digital medusa logo

Contributing to Open Source Digital Governance 

Open source digital governance is the talk of town these days. The Internet community has been focusing on sharing best practices and solutions to governance problems openly. Practitioners and scholars have advocated for the concept of open source tools in trust and safety. Some tech-companies have used open source tool-kits and domain name abuse initiatives to address governance and compliance issues in the domain name space. Others have adopted open source governance risk and compliance software. Another kind of “open source” initiative is “tech against terrorism”. That initiative is issue specific (it works only on terrorist content) and helps companies by sharing information and knowledge. In a similar vein, the Prosocial Network Design rates and reviews prosocial interventions and their effectiveness for encouraging healthy behavior online and meaningful human connections. There are also some general open source initiatives, such as Open Sanctions that tech-companies can use to comply with sanctions and provide their services globally.   

These are important initiatives. However, open source digital governance is currently fragmented and missing key services for increasing trust and safety. It also does not address governance holistically, so that while we fix one part of the system, we do not harm the other part.   

What is open source digital governance? 

Open source initiatives provide governance solutions openly and transparently, usually licensed for the public and to use free of charge. They go beyond open source tools and recommendations and provide the actual process and policies. They can range from human rights impact assessments, to compliance systems, to governance and privacy impact assessments. As well as reducing the cost of governance for Internet platforms and Internet infrastructure providers, the processes and advice of open source mechanisms can be more transparent and evolve with time, because they can evolve with the community of users. The designers of open source services understand the importance of a global and interconnected Internet. Open source services can be more transparent and community-oriented than their commercial counterparts and constantly refine their digital governance methods.

Where do we need open source digital governance? 

We need holistic digital governance that tech-companies and technology providers throughout the Internet stack, can use for general governance purposes but also specific issues. Here are some examples of open source governance solutions for trust and safety, sanctions compliance, and human rights impact assessment.


  • Trust and Safety

Platforms that are large and meet the number of users’ threshold have to comply with many of the Digital Services Act (a European Union law) provisions. However, trust and safety practices are not just for bigger platforms. To keep operating, smaller platforms also need to have certain governance structures in place and govern their platforms. There are a myriad of commercial digital trust and safety providers and third-party vendors. However, there are few open source compliance services that could guide companies that cannot afford these services. Open source compliance mechanisms can help here with bringing trust and safety to digital services and products. There can also be specific open source digital audit processes and risk assessments that certain regulations require.  

  • Sanctions and connectivity 

Many Internet service providers (ISPs) and online service providers have to comply with economic sanctions, laws, and regulations. Smaller players and those companies with risk averse lawyers might either decide not to provide their services to these countries or hire third party compliance vendors. Third party sanction compliance vendors can be expensive, their processes could be opaque and they might be risk averse and not have a sound understanding of how access to the Internet could be access to essential services. Open source compliance can help solve these issues and allow companies to provide services to sanctioned countries and remain compliant with economic sanctions. 

  • Human rights impact assessment

Human rights impact assessment processes measure and analyze the impact of digital products on human rights. They especially draw upon international human rights principles but also use social sciences research methods. Human rights experts and consultants usually undertake the HRIA. Socially minded and big platforms can afford to undertake a human rights impact assessment. The human rights impact assessment principles and processes are known to experts and mentioned in their reports. However, they are not easy for non-experts to use and replicate. Human rights impact assessment is a very important process, and it especially helps evolve the policies and processes of tech-companies, so that they do not repeat past mistakes. 

Small companies and companies that do not have available money for human rights impact assessment could use open source human rights impact assessment tools to measure the impact of their digital products on human rights. Open source HRIA also can help standardize the processes and methods for HRIA, and result in the review of the methods themselves. Communities and vulnerable groups can use open source HRIA to measure how certain digital products and services affect human rights from their perspective. This can help us understand how different rights are impacted in different contexts and by different communities.

