Sample Generative Use Policy

An AI generated image of a policy manual

I. Purpose     

Artificial intelligence (AI) is a branch of computer science concerned with developing software that allows computer systems to perform tasks that imitate human cognitive intelligence. AI includes Generative AI, Natural Language Processing (NLP), and Large language models (LLM).

This AI policy is of utmost importance as it establishes guidelines and best practices for the responsible and ethical use of AI at [Company Name]. It ensures that [Company Name] employees use publicly available AI systems in a manner that aligns with [Company Name]’s values and complies with legal and regulatory standards.

This policy applies to all [Company Name] employees, contractors, and third-party individuals who have access to AI technologies or are involved in using AI systems on behalf of [Company Name].

II. Generative AI

Generative AI uses generative models to create new data—such as text, images, videos, or other content. These models learn patterns and structures from their input training data and then generate novel data with similar characteristics. In recent years, improvements in transformer-based deep neural networks, especially LLMs, have led to a boom in Generative AI systems. Some notable examples include:

  1. Chatbots: ChatGPT, Copilot, Perplexity, Gemini, and LLaMA. 
  2. Text-to-image AI: Systems like Stable Diffusion, Midjourney, and DALL-E. 
  3. Text-to-video AI: Sora. 

As part of our commitment to responsible AI use, [Company Name] is experimenting with Microsoft Copilot, an AI-powered productivity tool. It integrates with Microsoft 365 Apps, such as Word, Excel, PowerPoint, Outlook, and Teams, and combines the power of LLMs with files provided by SI, like a private cloud. 

[Company Name] is still reviewing the impact of publicly available Generative AI systems on its business operations and will update this policy as necessary as it reviews other new Generative AI systems. 

II. Use of Generative AI                                 

Before any employee utilizes a publicly available Generative AI system, the employee must verify that such use conforms to this policy.  [Company Name] employees cannot use Generative AI for any client work unless the employee confirms that the client has consented.                         

Generative AI may be used for R&D, testing, and non-firm-specific information (such as developing generic HR, accounting, or IT procedures). 

[Company Name] employees using a publicly available Generative AI system are required to:

  • Carefully review AI-generated content for accuracy. Generative AI systems are known to “hallucinate” false answers or information or provide information that is stale.
  • Treat every bit of information inputted into a Generative AI system as if it will go viral on the internet and be attributed to you or SI, regardless of the settings you have selected within the system (or the assurances made by its creators).
  • Inform your manager or other appropriate [Company Name] employee when work is created using Generative AI. Do not represent work that is AI-generated as being your own original work.

III. Prohibition on Entering Client Information into Generative AI                    

The following prohibitions apply to the use of any Generative AI system: 

  • Do not upload or input [Company Name]’s name into any Generative AI system or any information that could identify [Company Name].
  •  Do not upload or input confidential, proprietary, or sensitive [Company Name] information into any Generative AI system. Examples include passwords and other credentials, personnel material, information from documents marked Confidential, Sensitive, or Proprietary, or any other nonpublic [Company Name] information that might be useful to competitors or harmful to the [Company Name] if disclosed. This may breach [Company Name]’s obligations to keep certain information confidential and secure, risks widespread disclosure, and may cause [Company Name]’s rights to that information to be challenged.
  • Do not upload or input a client’s name, any information that could identify the client or any confidential or proprietary information into any Generative AI system. 
  • Do not upload or input information from a client or third party protected by a confidentiality agreement or court order into any Generative AI system. 
  • Do not upload or input personally identifiable information (“PII”) that directly identifies any individual, such as names, addresses, Social Security numbers, telephone numbers, e-mail addresses, likenesses, etc.

IV. Violations

Violating this policy may result in disciplinary action, up to and including immediate termination, and could result in legal action. If you are concerned that someone has violated this policy, report this behavior to any manager, executive officer, or any member of Human Resources.

V. Disclaimer

Nothing in this policy is designed or intended to interfere with, restrain, or prevent employee communications regarding wages, hours, or other terms and conditions of employment or any other rights protected by the National Labor Relations Act.