Institute / The Design Covenant / Paper V: The Design Covenant
The Design Covenant · Paper V · Series Capstone

The Design Covenant

A Proposed Voluntary Standard for Platforms That Commit to Cognitive Sovereignty of Their Users

The Institute for Cognitive Sovereignty · 2026 · Research Paper · Open Access · CC BY-SA 4.0

ICS-2026-DC-005 Published March 6, 2026 22 min read
8
Specific commitments in the proposed covenant — each measurable, each auditable, each directly addressing a documented mechanism of attention capture
0
Platforms that have voluntarily adopted a third-party-auditable standard for attention architecture — the gap this paper proposes to close
$600B+
Annual behavioral advertising revenue that the full covenant would require to be restructured — the financial force against which voluntarism must be weighed
“The companies that will win the next decade are the ones that prove they can be trusted with human attention. The ones that exploit it are burning their customers' goodwill as fuel. That is not a sustainable business model.”
— Projected forward from Tristan Harris's 2022 framing, on the long-term commercial stakes of the attention economy debate
Section I

Why a Voluntary Covenant

The Legal Architecture series documented what mandatory standards require and how long they take. The GDPR took twenty years from the 1995 Directive to the 2016 adoption, with another two years before it became applicable. KOSA took two years to achieve a 91–3 Senate vote and then died without a House vote. The Australian minimum age law represents a significant achievement — but it covers age access, not design architecture. Mandatory design standards for the full set of principles specified in this series are not proximate in any major jurisdiction.

The voluntary covenant is not a substitute for mandatory standards. It is what makes mandatory standards achievable. When platforms have demonstrated, through covenant adoption and third-party audit, that ethical design principles can be implemented without commercial collapse, the mandatory standard debate loses its most powerful objection: the claim that the standards are impossible. Voluntary covenant adoption by even a small number of platforms produces proof of concept that removes the impossibility defense.

The voluntary covenant is also, independently, valuable. A platform that has adopted the covenant and been third-party audited has made a public commitment that is more enforceable than a private one — not legally enforceable, but enforceable through reputation, through user trust, and through the competitive disadvantage of violating a public commitment. The covenant creates accountability that does not exist in the current environment where platforms make unverifiable claims about their commitment to user wellbeing.

Finally, the voluntary covenant provides a target for users, investors, and regulators. A user who wants to use a cognitive-sovereignty-respecting platform currently has no verifiable standard by which to identify one. An investor who wants to include platform ethics in investment criteria has no objective measure. A regulator drafting mandatory standards has no reference implementation. The covenant provides all three: a user-facing label, an investor-facing metric, and a regulatory-facing reference text.

Section II

The Eight Commitments

The Design Covenant consists of eight specific commitments. Each is derived from the principles specified in DC-001 and the evidence examined in DC-002 through DC-004. Each is measurable, auditable, and specific enough to be verified by a third-party auditor without access to the platform's source code.

The Design Covenant — Eight Commitments
Commitment I
Chronological-Default Feed
We present content to users in chronological order by default. Users who wish to use an algorithmic content ranking may opt into it through an affirmative action. The algorithmic ranking option includes a disclosure of the specific behavioral objective the algorithm is optimized for. The user's choice persists across sessions without resetting. Minors under 18 do not have access to engagement-optimized algorithmic ranking.
Commitment II
Opt-In Push Notifications
We do not send push notifications to users who have not affirmatively enabled them. New users' default notification state is off. Users may enable notifications by type and frequency. Notifications designated as urgent by the user are delivered in real time; all other enabled notifications are delivered at user-specified batched intervals with a minimum interval of one hour. No push notifications are delivered between 10:00 PM and 7:00 AM local time, except for urgent-category notifications designated by the user. For users under 18, no push notifications are delivered during designated school hours.
Commitment III
Session Awareness Display
We display the current session duration and the total platform use for the current day in a visible, non-dismissible interface element during active sessions. This information is accessible without navigating to a settings menu. We do not design or configure the display to minimize the user's awareness of their session duration.
Commitment IV
No Engagement Metric Display in Feed
We do not display engagement metrics — including like counts, share counts, comment counts, and view counts — in the primary content feed. Users who navigate to specific content may see these metrics on that content's individual page. We do not display social comparison metrics that rank users by engagement received.
Commitment V
No Autoplay
We do not autoplay video or audio content. Each piece of video or audio content requires a distinct user action to begin. We do not use countdown timers, pre-loading displays, or interface designs that exploit the endowment effect to initiate content without explicit user action.
Commitment VI
Voluntary Return Rate as Primary Metric
We use voluntary return rate — the proportion of users who return to the platform within seven days after voluntarily ending a session — as our primary internal product performance metric. We do not use time-on-platform, total daily active users, or engagement rate as primary optimization targets for product decisions. We make our voluntary return rate available to independent researchers on request.
Commitment VII
Age-Differentiated Design
For users under 18, commitments I through V are mandatory rather than default. Minor users may not opt into engagement-optimized algorithmic ranking. Minor users may not enable push notifications during protected hours. Engagement metrics are not displayed to minor users under any condition. We implement a verification process to identify minor users with a documented accuracy rate, reported annually in our compliance disclosure.
Commitment VIII
Algorithmic Transparency
When we offer users an opt-in algorithmic content ranking, we disclose in the opt-in interface the specific behavioral objectives the algorithm is optimized for, in plain language accessible to a non-technical user. We publish an annual algorithmic transparency report describing our recommendation systems' design objectives, the behavioral data used to generate recommendations, and the documented behavioral effects of our recommendation systems on user time-on-platform and user-reported wellbeing.
Section III

