What happens if someone breaks the rules?
Source: Dev.to
Introduction
Last weekend my good friend Jos van Schouten and I presented a session in the Community devroom at FOSDEM. Between the two of us we’ve run a lot of events, and we’ve learned this: when someone violates your Code of Conduct, what makes all the difference is whether the organizers are prepared to act.
Today almost every event has a Code of Conduct. We weren’t going to cover what makes a good document or why it exists; instead we wanted to talk about the moment nobody likes to plan for.
Disclaimer: We won’t cover what happens when someone breaks the law at your event either – something I unfortunately have experience with*.
Most organizers don’t like to think about this part. We spend months planning the conference, worrying about schedules and speakers, food, Wi‑Fi, etc. But when the Code of Conduct gets mentioned, the room goes quiet.
And it’s not because we don’t care. We care a lot. We’re afraid to get it wrong. We tell ourselves things like:
“Famous last words.”
When something does happen, the hardest part isn’t the offense itself; it’s the scramble to respond. Because we need to answer questions such as:
- Who should respond?
- What’s the right time‑frame?
- Who needs to be involved?
- Who should not be involved?
- What do we tell the person reporting an issue?
- What do we tell others?
When the answers aren’t clear beforehand, organizers freeze, defaulting to waiting – waiting for more info, waiting to be sure, waiting to talk to someone else…
Why “waiting” is not neutral
Waiting becomes a problem when power is involved. What if the person reported is a keynote speaker? A platinum sponsor? An organizer?
From the perspective of the person reporting, waiting feels like you’re not taking their experience seriously. Even if the final decision is technically correct, trust is often already damaged.
Real‑World Scenarios
1. Open Space Discussion on Hiring Women (2023)
An integral part of a DevOpsDays event is Open Spaces – an unconference format where attendees suggest topics, discuss without slides, and share ideas.
- Topic: “Hiring more women.”
- What happened: A comment was made that “in the Netherlands, women with a headscarf are hired over more qualified men, and positive discrimination is not right.” No one formally reported an incident, but the comment made several people uncomfortable.
How we handled it:
- We addressed the issue on the main stage: “We don’t appreciate comments suggesting marginalized groups receive preferential treatment regardless of skills.”
- Lesson: When possible, have all organizers briefed on the Code of Conduct and ensure at least one organizer is present in each breakout room.
- When short‑staffed: Anticipate which topics might be controversial and assign a CoC team member accordingly.
2. Sponsor Pitch Amid Geopolitical Tension (DevOpsDays Amsterdam 2024)
Global events can create strong emotions in communities, especially ours. One of our sponsors was headquartered in Israel, while Amsterdam was seeing protests about the situation in Gaza.
Preparation steps:
- Held a pre‑event meeting with the sponsor to discuss “what‑if” scenarios.
- Defined a clear response plan:
- If an audience member shouted “Free Palestine” during the pitch, the MC would follow a scripted line.
- A Code of Conduct team member would later approach the interrupter, reminding them that interrupting a fellow community member is a CoC violation.
Outcome:
- The sponsor was not interrupted and reported no negative interactions.
- They thanked us for the proactive approach, noting past unpleasant experiences at other conferences.
3. Israeli Speaker & Attire (2025)
We prepared similarly for an Israeli speaker who ultimately could not attend due to travel restrictions. In 2025, two Israeli team members joined us.
- We discussed how we would handle possible comments.
- One speaker wore a keffiyeh; because we had already talked about buttons/patches with flags, we felt this was covered and allowed.
4. Avoiding Sponsorship from Conflict‑Zone Companies
Some DevOpsDays events have chosen to avoid accepting sponsorship from companies registered in countries currently in conflict, citing an inability to guarantee everyone’s safety.
5. University Venue with Limited Security
An event held at a university (large student audience, partial venue reservation) anticipated friction but lacked the manpower and budget for external security.
- They decided not to accept high‑risk sponsors and limited controversial sessions.
Takeaway: Your mileage may vary. You might decide differently, but the point of this talk is that you should think through and decide on the boundaries your team commits to.
Preparation Checklist
When we talk about preparation, many people immediately think about writing a policy. That’s only part of it. Below is a concise checklist you can copy into your own repo or wiki.
| ✅ | Item | Details |
|---|---|---|
| 1 | CoC Briefing for All Organizers | Hold a mandatory session at least 2 weeks before the event. |
| 2 | Assign a CoC Lead | One person (or small team) with authority to act. |
| 3 | Room‑by‑Room Coverage | Ensure at least one trained organizer is present in every breakout room. |
| 4 | Scenario Planning | List potential “hot‑button” topics (e.g., politics, gender, geopolitics). Draft response scripts. |
| 5 | Sponsor & Speaker Communication | Reach out early, explain the CoC, and discuss any concerns. |
| 6 | Incident Reporting Channel | Provide a clear, anonymous way to report (e.g., email, Slack, form). |
| 7 | Response Timeline | Define maximum time to acknowledge (e.g., 30 min) and to resolve (e.g., 24 h). |
| 8 | Post‑Incident Review | After each incident, debrief, update the playbook, and share lessons. |
| 9 | Documentation | Keep the CoC, response plan, and scenario list in a public repo for transparency. |
| 10 | Safety & Security Assessment | Evaluate venue security, crowd control, and need for external staff. |
Closing Thoughts
- Preparation beats panic. Knowing who does what and when removes the need to “wait.”
- Transparency builds trust. Share your CoC and response plan with attendees, sponsors, and speakers ahead of time.
- Flexibility matters. Be ready to adapt the plan if the situation evolves, but keep the core principles (respect, safety, fairness) constant.
