Generative AI for Organizational Use: Internal Policy Considerations

FILTER
May 6, 2025

The Future of Privacy Forum (FPF) Center for Artificial Intelligence released a newly updated version of our Generative AI internal compliance document – Generative AI for Organizational Use: Internal Policy Considerations, with new content addressing organizations’ ongoing responsibilities, specific concerns (e.g., high-risk uses), and lessons taken from recent regulatory enforcement related to these technologies. In 2023, FPF published a generative AI compliance checklist, which drew from a series of consultations with practitioners and experts from over 30 cross-sector companies and organizations, to provide organizations with a powerful tool to help revise their internal policies and procedures to ensure that employees are using generative AI in a way that mitigates data, security, and privacy risks, respects intellectual property rights, and preserves consumer trust. 

Generative AI uses have proliferated since the technology’s emergence, transforming how we interact, work, and make decisions. From drafting emails and computer code to performing customer service functions, these technologies have made significant progress. However, as generative AI continues to advance and find new applications, it is essential to consider how the internal policies governing them should evolve in response to novel challenges and developments in the compliance landscape.

Key takeaways from the Considerations document include:

  • Privacy, data protection, and AI impact assessments are ongoing responsibilities that entail cross-team collaboration from across the organization;
  • Employees using generative AI systems should be aware of public policy considerations—such as those related to addressing bias and toxicity—that override system outputs in order to mitigate or prevent the social and ethical harms that may arise from the deployment of generative AI systems;
  • In addition to privacy counsel, organizations should engage with experts representing a variety of legal specialties to issue spot and identify appropriate mitigations; 
  • Organizations that develop and use generative AI tools should follow the latest enforcement trends, such as algorithmic disgorgement, and use them to encourage internal compliance with legal requirements; and
  • It is important for organizations to evaluate whether certain applications of generative AI systems either qualify as high-risk uses, or are prohibited under relevant laws, such as the EU AI Act, as these determinations can affect organization’s compliance obligations and the contents of internal policies.
Published: Last Updated: May 6, 2025
check,mark,on,abstract,blue,backgroud.,quality,control,,guarantee,,checklist,
Download the Report