Empower AI
Close search
Back to Chapter

Chapter 2: I am an AI model

0% Complete
0/0 Steps
  1. Unit 1 - Starting from scratch
    6 Topics
    |
    2 Quizzes
  2. Unit 2 - Develop a personalised AI strategy for your business
    4 Topics
    |
    3 Quizzes

Quizzes

Chapter 2: I am an AI model Unit 1 – Starting from scratch 1.5 Establishing Internal Policies for Responsible LLM Use
Unit 1, Topic 6
In Progress

1.5 Establishing Internal Policies for Responsible LLM Use

Unit Progress
0% Complete

Now that we’ve explored how to evaluate and contract for AI software and Large Language Models (LLMs), the crucial next step is defining how these powerful tools will be used responsibly within your organization. Simply adopting an LLM service isn’t enough; clear internal guidelines are essential, even for smaller businesses, to harness the benefits while mitigating potential risks.

Why is an internal policy so important for an SME? Without clear rules, you might face issues like inconsistent brand messaging, accidental disclosure of confidential company or client data, copyright infringement risks from generated content, legal non-compliance (especially with regulations like GDPR), or even uncontrolled usage costs. A well-defined policy provides necessary boundaries and guidance for your team.

For example, your internal policy might explicitly allow employees to use a company-approved LLM for tasks like:

  • Brainstorming initial ideas for marketing campaigns or content outlines.
  • Summarizing lengthy, non-confidential internal documents or publicly available research.
  • Getting assistance with drafting standard internal communications, provided they are reviewed carefully.
  • Translating non-sensitive company materials for internal understanding.

Conversely, the same policy would likely prohibit (or require very strict controls and specific tool approvals for) actions such as:

  • Inputting any confidential client information, personal employee data (PII), or sensitive company financial/strategic plans into public or unvetted LLM tools.
  • Using AI-generated text directly in external client communications or official reports without thorough human review, editing, and fact-checking.
  • Employing LLMs to generate content that could violate copyright or plagiarize existing works.
  • Using personal or free, unauthorized AI tools for any company-related work.

Ultimately, the goal of establishing an internal LLM policy is to ensure these technologies are used ethically and effectively. Common objectives include protecting confidential information, maintaining legal and regulatory compliance, ensuring accountability for AI-generated outputs, managing associated risks, and fostering responsible innovation within clear boundaries.

Activity: “Build your own internal Policy”

The following template offers a starting point or framework for developing your own internal policy. It outlines key sections and guidelines covering the appropriate and effective use of LLMs and LLM-enhanced software features within an organization.

Company Name: [Enter Your Company Name Here]

Policy Effective Date: __________

Policy Version: __________

Introduction:

This document outlines the internal policy regarding the acceptable, ethical, and secure use of Large Language Models (LLMs) and LLM-enhanced software features within [Your Company Name]. Adherence to this policy is mandatory for all personnel specified below.

Purpose of this Policy:

[State the primary goal, e.g., To ensure responsible, secure, and effective use of LLMs in our business activities.]

[State secondary goal, e.g., To protect confidential information belonging to the company and its clients.]

[State compliance goal, e.g., To ensure compliance with GDPR and other relevant data protection regulations.]

[State risk/benefit goal, e.g., To maximize efficiency gains from AI while mitigating associated risks.]

Scope:

This policy applies to: [Specify personnel, e.g., All full-time and part-time employees, contractors, interns]

This policy covers: [Specify activities/tools, e.g., All use of LLMs for company-related work, Use of company-provided and external LLM tools]

  1. Definitions

1.1 Large Language Models (LLMs): Artificial Intelligence systems designed to understand and generate human-like text.

1.2 Approved LLM Tool(s): [List or reference the specific LLM tools, platforms, or software versions officially approved for use within the company.]

1.3 Confidential Information: [Define what constitutes confidential company and client information for the purpose of this policy.]