What is next? evolving digital governance processes 

We should contribute to and build open source digital governance processes. Many initiatives contribute to open source digital governance. Integrity Institute,  Trust and Safety Professional Association, and many civil society organizations provide best practices and recommendations as well as toolkits for governance of digital products. We should map these processes, analyze the gaps and also ask what other open source toolkits might help us with providing Internet and digital trust and safety to everyone. Open source digital governance processes can help with mapping these toolkits, provide concrete and holistic governance models but also, through human rights impact assessment, contribute to the evolution and reform of our governance mechanisms. In the next blog, we will explain the importance of open source human rights impact assessment processes. 


Critical Trust & Safety practices for Tech platforms

From a quick Google Search, one can uncover hundreds of best practices in the field of trust and safety that will help keep users safe on the Internet while browsing, dating or  purchasing goods. Since economically and technically it can be challenging for tech companies (regardless of their size) to adopt all the trust and safety practices in existence, we need to identify the most critical practices that tech companies and our social systems can’t do without.   We, at Digital Medusa,  have taken the first step towards achieving this goal  by coming up with  evidence-based research that indicates 5 of the most critical trust and safety practices that companies  can integrate into their products and features to minimise risk and maintain trust and safety of their digital products. We will explain our method in more detail below, however, like every research methodology, this too has its limitations. The two indicators that we decided to choose for this preliminary research to prioritize the practices were: regulatory frameworks and public perception. In our future research we need to understand which other indicators could be relevant to achieve a more accurate prioritization method.   


Our baseline was the Digital Trust and Safety Partnership’s (DTSP) Safe Framework, which outlines 35 trust and safety best practices. This framework is structured around five commitments: Product Development, Governance, Enforcement, Improvement, and Transparency with practices listed in no particular order.

To determine which practices should be implemented first, we developed two criteria. Our aim was to rank them based on the cost of non-compliance, measured by the metric of ‘severity.’ The two criteria we used were:

  1. Regulatory Risks: We analyzed 15 global regulations governing the trust and safety space 
  2. Public Perception: We analyzed how civil society organizations and the public at large prioritizes the practices through measuring the number of civil society organizations working on a particular best practice, along with the number of lawsuits from not adhering to specific practices. 

For each best practice and commitment, we assigned a severity score ranging from 0 to 5 based on the above criteria. A higher severity score indicated the importance of integrating that practice, as non-compliance might result in significant costs for companies and losing legitimacy among the public at large and civil society organizations.

After conducting an in-depth analysis, we ranked the top trust and safety practices for each commitment. Non-compliance with these practices could lead to penalties such as service suspension in affected jurisdictions or even divestiture of business. They are also perceived as important by the public. The following practices received a cumulative severity score of 3.5 and above across all commitments:

We were also able to rank all DTSP practices from most severe to good to have with ‘red’ text indicating most severe and ‘green’ indicating good to have:

Insights and Lessons

Our research revealed an interesting divergence between the practices deemed important by regulators and those shaping public opinion. This finding offers valuable insights for both companies and policymakers worldwide. Certain practices, such as User Control, Transparency Reports, Research Academic Support and Complain Intakes have more regulatory interests than their effects on public opinion.

Trust and safety practices are vital for tech-companies and tech organizations. By understanding which practices to prioritize, companies can mitigate risks,ensure compliance, self-govern better and respond to internal and external emerging safety issues. As the regulatory landscape and public opinion continue to evolve, it’s crucial to keep this research up to date. We hope to also expand the research to overcome its current shortcomings and integrate other crucial indicators such as technical feasibility and human rights consideration.

Note:  Digital Medusa undertakes outreach and engagement for DTSP but this particular research project is an independent study by Shubhi Mathur and does not represent the views of DTSP or its members.

About The Author

Farzaneh Badii

Digital Medusa is a boutique advisory providing digital governance research and advocacy services. It is the brainchild of Farzaneh Badi[e]i.Digital Medusa’s mission is to provide objective and alternative digital governance narratives.