What are you looking for?

Article

Responsible-by-Design: Responsible use of data and AI is people work

2 min read
April 9, 2026
Responsible-by-Design: Responsible use of data and AI is people work

The application of data and AI in a professional context requires professional safeguards. Outcomes must not only be reliable, but also transparent and explainable. In addition, organizations must comply with legal and societal requirements.

To ensure that new applications can actually be implemented, it is essential to identify these requirements at the very start of the development or procurement process. These may include technical or legal requirements, but also ethical or organizational considerations. After all, the use of AI is people work—and responsible AI even more so.

Applying the Responsible-by-Design concept helps organizations ask the right questions from the outset, ensuring that once a solution is completed, it meets all relevant requirements.

What does it entail?

Responsible-by-Design is a way of working that provides organizations with a structured approach to “design in” all necessary conditions from the start. Development teams do not operate alongside or in opposition to compliance or security officers, but are part of an integrated project team from the beginning.

Requirements are identified early and addressed at the right moments, spread across different project phases, each building on the previous one. Questions from various disciplines are brought together within the team and addressed in an integrated way.

Concept and building blocks

The Responsible-by-Design concept consists of an overarching methodology and a set of building blocks. A detailed description can be found in our whitepaper Responsible-by-Design for the Public Sector.

Responsible-by-Design can be applied at three levels:

  • Strategic level: as an organization-wide way of working, following from a strategic choice for responsible use of data and AI
  • Project level: as an approach for a specific project, potentially serving as a pilot for broader adoption
  • Instrumental level: by applying individual building blocks to address a specific or urgent need

In practice, organizations often start with one or a few building blocks and expand from there.

Common building blocks:

Phase 0 Workshop

Responsible-by-Design delivers the most value when applied from the very start of a project. A strong starting point is a Phase 0 workshop.

This involves organizing a session at the beginning of the initiative phase where the intended data or AI application is discussed with all relevant disciplines. This includes representatives from business, IT, data and development teams, customer or citizen stakeholders, as well as legal, ethical, and security experts. Highberg can facilitate this workshop and, if desired, provide additional expertise.

The workshop consists of three parts:

  • Defining scope
    Discussing the scope of the project, including how the solution will work, intended outcomes, proportionality, and impact on users and stakeholders.
  • Requirements and safeguards
    Identifying the requirements and safeguards that must be embedded in the development process. These may relate to system specifications, data usage, risk assessments, documentation, or stakeholder involvement.
  • Roadmap creation
    Developing a high-level roadmap that outlines when and how requirements will be addressed throughout the project.

The result is a clear understanding from the outset of the conditions that must be met for successful implementation—allowing them to be designed into the solution from the start.

Freedom-in-a-Frame

Teams developing data and AI applications often need continuous alignment with second-line functions such as compliance and privacy officers. To give these teams more autonomy, a standardized workflow can be established, supported by an assessment framework with guiding questions at each step.

These questions are based on applicable legal and ethical frameworks. Alignment with second-line functions is then only required at predefined moments or when answers trigger escalation.

This approach ensures that:

  • Project teams have sufficient flexibility
  • Compliance functions have confidence in the decisions being made

In other words: freedom within a structured framework.

Designing such a framework is tailored work and involves:

  1. Mapping project phases
  2. Identifying applicable laws and standards
  3. Translating these into guiding questions per phase
  4. Implementing and supporting the new way of working

DPIAMA

A frequently used building block within Responsible-by-Design is the DPIAMA. This is a combined risk assessment that not only addresses privacy risks (as in a DPIA), but also considers risks related to human rights and ethics (as in an IAMA).

More information about DPIAMA

Workshop: Value-Driven Innovation for Executives

A key condition for responsible use of data and AI is that senior management recognizes its importance and sets clear boundaries.

A strong starting point is the Value-Driven Innovation for Executives workshop. In this half-day session, participants explore—through a concrete case—the impact AI can have on people who work with it or are affected by it.

Smart-from-the-start in data reuse

Many organizations still struggle to effectively reuse the data they already have. Data is often difficult to find, agreements on reuse are unclear, or concerns about unlawful data sharing prevent initiatives from getting off the ground. Inefficient, frustrating, and often unnecessary. Highberg helps organizations change this.

In this context, Responsible-by-Design becomes Responsible-by-Redesign, consisting of the following steps:

  • Step 1: Upgrade the data intake process
    This involves mapping which data is collected, what applications it is intended for, and which metadata is required.
  • Step 2: Structured data management
    Collected or generated data is consistently gathered, labeled, and stored in a data repository. In addition to information about the data itself, its origin, and conditions for reuse, each dataset is assigned a clear owner.
  • Step 3: Enable data access and reuse
    A process is established to make available data accessible. This includes verifying whether there is a legal basis for reuse. If reuse generates new data, the process starts again from step 1.

Want to learn more about Responsible-by-Design?

Get in touch with Dorus-Jan

Related insights

Also of Interest