Verification and Audit Architecture

The covenant's value depends entirely on verifiability. An unverifiable public commitment is marketing, not accountability. The verification architecture specifies what a third-party auditor would assess, how frequently, and on what basis.

Annual Third-Party Audit

Signatory platforms submit to an annual audit by a qualified independent auditor. The audit assesses compliance with each of the eight commitments through a combination of interface testing (commitments I–V are directly assessable by interacting with the platform as a user), data review (commitment VI requires access to internal metrics under NDA), and document review (commitments VII and VIII require documentation of verification processes and transparency reports).

The auditor publishes a public compliance report within 60 days of completing the audit. The report specifies for each commitment whether the platform is compliant, partially compliant, or non-compliant, with findings that support the determination. Non-compliance findings trigger a 90-day remediation period, after which a follow-up audit is conducted. Platforms that fail the follow-up audit are removed from the covenant's signatory list.

Continuous User Testing

Commitments I through V can be tested by any user at any time. The covenant's administrator maintains a protocol for user-submitted compliance reports, which are reviewed quarterly and may trigger interim audits if a pattern of non-compliance is documented. User-submitted reports are published in aggregate in the covenant's public register.

Auditor Qualification

Qualified auditors must have demonstrated expertise in platform design assessment, have no financial relationship with covenant signatories other than the audit engagement, and publish their methodology for public review. The covenant's administrator maintains a list of qualified auditors and may add or remove auditors based on the quality and independence of their work.

Commitment Verification Method Auditor Access Required User-Testable
I. Chronological-default feed New account creation and session observation Platform access as new user Yes
II. Opt-in notifications New account onboarding observation Platform access as new user Yes
III. Session awareness display Interface inspection during session Platform access Yes
IV. No engagement metrics in feed Feed interface inspection Platform access Yes
V. No autoplay Video content interaction testing Platform access Yes
VI. Voluntary return rate primary metric Internal metrics documentation review Internal metrics access (NDA) No
VII. Age-differentiated design Minor-account interface testing; verification documentation Minor-account access; process documentation Partial
VIII. Algorithmic transparency Opt-in interface review; transparency report review Platform access; published report Partial
Section IV

Commercial Viability

The covenant's eight commitments are not commercially neutral. They impose real costs: reduced engagement from chronological feeds and opt-in notifications, reduced advertising precision from reduced behavioral data collection, engineering investment for age verification and session awareness. These costs are real and should be acknowledged rather than minimized.

The commercial viability argument for covenant adoption rests on four claims. Each is arguable; none is certain.

Trust premium. Platforms that have credibly demonstrated commitment to user cognitive wellbeing will command a trust premium among users who are aware of and concerned about attention capture harms — a group that research suggests is growing as the evidence base for harm becomes more widely known. This trust premium may translate to higher voluntary return rates, lower churn, and stronger brand advocacy. These are commercial benefits that partially offset the engagement reduction costs.

Regulatory anticipation. Platforms that adopt covenant commitments before mandatory standards are enacted will face lower compliance costs when those standards arrive. The engineering investment required to implement covenant commitments is non-trivial but finite; platforms that have already invested will have structural advantage over competitors who must retrofit their systems to comply with mandatory standards under regulatory deadline pressure.

