C.4 Artificial Intelligence (AI) Use Policy

Version: April 2025
Applies to: All employees, contractors, and third-party users
Aligned with: EU AI Act, ISO/IEC 27001 (A.6, A.5.10), ISO/IEC 42001 (AI Governance)

Purpose
To enable responsible, ethical, and secure use of AI within the organization. This includes internal business operations and AI-enabled services/products.

1. Scope
Covers all employees, affiliates, contractors, and external partners using or deploying AI tools on behalf of the company — including embedded tools and third-party services.

2. Key Definitions
- AI System: Software that performs tasks based on rules or training data
- Open AI System: User data may be shared or used for model training
- Closed AI System: Data is isolated per user and considered more secure
- Embedded AI Tools: Built-in features (e.g., MS Word spellcheck) that don't require approval
- High-Risk Use: AI use that impacts safety, rights, or legal standing (e.g., hiring, evaluations)

3. Core Principles
All AI use must be:

Principle Explanation
Lawful Follows local and international legal/regulatory frameworks
Ethical Fair, transparent, and accountable
Necessary Serves a valid business function — not just convenience
Supervised Reviewed by a qualified human before use or publication

4. Approved Use Rules
- Only approved AI tools may be used (except embedded tools)
- AI must support, not replace, subject-matter expertise
- All AI-generated content must be reviewed by a human before release
- No non-public, sensitive, or personal data may be entered into open AI systems
- Usage must be documented and tracked by team leads
- AI-generated code must be clearly marked and reviewed
- Contractual terms for any AI vendor must be cleared by Legal

5. Prohibited Use
You must not use AI for:
- Political lobbying or influencing governments
- Profiling based on race, gender, religion, etc.
- Entering trade secrets or confidential info into open AI systems
- Creating legally binding documents or giving legal advice
- Developing IP intended for patent/trademark protection
- Unapproved use of company resources for personal AI projects

6. High-Risk AI Use Areas
Use extreme caution and obtain pre-approval when AI is used for:
- Hiring or screening candidates
- Performance evaluations or promotions
- Educational assessments or admissions
- Handling personal data (even in closed systems)

7. Ethics in Practice
- Always get informed consent before using personal data in AI
- Be transparent about AI involvement — no deception
- Don't use AI for content that could harm reputation or violate rights
- Don't use AI for personal benefit on company time without permission

8. Training & Reporting
- All users must complete mandatory AI usage training
- Suspected violations should be reported to your manager or legal
- No retaliation for good-faith reporting

9. Sanctions
Non-compliance may result in:
- Training or written warnings
- Access suspension or termination
- Legal action for breaches of law or regulation

Direct URL:
Navigation
Back to Appendix C: Guidelines Policy Overview