Parts 1 and 2 of this series made the case for why your organization needs an AI use policy. This post gets into what that policy might actually contain.
There is no universal AI policy template that fits every nonprofit. The right policy for a large urban hospital system looks very different from the right policy for a small community organization. What follows is a set of questions and considerations to work through as your leadership, staff, and board shape something that reflects your organization, your values, and the people you serve.
What Tools Are We Talking About?
AI tools now range from chatbots and writing assistants to image generators, data analysis platforms, and automated scheduling software. Your policy needs to define what it covers.
Some organizations maintain a list of approved tools, vetted and authorized for staff use. Others establish categories of acceptable use and leave room for staff to use tools that fit within those categories. An approved list provides clearer guardrails but requires ongoing maintenance as tools change. A category-based approach offers more flexibility but requires staff to exercise more judgment. How much trust and autonomy do you want to extend to your team, and how much oversight does your work require?
How Should We Handle Confidential Information?
When staff use AI tools, what information are they permitted to enter? Client names, case details, medical information, immigration status, financial data, and similar content must have explicit guidance.
Free versions of many AI platforms use the information they receive to train and improve their models. Paid enterprise versions often operate under different terms. Your policy might distinguish between types of information and types of tools accordingly. The question to work through is not just what is prohibited, but what is permitted, under what conditions, and with what tools. Staff need guidance they can apply in the moment, not just a general warning to be careful.
Transparency and Disclosure
Funders, donors, and partners are increasingly asking whether AI was used in the communications and documents your organization produces. Your policy provides an opportunity to get ahead of that question.
Consider where disclosure makes sense for your organization. Grant applications and reports are an obvious starting point, particularly as funders begin to formalize their own expectations. Beyond those, think about donor communications, newsletter content, social media, and program materials. A line in the footer of a grant report, an acknowledgment in an annual appeal letter, or a note on your website about how your organization uses AI are all reasonable approaches depending on your context and audience.
Your leadership may also want to establish expectations related to disclosure internally. If staff are using AI to draft board reports, strategic plans, or external-facing communications, making that known builds a culture where AI use is intentional rather than assumed.
AI-Generated Images and Creative Content
For organizations that produce visual content, publications, or marketing materials, AI image generation is worth addressing directly in your policy. The ethical questions raised in Part 2 should be considered. Some organizations will decide AI-generated imagery is acceptable across the board, particularly when budget and timeline constraints make hiring an artist or creative to do the work difficult. Others will draw a clear line, especially when their mission is connected to community voice, equity, or creative industries. Many will land somewhere in between.
Your policy can give staff a framework without resolving every question permanently. Who makes the call on when AI-generated imagery is appropriate? Is there a review process? Are there certain instances, such as community-facing materials or annual reports, where the standard is higher?
Environmental Considerations
For organizations whose missions touch on environmental justice, climate, or sustainability, there may be real tension around using AI and the values of the agency. You might encourage staff to consider energy consumption when selecting tools, prefer providers with documented environmental commitments, or factor this into broader technology decisions. You might also decide this falls outside the scope of your policy at this stage. Either way, make the decision deliberately.
Who Is Responsible for Oversight?
Think through who in your organization owns AI governance. Who approves new tools? Who handles questions when a staff member is unsure whether a particular use is appropriate? Who updates the policy as the AI and technology landscape evolves? For smaller organizations, this may land with the executive director or a senior operations person. Larger organizations may want to establish a small working group or assign this to an existing technology or compliance function. Staff need to know where to go when they have questions.
Training and Support
How will your organization introduce this policy to your team? What ongoing support will be available? Are there staff who need more hands-on guidance than others? Many nonprofits operate with a limited budget for training. A good training does not require a large investment, but it does require a plan. A staff meeting walkthrough, a simple FAQ document, or a designated point person for questions can go a long way toward making sure the policy shapes behavior rather than sitting in a shared drive.
Keeping the Policy Current
AI tools are evolving faster than most organizational policies are designed to accommodate. A policy written today may need meaningful revision within a year. Build in a review cycle, whether annual or tied to a specific trigger such as the adoption of a major new tool or a change in funder requirements.