Generative AI for Organizational Use: Internal Policy Checklist

FPF’s Generative AI for Organizational Use: Internal Policy checklist helps decision-makers revisit their internal policies and procedures. The Checklist provides guidance in four areas:

• Use in Compliance with Existing Laws and Policies for Data Protection & Security. Designated teams or individuals should revisit internal policies and procedures to ensure that they account for planned or permitted uses of generative AI. Employees must understand that relevant current or pending legal obligations apply to the use of new tools.
• Employee Training and Education. Identified personnel should inform employees of the implications and consequences of using generative AI tools in the workplace, including providing training and resources on responsible use, risk, ethics, and bias. Designated leads should provide employees with regular reminders of legal, regulatory, and ethical obligations.
• Employee Use Disclosure. Organizations should provide employees with clear guidance on when and whether to use organizational accounts for generative AI tools, as well as policies regarding permitted and prohibited uses of those tools in the workplace. Designated leads should communicate norms around documenting use and disclosing when generative AI tools are used.
• Outputs of Generative AI. Systems should be implemented to remind employees to verify outputs of generative AI, including for issues regarding accuracy, timeliness, bias, or possible infringement of intellectual property rights. Organizations should determine whether and to what extent compensation should be provided to those whose intellectual property is implicated by generative AI outputs. When generative AI is used for coding, appropriate personnel should check and validate outputs for security vulnerabilities.