Conflict-sensitive MERL: what "do no harm" actually requires

Conflict-sensitivity is often invoked and rarely operationalised. In our practice, every engagement starts with a data-protection impact assessment, alignment to IASC operational guidance on data responsibility, and OECD-DAC conflict-sensitivity and Core Humanitarian Standard principles. Informed consent, distress-referral and takedown protocols are documented per deployment.

When AI sits anywhere in the workflow, explainability is not an add-on. Classifier outputs that affect named individuals pass a human-in-the-loop review before release. Narrative reports cite the indicators behind them. Forecasts ship with confidence intervals and the underlying signals they rest on. PII redaction is on by default. Data residency is set by the client, not the vendor.

In fragile contexts the architecture itself has to adapt. ECHO runs entirely on-device with no cloud call at interview time — built for Khartoum without power, South Kordofan without 3G, and reception centres where no data can leave the device. None of this is sufficient on its own. It is the floor we will not drop below, and it is the reason we pass on engagements where the floor would be lower.