1.4 Personal Data: [Define based on GDPR/local regulations, e.g., Any information relating to an identified or identifiable individual.]

1.5 Other Key Terms:

  1. General Guidelines

2.1 Authorization:

Permitted LLM Tools/Platforms: [List specific tools/subscriptions approved for general or specific use.]

Prohibited LLM Tools/Platforms: [List specific tools/types explicitly banned for company work, e.g., public free web versions for sensitive tasks.]

Approval Process for Exceptions: [Describe the process, if any, for requesting permission to use non-approved tools and who grants approval.]

2.2 Training:

Required Training Content: [List topics, e.g., This Policy, Data Security Best Practices, Ethical AI Use, Identifying AI Bias.]

Personnel Required: [Specify who must complete the training.]

Completion & Tracking: [Describe how training will be delivered and completion tracked.]

2.3 Accountability:

[State clearly that the human user is fully responsible for reviewing, verifying accuracy, ensuring appropriateness, checking for bias/plagiarism, and ultimately owning any output from an LLM used for work.]

2.4 Transparency:

Disclosure Requirements: [Specify when disclosure of AI use is mandatory (e.g., client deliverables, published content) and when it might be optional (e.g., internal drafts). Describe the required method/phrasing for disclosure.]

  1. Use in Client Communications

3.1 Accuracy and Reliability: [Mandate human verification and editing of ALL AI-assisted client communications before sending. Specify quality standards.]

3.2 Confidentiality: [State the rules regarding client data VERY clearly. E.g., Explicitly prohibit inputting client confidential/personal data into non-approved tools. Specify conditions ONLY for approved, secure tools if applicable, referencing necessary agreements/compliance.]

3.3 Professionalism: [Require all AI-assisted communication to be edited to match the company’s brand voice, tone, and professional standards.]

  1. Use in Report Creation

4.1 Quality Assurance: [Mandate human review, critical editing, fact-checking, and addition of context/analysis for all AI-assisted reports.]

4.2 Attribution: [Specify if/how AI assistance must be acknowledged or cited in internal or external reports.]

4.3 Data Security: [Reinforce rules against inputting sensitive company data (financial, strategic) into unapproved LLMs.]

  1. Use in Product Writing and Design

5.1 Innovation Support: [Clarify approved uses (e.g., brainstorming, initial drafts) and mandate human oversight for final review (originality, accuracy, brand fit, compliance).]

5.2 Compliance Checks: [Require checks for potential IP infringement (copyright, plagiarism) for AI-generated content intended for public or commercial use.]

5.3 Ethical Considerations: [Prohibit generating misleading, biased, discriminatory, or harmful content. Define specific ethical boundaries relevant to your business/industry.]

  1. Data Privacy and Security

6.1 Personal Data Protection: [Establish clear rules based on GDPR/local laws for inputting any personal data. Reference consent needs and list ONLY approved, secure tools/processes if applicable.]

6.2 Data Minimization: [Instruct users to provide only the minimum data necessary for the task when using approved tools.]

6.3 Secure Usage: [Specify security practices: secure connections, approved devices, secure handling/storage of sensitive outputs.]

  1. Compliance and Legal Considerations

7.1 Regulatory Adherence: [State the requirement to comply with all applicable laws (data privacy, industry-specific regulations).]

7.2 Intellectual Property Rights: [State the requirement to respect third-party IP. Clarify expectations regarding understanding the IP ownership/usage rights of content generated by approved tools.]

7.3 Third-Party Policies: [Mandate adherence to the Terms of Service and Acceptable Use Policies of all approved third-party LLM providers.]

  1. Training and Support

8.1 Mandatory Training: [Outline scope, frequency, and audience for mandatory training.]

8.2 Resource Access: [Specify where to find guidelines, approved tool lists, support contacts, or help with policy questions.]

8.3 Continued Education: [Outline expectations for staying informed on policy updates and best practices.]

  1. Monitoring and Review

9.1 Usage Monitoring: [State if/how usage of approved tools may be monitored (compliance, cost, security) and the purpose.]