Investor and ESG market access. The growth of ESG (environmental, social, governance) investing has created a class of investors who apply non-financial criteria to investment decisions. Platform design ethics is increasingly relevant to ESG assessment frameworks. Covenant adoption, backed by third-party audit, provides an objective basis for platform ethics assessment that ESG frameworks can apply.

First-mover differentiation. The platform that becomes the first covenant signatory acquires a differentiating commitment in a market where cognitive-sovereignty-conscious users currently have no verified choice. First-mover differentiation benefits decay as more platforms adopt the covenant, but they are significant in the early adoption period.

Counterpoint Acknowledged
No major platform will adopt the covenant voluntarily

The most serious objection to the voluntary covenant is that the major platforms — Meta, Google/YouTube, TikTok, X — will not adopt it because the engagement revenue they would sacrifice exceeds the benefits the covenant offers. This objection has substantial force. The trust premium, regulatory anticipation, ESG access, and first-mover benefits described above are real but modest relative to the hundreds of billions in annual behavioral advertising revenue that the covenant's commitments would constrain.

The response is that the covenant's target is not the major incumbents initially. It is the emerging platforms — new entrants in the social media space, existing platforms seeking differentiation in niche markets, and open protocol platforms building on ActivityPub or AT Protocol — for whom the covenant's commercial costs are lower and the differentiation benefits are higher. A covenant adopted by several emerging platforms, and shown by third-party audit to be viable, produces the proof of concept that changes the incumbent debate. The path to incumbent adoption runs through emerging platform adoption, not through directly convincing the incumbents.

Section V

From Voluntary to Mandatory

The Design Covenant is designed to become the template for mandatory standards. Its eight commitments are written in regulatory language rather than marketing language — they are specific, measurable, and verifiable in exactly the form that mandatory standards require. This is deliberate.

The path from voluntary covenant to mandatory standard has two stages. First, covenant adoption by a sufficient number of platforms to demonstrate that the commitments are commercially viable and operationally achievable produces the proof of concept that removes the “impossible” objection from the mandatory standard debate. Second, the covenant's text is available for incorporation into regulatory frameworks as minimum design standards, subject to modification through the regulatory process.

The Legal Architecture series identified the five anatomical elements of adequate cognitive sovereignty regulation (LA-001). The Design Covenant's eight commitments map directly onto those elements: commitments I and IV address design standards; commitment VII addresses age-differentiated protection; commitment VIII addresses algorithmic transparency and audit; commitments I–VII collectively address the liability attachment element (platforms that fail to implement them are in breach of the standard); and commitment VI addresses enforcement velocity by providing a metric that can be reported to regulators on an ongoing basis.

The covenant is not a regulatory substitute. It is a regulatory complement — and a legislative resource. Legislators drafting mandatory design standards can use the covenant text as a reference implementation, knowing that it has been tested against actual platform operations through the audit process. The covenant's compliance record, published annually, provides the evidentiary basis for regulatory claims about what is and is not commercially achievable.

Section VI

What Adoption Would Require

For the covenant to produce its intended effects, it needs adoption, audit, and administration. None of these are simple.

Adoption requires platforms willing to make public, auditable commitments on attention architecture. The most likely early adopters are: platforms built on open protocols with no behavioral advertising model (Mastodon instances, Bluesky, ad-free social networks); startup social platforms seeking differentiation from incumbents; corporate social tools (Slack, Microsoft Teams equivalents) seeking to demonstrate employee wellbeing commitment; and educational technology platforms for whom child safety commitments are existential business requirements rather than commercial constraints.

Audit capacity requires the development of a qualified auditor community with expertise in platform design assessment. This expertise currently exists within academic research groups studying platform design and within some consulting firms specializing in digital ethics assessment. The covenant's administrator would need to develop and publish audit methodology, train or certify qualified auditors, and create a quality assurance process for audit results.

Administration requires an independent organization that manages the covenant's signatory list, administers the audit process, publishes compliance reports, and adjudicates compliance disputes. This could be a new nonprofit organization, an existing digital rights organization with expanded mandate, or an international standards body. The administrator's independence from covenant signatories is essential; an administrator with financial dependence on signatory fees has a structural conflict with independent enforcement.

