Back to All Resources

Article

Establish Standards with an AI Use Policy

February 26, 2026
Share:
Concept illustration of artificial intelligence: robot and circuit board next to person and brain

Artificial intelligence (AI) opens the door to sharper insights, faster workflows and stronger service delivery. It also calls for disciplined attention to data privacy, clear decision-making processes and accountability at every level.

A clear AI use policy gives important structure to that balance. It helps teams pursue innovation while protecting public trust. It defines how and when AI can be applied, what standards must be met and who oversees the process. Most important, it reinforces that technology should always serve human judgment, never replace it.

Role of an AI Use Policy

With an AI use policy, an organization sets clear parameters for responsible AI use that protect the entity and the public, uphold best practice standards and reduce the likelihood of unintended outcomes.

An effective AI use policy offers practical direction so everyone knows how AI fits into the organization’s work and how employees individually are authorized to use it.

Key Elements to Include

Each entity should tailor an AI use policy to its size, systems and structure, but several components are universally important.

Purpose and principles: Explain how AI supports the entity’s mission, values and service to the community. Include guiding principles such as data protection, transparency, upholding public trust and maintaining human oversight.

Definitions: Clarify what qualifies as AI, automated decision-making or machine learning. This helps staff recognize when a system falls under the policy, including tools that bundle AI features by default, so they are evaluated and used appropriately.

Permissible and prohibited uses: Clearly identify which AI applications, business functions and data types are in scope and allowable uses. Addressing both AI tools and allowable data is important. Also be clear about AI uses that are not allowed and data that is prohibited to be used in AI systems.

Decision-making authority: Specify who approves AI tools, determines permissible uses and sets the purposes for which AI may be deployed. Clarify how to escalate questions about AI use and who ensures compliance with relevant regulations and internal standards.

Data governance: Describe how data used, generated or accessed by AI systems is sourced, secured, validated and retired. Address data ownership, retention, access and de-identification of not public data or other protected or sensitive information when AI tools are involved. Again, be clear about data that may not be used within AI systems.

Accountability: Identify who monitors AI outputs for validity, accuracy and appropriateness. Although some accountability will reside at a managerial or executive level, every person should remain responsible for his or her own AI outputs.

Gain Staff Support

A policy gains traction and compliance strengthens when team members understand its value and relevance. When staff feel informed and involved, they are more likely to follow guidelines consistently and avoid risky shortcuts.

To keep staff engaged throughout the process, consider:

  • Educating first. Use relatable examples, such as how AI systems support efficiency and how responsible use protects data.
  • Inviting collaboration. Ask staff where AI could remove bottlenecks or help them serve the public more effectively. Solicit feedback early and repeatedly to keep pace with AI innovation.
  • Connecting to the organization’s mission. Frame AI as a tool that enhances service, safeguards resources and advances the public interest. Reinforce that human expertise remains central to decision making.
  • Creating ownership. Assign an internal workgroup or cross-functional committee to maintain and review the policy. Visible leadership engagement signals commitment and accountability.

An inclusive approach builds trust, supports consistent compliance and helps ensure that the policy is a shared resource rather than a top-down mandate.

Put the AI Use Policy to Work

Mindful implementation turns policy from a document into daily practice. To embed an AI use policy effectively:

  • Provide staff training on acceptable AI use case examples and ensure that all staff have reviewed the policy.
  • Store the policy in an easily accessible location for staff to access and reference (e.g., intranet, network server).
  • Plan for periodic review of the AI use policy to keep pace with changing technology, regulations and operational expectations. Adjust provisions and practices as needed.

A Framework for Responsible Progress

AI enables public entities to analyze information at scale, identify trends faster and streamline work. It achieves its greatest value when guided by human intent and clarity about purpose. An AI use policy gives structure to innovation, protects data and reinforces standards of fairness and transparency.

By grounding every technological advancement in purpose and integrity, public entities can continue their long tradition of serving their communities responsibly with smarter tools and stronger guardrails.

Contact MCIT

MCIT members are encouraged to connect with Richard Miehe, MCIT risk management consultant for data security, with questions about an AI use policy or other data security concerns. Reach him at 866.547.6516.

© 2026 Association of Government Risk Pools. Reprinted with permission. Edits made to apply to MCIT member operations.

Topics

Cybersecurity and data breach Human Resources and employee management Risk management