9.2 Feedback Mechanisms: [Define the process for reporting issues, concerns, or suggestions related to LLMs or this policy (e.g., contact person/department).]

9.3 Policy Review: [State the frequency for formal policy review and updates (e.g., Annually, or as needed).]

  1. Responsibilities

10.1 Employees/Users: [List key responsibilities: Follow policy, complete training, verify output, use securely, report issues.]

10.2 Managers: [List key responsibilities: Ensure team awareness/compliance, provide guidance.]

10.3 Compliance Officer/Designated Body: [Identify the role/person responsible for policy oversight, tool approvals, issue resolution.]

  1. Violations and Disciplinary Actions

11.1 Non-Compliance: [State that violation may lead to disciplinary action, referencing company procedures and potential consequences.]

11.2 Reporting Violations: [Outline the procedure for reporting suspected violations.]

  1. Acknowledgement

[State the requirement for personnel covered by the policy to formally acknowledge they have read, understood, and agree to comply. Describe the acknowledgement method (e.g., signed form, digital checkbox).]

Acknowledgement Signature:

I, the undersigned, acknowledge that I have received, read, understood, and agree to abide by the terms of this Internal Policy for Use of Large Language Models (LLMs).

Employee Signature: _________________________

Printed Name: _________________________

Date: _________________________

Example of Policy using the Template

Internal Policy for Use of Large Language Models (LLMs)

This policy outlines the guidelines for the appropriate and effective use of LLMs and LLM-enhanced software features within our organization. It applies to all employees, contractors, consultants, temporary staff, and other workers at the company, including all personnel affiliated with third parties. It covers all use of LLMs and LLM-enhanced software features in activities such as client communications, report creation, product writing, design, and any other business-related tasks. The purpose of this specific policy is to:

  • Ensure the responsible and ethical use of LLMs in all business activities.
  • Protect client confidentiality and company proprietary information.
  • Maintain compliance with applicable laws, regulations, and industry standards.
  • Enhance efficiency while mitigating risks associated with the use of AI technologies.

Definitions

  • Large Language Models (LLMs): Advanced AI systems capable of understanding and generating human-like text based on deep learning algorithms.
  • LLM-Enhanced Software Features: Software functionalities that incorporate LLMs to augment user capabilities, such as predictive text, content generation, or automated summarization.

General Guidelines

  • Authorization: Only use company-approved LLM tools and software. Unauthorized use of external LLM services is prohibited unless explicitly permitted for specific, non-sensitive tasks under clear guidelines.
  • Training: Users must complete requisite company training on the responsible use of LLMs and this policy before utilizing them in their work.
  • Accountability: Users are ultimately responsible for the output generated or assisted by LLMs they use. This includes verifying accuracy, ensuring appropriateness, and checking for potential issues like bias or plagiarism before using the output.
  • Transparency: Disclose when content is generated or significantly assisted by an LLM where appropriate or required by company guidelines, particularly in external communications or formal reports.

Use in Client Communications

  • Accuracy and Reliability: ALWAYS verify all LLM-generated communications for factual accuracy, contextual appropriateness, and tone before sending to clients. Do not rely solely on AI output.
  • Confidentiality: STRICTLY PROHIBITED: Do not input, paste, or otherwise disclose confidential client information or personal data into public or unauthorized LLMs. Only use approved, secure tools where data handling complies with privacy laws (e.g., GDPR), client agreements, and company policies.
  • Professionalism: Ensure all AI-assisted communications strictly adhere to the company’s standards for professionalism, brand voice, and tone.

Use in Report Creation

  • Quality Assurance: Thoroughly review and critically edit LLM-generated reports or sections to ensure they meet the company’s quality, accuracy, and analytical standards. Add necessary context, analysis, and verification.
  • Attribution: If required by company guidelines or academic/professional standards, attribute the use of LLMs in the creation of reports appropriately.
  • Data Security: Avoid inputting sensitive company financial data, strategic plans, or other proprietary information into LLMs that lack explicit company approval and appropriate security assurances.

