Enable javascript in your browser for better experience. Need to know to enable it? Go here.
Close
Ask Tai
Ask Tai
Global Impact Reports Back

Advocating for responsible tech
 

Thoughtworks is committed to shaping the future of software development. We’re keenly aware of the incredible opportunities to use emerging technology to address everyone’s needs and create extraordinary impact in the world. In such a fast-changing environment, we have to be intentional about our governance processes, which includes keeping pace with regulatory frameworks. We’re working at all levels to ensure that our technologists, and our industry, are meeting the moment; ready to embrace the opportunities and equipped with best-practice approaches for delivering high-quality, safe and ethical software.

 

We believe principles should be established at the outset, which is why we train our Graduate Consultants as green software practitioners to ensure they know the right software practices, right from the start. And we share what we learn, so that others in the industry can benefit from our learnings. For example, our Looking Glass report highlights responsible AI and details our experiences of emerging practices, like our work on AI-powered datasets to help people with disabilities use public transport independently. 

 

And all of our work is grounded in our steadfast commitment to engineering excellence. Our sensible defaults and guardrails, such as transparency, efficient code and automation of security and compliance, are more crucial in the AI era than ever before.

Abstract image of yellow flowers and AI cubes
Abstract image of yellow flowers and AI cubes

Security and data privacy

 

To ensure global security coverage, Thoughtworks combines centralized Global Cyber Defense and Security Architecture teams with regional Business Information Security Officers (BISOs). This is supported by our Security Champions program, which fosters a security-first mindset across all operations, from corporate functions to client delivery.

By embedding security into our core workflows, we build resilience into our clients' infrastructure. Security is integrated throughout the client lifecycle via our Sensible Default Playbook and our award-winning Security Champions program

 

Photo of two Chinese Thoughtworkers, both wearing glasses, in a discussion at a laptop, AI cubes are building something out of the machine.
Photo of two Chinese Thoughtworkers, both wearing glasses, in a discussion at a laptop, AI cubes are building something out of the machine.

2025 highlights


  • Became Global ISO 27001 certified. This certification is a testament to the certification is a testament to security. Other certifications include CE+ and TISAX for specific regions / offices alongside ISO9001, ISO 14001 and ISO 20000.
  • Created a 90-day development journey, designed to elevate new Security Champions from foundational to leadership levels through continuous learning.
  • Deployed a new AI-driven phishing simulation platform alongside targeted awareness campaigns.
  • Implemented passkey technology to strengthen our authentication processes.
  • Launched specialized training for our recruitment team focused on deepfakes and AI, equipping them to identify technical anomalies and prevent fraud.
  • Increased document data leakage monitoring on the dark web.
  • Expanded our approach to building secure products, offering clients access to dedicated security leadership, strategic guidance and hands-on threat modeling.
  • Rolled out a custom-built AI platform designed to centralize security data and automate critical workflows.
  • Our Chief Information Security Officer, Nitin Raina, was recognized as CISO of the year for his visionary approach.

Explore in depth

Long exposure image showing people crossing a busy junction

Security-left overhaul for a Global Service Leader

Security-left overhaul for a Global Service Leader resolves over 1,000 vulnerabilities.

Read more
Long exposure photograph of people crossing a busy junction

MOSIP

Modular, open source tech for national digital identity systems, with over 180 million users.

Read more
Long exposure image of people crossing a busy junction, with AI cubes creating structures around them

Accessible government services with AI

Creating accessible government services with AI – ensuring there are no ‘wrong doors’ to seek support. 

Read more

AI Compliance framework 

A stand up between three Thoughtworkers, grouped around an ipad. Cubes create a wall behind them
A stand up between three Thoughtworkers, grouped around an ipad. Cubes create a wall behind them

Thoughtworks' AI Compliance framework is designed to ensure digital trust by integrating security and compliance across the entire AI lifecycle, from vendor procurement to client delivery. The foundational governance aligns with the ISO 42001 AI management framework and is anchored by an AI Compliance Policy. Operational diligence is overseen by the Technology Lifecycle Management (TLM) Group, which functions as the AI Governance Committee. This includes comprehensive due diligence for all new AI vendors and compliance assessments for internally built AI that is not associated with a client. To protect both the organization and its clients, AI-specific model clauses have been scripted for contracts to clarify responsibilities, reduce liability, and protect AI processed data.

 

The framework is supported by significant enablement and guidance tools to foster a compliant culture. This includes mandatory annual AI training for all Thoughtworkers, which covers aspects of AI Compliance alongside Infosec and Data Protection training. Internal guidance is provided through the AI Compliance Crib Sheet, that gives detailed instructions on compliance themes such as risk classification, data security, transparency, and fairness. AI compliance on client engagements is monitored via annual Account Health Monitoring (AHM) check-ins, and a path for AI Safety Champions is being developed for roll-out in 2026 to embed expertise within delivery teams.

 

Research: AI ethics

Two of our Thai colleagues, deep in discussion across a laptop. One is laughing and they have an office behind them with cubes
Two of our Thai colleagues, deep in discussion across a laptop. One is laughing and they have an office behind them with cubes

Our recent AI research investigates hidden biases and risks in generative AI models. We’ve developed ways to test how AI responds to the same individual in different cultural contexts, such as religion, nationality or socioeconomic background, helping to uncover subtle biases that could otherwise go unnoticed and enabling the development of more inclusive systems.


We've also examined how AI systems interpret and assign values, such as moral or ethical judgments, based on cultural cues. Our work shows that AI can make different assumptions about a person depending on their context, which risks reinforcing stereotypes or misrepresenting diverse perspectives. By understanding these patterns, we're helping shape AI systems that better respect cultural differences rather than oversimplifying them.

 

Alongside bias, we are addressing the responsible use of AI itself. In areas like scientific research, where trust and integrity are essential, we're investigating how easily AI-generated content can be used in place of human judgment.

 

Explore other chapters

Leading with inclusion
Read now
Partnering for social change
Read now
Committing to sustainability
Read now
Stewarding good governance and ethics
Read now

Explore the full Global impact report

Download now