference and more about a process need: bringing diverse expertise to the point where the technical choice is still open.

Operationalizing Human Rights in W3C

The post-event report acknowledged how W3C experience is relevant to advance operationalizing human rights in standardization to connect it with how that experience is key to advance with the objective. In W3C, this experience is distributed in the horizontal review practice, which is one of the closest models to a formal regime of cross-checking.

Accessibility, privacy, security, internationalization, and technical architecture reviews are carried out by different groups with specific expertise. This has a practical cost: technical groups must interact with different communities, each with its own timelines, vocabularies, and expectations. It does, however, make one important thing visible: problems that affect people rarely belong to a single category. 

In software parlance, it is possible to shift left: don't wait for the final review, but bring the question into the design.

For W3C, this means using tools such as the Societal Impact Questionnaire and the Threat Modeling Guide to help groups think first about the consequences of their choices. 

One has to ask who uses the technology, who is exposed even without using it, who can be excluded, who can be tracked, who has to bear the cost of mitigation, and what responsibilities are transferred out of the specification.

Here, the connection with threat and harm modeling becomes practical. Some harms do not arise from a classical attacker. They arise from the normal operation of the system, from an incentive, from an interface, or from an overly strict requirement. That is why W3C is experimenting also with facilitation methods such as LEGO® SERIOUS PLAY®: not because the bricks solve the problem, but because they help people with very different backgrounds to communicate and translate into a common language abstract concepts that have different meanings for everyone, and thus to be able to discuss assumptions and make the relationship between harm, threat, technical choice and regulatory choice more concrete.

The seminar also showed that in addition to W3C, other SDOs, such as ETSI, ITU-T, IEEE, CEN/CENELEC, Standards Australia, NEN, and ISO/IEC, are approaching the problem from different angles. We might have more to say about this in a different post.

Are we doing a good enough job?

When we threat model, the fourth and last key question we ask is, ‘did we do a good enough job?’ This is about informing decisions as well as future phases. Let’s take stock of where we are in our continuous development approach.

Although several steps forward have been made in recent years, there are still several things to do. An open question is how to coordinate these approaches without making them just a new bureaucracy. For standards, adding control is easy. Making it useful is more difficult. The following are needed: common vocabulary, examples, people who can cross different communities, and processes that are light enough to really be used by technical groups. It also needs to be recognized that formal participation is not enough: being invited is not the same as being able to contribute, be heard, be understood, and see one's contribution go into the text.

In W3C work, this is especially seen in horizontal reviews. When a review comes in late, the group has often already stabilized the model of the specification. Change is possible, but more laborious. When, on the other hand, the question comes in earlier, through an issue, a questionnaire, or a threat modeling session, the group is more likely to include human rights “by design” early in the standard development cycle. It needs to take a closer look at what it is already building. That's where the web's contribution becomes practical: making the assumptions visible before they end up inside the infrastructure.

One very concrete point remains: participation is costly. The OHCHR study, "Making technical standards work for humanity", also highlights that without dedicated resources, civil society, independent experts, and smaller organizations struggle to follow through effectively on standardization efforts. Therefore, supporting W3C also means enabling practical participation.