Section VII

The Covenant

The Design Covenant series began with a claim: that ethical attention design is not the absence of bad practices, but the presence of specific design commitments that are technically achievable, commercially arguable, and cognitively protective. This paper has attempted to demonstrate that claim by translating it into a specific, verifiable, signable instrument.

The eight commitments are not the final word on what ethical attention design requires. They are a starting point — a first-generation standard that will need to evolve as the evidence base develops, as verification methods improve, and as the commercial landscape of social media changes. The covenant's amendment process, administered by its independent administrator, is designed to allow that evolution.

What the covenant cannot be is aspirational. The difference between a covenant and a statement of values is the audit. The difference between the audit and the annual corporate sustainability report is independence. The difference between independence and window-dressing is the willingness to publish non-compliance findings and remove non-compliant platforms from the signatory list.

Named Condition
The Covenant Standard
A specific, measurable, third-party-auditable set of design commitments that platforms may adopt voluntarily to demonstrate prioritization of user cognitive sovereignty over engagement maximization — serving simultaneously as a user-facing trust signal, an investor-facing ethics metric, a regulatory-facing reference implementation, and a commercially-demonstrated proof of concept that removes the infeasibility objection from mandatory design standard proposals, designed to become the template for mandatory standards as the voluntary adoption record accumulates sufficient evidence to support regulatory adoption.

The series ends here. The Legal Architecture documented what the law must require. The Design Covenant documented what ethical design requires. The gap between these two — between what is required and what is practiced — is the operational field of the cognitive sovereignty project.

The Measurement Reformation series (MR-001 through MR-004) will address the final structural prerequisite: a new measurement framework that makes it possible to assess whether platforms are actually serving user cognitive wellbeing, and that provides the regulatory bodies and civil society actors monitoring compliance with the tools they need to do so rigorously. Without new measurements, new standards are assessed against old metrics. The Measurement Reformation addresses that gap.

Sources and References

  • Harris, Tristan. Testimony before the Senate Commerce Subcommittee on Consumer Protection. June 25, 2019; September 30, 2021.
  • Center for Humane Technology. "Humane Design Guide." humanetech.com, 2019–2024.
  • Global Alliance for Responsible Media (GARM). "Brand Safety Floor and Adjacency Standards." World Federation of Advertisers, 2019–2024. On voluntary industry standards with audit mechanisms.
  • Forest Stewardship Council (FSC). "FSC Principles and Criteria." fsc.org. On voluntary certification architecture with third-party audit as template.
  • ISO 26000. "Guidance on Social Responsibility." International Organization for Standardization, 2010. On voluntary CSR standard design.
  • Haugen, Frances. Whistleblower disclosures, October 2021.
  • Eyal, Nir. Indistractable: How to Control Your Attention and Choose Your Life. BenBella Books, 2019. On product design reform from a practitioner perspective.
  • Fogg, B.J. Persuasive Technology. Morgan Kaufmann, 2003.
  • Monteiro, Mike. Ruined by Design. Mule Books, 2019. On designer responsibility for design harms.
  • Vallor, Shannon. Technology and the Virtues: A Philosophical Guide to a Future Worth Wanting. Oxford University Press, 2016.
  • Luciano Floridi et al. "An Ethical Framework for a Good AI Society." Minds and Machines, 28(4), 2018. On specifiable ethical standards for technology systems.
  • The Institute for Cognitive Sovereignty. Legal Architecture Series (LA-001 through LA-005). 2026.
  • The Institute for Cognitive Sovereignty. Design Covenant Series (DC-001 through DC-004). 2026.
  • PAS 277:2023 (British Standards Institution). "Health, wellbeing and human factors — Digital health and care technologies." On auditable wellbeing standards for digital products.
  • Age Appropriate Design Code (UK Children's Code). Information Commissioner's Office, 2021. On design standard templates for digital products.
← Paper IV: The Open Protocol Future
Next Series: Measurement Reformation →
How to Cite

The Institute for Cognitive Sovereignty. (2026). The Design Covenant [ICS-2026-DC-005]. The Institute for Cognitive Sovereignty. https://cognitivesovereignty.institute/design-covenant/the-design-covenant

The Complete Design Covenant Series

References

Internal: This paper is part of The Design Covenant (DC series), Saga V. It draws on and contributes to the argument documented across 20 papers in 5 series.

External references for this paper are in development. The Institute’s reference program is adding formal academic citations across the corpus. Priority papers (P0/P1) have complete references sections.