Use in Product Writing and Design

  • Innovation Support: LLMs can be leveraged for brainstorming, idea generation, and drafting initial concepts. However, all final product descriptions, designs, or creative outputs must be reviewed by humans for originality, accuracy, compliance, and strategic alignment.
  • Compliance Checks: Ensure all AI-assisted content complies with intellectual property laws (copyright, trademark) and does not infringe on third-party rights. Verify originality where needed.
  • Ethical Considerations: Avoid using LLMs to create content that is knowingly false, misleading, biased, discriminatory, harmful, or otherwise unethical.

Data Privacy and Security

  • Personal Data Protection: Do not input personal data (of clients, employees, or others) into LLMs unless explicit consent has been obtained where required, data processing agreements are in place (if applicable), and the tool used is company-approved for handling such data under GDPR or other relevant regulations.
  • Data Minimization: When using approved tools for tasks involving necessary data, only provide the minimum amount of information required for the LLM to perform the task effectively.
  • Secure Usage: Ensure that any interaction with LLMs, especially if involving company data, occurs through secure connections and approved platforms. Follow company guidelines for storing or handling outputs that may contain sensitive information.

Compliance and Legal Considerations

  • Regulatory Adherence: All use of LLMs must comply with applicable laws and regulations, including data protection laws (GDPR, CCPA, etc.) and any industry-specific regulations relevant to our business.
  • Intellectual Property Rights: Respect all copyrights, trademarks, patents, and other intellectual property rights. Do not use LLMs to generate content that infringes on these rights. Understand the ownership and usage rights of AI-generated output based on the tool’s terms.
  • Third-Party Policies: When using company-approved third-party LLM services (e.g., via API), adhere strictly to their terms of service and usage policies.

Training and Support

  • Mandatory Training: All relevant personnel must participate in mandatory training sessions covering this policy, ethical AI use, data security practices, and effective prompting techniques for approved tools.
  • Resource Access: Utilize company-provided resources, guidelines, and designated support channels for assistance or clarification on LLM-related tasks and policies.
  • Continued Education: Stay informed about updates to this policy, approved tools, and emerging best practices regarding LLM usage in a business context.

Monitoring and Review

  • Usage Monitoring: Be aware that the company may monitor the usage of approved LLM tools to ensure compliance with this policy and manage associated costs or risks.
  • Feedback Mechanisms: Promptly report any issues, unexpected outputs, potential security concerns, or ethical dilemmas related to LLM use to your supervisor or the designated compliance officer/department.
  • Policy Review: This policy will be reviewed periodically (e.g., annually or as needed) and updated to reflect technological advancements, evolving regulations, and business needs.

Responsibilities

  • Employees/Users: Adhere strictly to this policy, complete required training, use LLMs responsibly and ethically, ensure the accuracy and appropriateness of AI-assisted work, and report concerns.
  • Managers: Ensure team members are aware of, understand, and comply with this policy. Provide necessary support and guidance regarding the appropriate use of approved LLM tools.
  • Compliance Officer/Designated Body: Oversee adherence to this policy, manage approvals for LLM tools (if applicable), handle reported violations or concerns, and coordinate policy reviews and updates.

Violations and Disciplinary Actions

  • Non-Compliance: Failure to comply with this policy may lead to disciplinary action, which could range from retraining or warnings up to and including termination of employment or contract, depending on the severity of the violation.
  • Reporting Violations: Employees are encouraged and expected to report any suspected violations of this policy through appropriate channels (e.g., manager, compliance department, anonymous hotline if available).

Acknowledgement

  • All employees and relevant personnel are required to formally acknowledge that they have read, understood, and agree to comply with this internal policy regarding the use of Large Language Models.
Previous Topic
Next Unit

home

about

results

partners

materials

news

contact