Reference edition · 2026 · the standard in full

The Standard of Conduct
for Automated Decisions.

Four duties every automated decision inherits — competence, candor, recourse, non-abandonment — rooted in a professional obligation of trust and the highest duty of care. This is the reference your team writes its own Automation Style Guide against.

Four dutiesDrawn from medicine & lawA framework your team adapts

The duties are quick to agree. The hard part is who they belong to.

Most teams nod at all four inside a minute. The difficulty is that the decision they govern belongs to no single function — engineering sets the threshold, product owns the funnel, risk carries the exposure, legal weighs the defence, support takes the call. Each holds a real piece; none holds the whole.

So the Standard isn't a policy from one corner. It's the reference the whole room reads the same way — duty by duty, with a plain test for each. Soma has built a framework that makes it easy and functional for your team to write its own — in a day.

Article I

Competence

First, do your best
Whose call it is
EngineeringData ScienceRisk

The decision must meet a real standard — sound, current, and fit for the person it concerns — not merely whatever the model returned.

A system inherits the obligation to decide at least as carefully as a conscientious person would. Accuracy in aggregate is not enough; the duty is owed to each individual the decision lands on. A system that decides worse than a competent person is not a tool — it is a hazard that was chosen, and choosing it is itself a breach.

Test 01Would a competent professional, in full view of this person's case, stand behind the decision?

MetThe system's calls are checked against how a competent professional would decide the same cases — and they hold up, including on the hardest ones.
BreachIt ships because the average score looks good, and no one asks how it fails the individual cases that matter most.

Test 02Has it been tested on the people it will actually affect — not just a benchmark?

MetIt is evaluated on the real population and its hardest edge cases before it touches anyone.
BreachIt is validated on clean test data, then released onto people whose situations it never saw.

Test 03When the evidence is thin, does the system say so?

MetLow-confidence cases are routed to a human instead of forced into a confident answer.
BreachEvery input gets a definitive output, however little supports it.
Article II

Candor

Informed consent
Whose call it is
ProductDesignLegalComms

The person has a right to know that a machine decided, and to understand the grounds in terms they can act on.

Disclosure is owed to the person affected — not only to an auditor or a regulator. It must be legible: a reason they can understand and respond to, not a notice buried in terms. "Proprietary" is not an answer a person is owed about a decision that shaped their life. Care that hides itself from the cared-for is not care.

Test 01Does the person know a machine was involved in the decision?

MetThey are told plainly that an automated system made or shaped the decision.
BreachThe machine's role is hidden behind a human signature, or simply left unsaid.

Test 02Is the reason specific enough to act on?

MetThey get a reason they can understand and respond to — what mattered, and what they might change.
BreachThey get "does not meet our criteria," which explains nothing.

Test 03Is it written for the person, not the auditor?

MetThe explanation is in plain language, aimed at the person affected.
BreachThe only disclosure is buried in terms of service no one reads.
Article III

Recourse

The second opinion
Whose call it is
SupportOperationsProduct

Every automated decision needs a door back to a human with the authority to look again, and to overturn.

Review must be real, not decorative: reachable without exhausting the person, and held by someone empowered to change the outcome. The right to a second look is among the oldest protections in both care and law. A decision no one can revisit has not been governed — it has only been imposed.

Test 01Can the person reach a human who is able, and permitted, to reverse it?

MetThere is a clear path to a person empowered to overturn the outcome.
BreachThe only "appeal" loops back to the same system, or to someone with no power to change the result.

Test 02Is the way to ask for review obvious, not hidden?

MetHow to request a second look is stated alongside the decision itself.
BreachAppeal exists on paper but is buried, undocumented, or hard to find.

Test 03Can they contest it without exhausting themselves?

MetReview is reachable in a reasonable number of steps and a reasonable time.
BreachThe process is so onerous that most people give up — which is the point.
Article IV

Non-abandonment

Continuity of presence
Whose call it is
RiskEngineeringThe named owner

One does not deploy and walk away. The duty continues for as long as the system decides.

Care does not end at launch. The obligation is ongoing: to watch for the person the system begins to harm, to notice drift and disparate effect as they emerge, and to reach those affected before the harm compounds. Abandonment — deploying and turning away — is a breach even when each individual decision looked defensible.

Test 01After launch, who owns what the system does?

MetA named person or team is accountable for the system's ongoing effects.
BreachOwnership ends at deployment; no one is watching once it is live.

Test 02Would anyone notice if it began harming a group?

MetDrift and disparate impact are monitored, with thresholds that trigger action.
BreachHarm surfaces only when someone outside complains — or sues.

Test 03When something goes wrong, how fast are people reached?

MetThere is a plan to find and reach those affected before the harm compounds.
BreachAffected people are left to discover and undo the damage themselves.
Where these come from

Drawn from the duty-of-care tradition in medicine and law.

These four are not invented from nothing, and Soma does not claim them as an official framework. They are a considered adaptation — drawn from the way medicine and law have long organised the care a professional owes a vulnerable person, and translated for systems that now decide at scale.

Soma's contribution is to carry them across — from a practitioner caring for one person, to an automated system deciding for many — and to state them plainly enough to be held to.

  • Competencethe professional standard of care and "first, do no harm" — the duty to perform to a real standard.
  • Candorthe duty of candour and informed consent — disclosure owed to the person, in terms they can use.
  • Recoursethe right to review and the second opinion — long-held in both care and law.
  • Non-abandonmentthe duty of non-abandonment and continuity of care — a named obligation in medical ethics.
Use it · adapt it · make it yours

Use the framework. Write your own in half a day.

Use the Standard as your reference — for internal policy, a vendor review, or documenting a system. Then bring your team into a room and leave with one written for your products.

Soma, The Standard of Conduct for Automated Decisions (2026). somastandard.org. Four duties: competence, candor, recourse, non-abandonment.
Book a workshop Your team writes its own, together