By thinking through these boundaries and committing to a clear response process, you’ll empower your team to act confidently—and protect the community you’ve worked so hard to build.
Code of Conduct – Practical Guidance for Organizers
The following notes are meant to help you turn a Code of Conduct (CoC) from a static document into a living process that actually protects your community.
1. Reporting – What Attendees Need to Know
| Question | Suggested Answer |
|---|---|
| How can someone report an issue? | Provide a clear, always‑available channel (e‑mail address, web form, phone line, or a dedicated Slack/Discord channel). |
| Are reports named or anonymous? | Offer both options. Explain the trade‑offs: named reports are easier to follow up on, while anonymous reports feel safer but are harder to act on. |
| What happens after a report is received? | Outline the steps: receipt → acknowledgement → triage → investigation → decision → follow‑up. |
| What possible actions can result from a report? | • Verbal or written warning • Private apology • Public apology • Request to leave the event • Referral to an external governing body (if needed) |
Tip: Publish this information on the event website, in the registration confirmation e‑mail, and on‑site (e.g., on badges or signage).
2. Who Handles the Reports?
- Named CoC team – an absolute must‑have.
- Escalation path – clearly defined (e.g., the Core team for DevOpsDays).
- “On‑call” schedule – rotate responsibility so someone is always reachable.
Example: At the annual PostgreSQL Europe conference we kept a CoC phone that four team members took turns carrying throughout the event.
Defining Roles
| Role | Primary Responsibility |
|---|---|
| CoC Team Lead | Receives reports, coordinates response, ensures escalation path is followed. |
| CoC Team Members (on‑call) | Triage reports, provide immediate support, document actions. |
| Organizers (non‑CoC) | May be approached for informal venting, but should direct formal reports to the CoC team. |
| External Liaison (optional) | Handles cases where an organizer is the subject of the report. |
Who should not be involved?
- Not every organizer needs to know every detail.
- Limit information to those who need it to protect privacy and reduce emotional burden on the team.
3. Building a Balanced Team
- Diversity matters: aim for a mix of genders, employers, and backgrounds.
- Include at least one non‑organizer on the CoC team – this helps participants feel safe reporting issues involving organizers.
4. Practice – Preparing for the Real Thing
- Write short scenario prompts (no need for full scripts).
- A report comes in about a speaker during the event.
- A sponsor behaved inappropriately at a social gathering.
- An organizer is named in the report.
- Discuss each prompt as a team:
- Who receives the report?
- Who is present in the discussion?
- Where do we feel unsure or uncomfortable?
- Identify cultural expectations:
- How much should we communicate publicly?
- What tone feels respectful versus over‑exposure?
- Iterate: If you’re stuck, reach out to other conferences or look at past incidents from your own event for inspiration.
Note: This isn’t role‑playing; it’s a structured “paper‑walkthrough” to surface discomfort before the event when stress levels are high.
5. Decision‑Making & Enforcement
| Situation | Possible Response |
|---|---|
| Minor breach (e.g., inappropriate comment) | Private warning, reminder of CoC. |
| Repeated or serious breach (e.g., harassment) | Apology (private or public), request to leave, or removal from the event. |
| Public incident (e.g., on‑stage harassment) | Public statement, immediate action (e.g., speaker removal). |
| Organizer named in a report | Escalate to the external liaison or an independent body. |
Proportionality
- Goal: Reduce the chance of recurrence and keep the community feeling safe.
- Consider: severity of the behavior, power dynamics, impact on other attendees.
Types of Violations
- Serious violation: Physical threat, non‑consensual sexual behavior, hate speech, repeated harassment.
- Minor violation: Unintentional micro‑aggression, breach of dress‑code, low‑impact disruption.
Decide in advance which categories trigger which actions so the team can act quickly and consistently.
6. Post‑Event Debrief
- Retro meeting with the CoC team (and optionally other organizers).
- Discuss:
- What went well?
- Where did we get stuck?
- Were any decisions contested?
- How did the on‑call schedule work?
- Update the CoC process based on lessons learned – this keeps the policy alive rather than static.
7. When External Escalation Is Needed
- Some incidents may need to be handed off to a governing body, legal counsel, or law enforcement.
- Document the hand‑off and inform the reporter (as much as confidentiality permits).
Quick Checklist for Organizers
- Publish clear reporting channels (named & anonymous).
- Define and publicise the escalation path.
- Assemble a diverse CoC team with at least one non‑organizer.
- Create an on‑call schedule and a dedicated contact method (phone, Slack, etc.).
- Run scenario‑based practice sessions before the event.
- Pre‑define violation categories and corresponding actions.
- Plan a post‑event debrief and process‑update cycle.
Closing Thought
Implementing a Code of Conduct is never “one‑size‑fits‑all.” The work you put into planning, practicing, and iterating will make the difference between a document that sits on a shelf and a living process that genuinely protects and empowers your community.
An incident, and relationships might be affected.
Even more reason to clearly document processes, and think hard about communication.
We can’t possibly attempt to cover all that we’ve learned running Code of Conduct response teams over the years, and we concluded our presentation with some open questions:
-
What if you know that a participant (speaker, sponsor, attendee) breached the code of conduct at another event?
- Do you deny them access to your event?
- Do you instruct your organizers team to be extra vigilant around this person?
- What is important to your decision?
-
If you have a Code of Conduct team, do you ask the team members to refrain from drinking alcohol for the duration of the event?
- We do, but it has certainly kept people from volunteering for the position.
Like many things in software and in life, your answer will be a version of “it depends”. We’re curious to hear about your experiences and thoughts, in the comments.
We received the request to share the Code of Conduct training we do, and we will once we cleaned it up!
If someone breaks the law, you get the authorities involved.