Sponsored content by Qlic IT
Artificial Intelligence is no longer something charities can afford to ignore. From drafting funding applications and creating social media content to analysing data and improving internal efficiency, AI tools are already becoming part of day-to-day operations across the not-for-profit sector.
But while AI presents huge opportunities, it also introduces significant risks around data protection, governance, cybersecurity, accuracy, and ethical use. For charity leaders and trustees, the challenge is no longer deciding whether AI will be used within the organisation, it’s understanding how to manage it responsibly.
Why charities need an AI policy
Many organisations are already using AI without formal oversight. Staff may be experimenting with tools like Microsoft Copilot or ChatGPT to save time and improve productivity, often without clear guidance on what is and isn’t acceptable.
Without an AI policy, charities risk:
- Sensitive data being shared with external AI tools
- Incorrect or misleading information being published
- Staff using unapproved or insecure platforms
- Breaches of GDPR or confidentiality obligations
- Reputational damage from inappropriate AI-generated content
- Lack of accountability around decision-making
An AI policy helps organisations balance innovation with governance, ensuring staff can benefit from AI safely and responsibly.
What should an AI policy include?
Every charity’s approach will be different depending on size, risk profile and operational needs, but most AI policies should cover the following areas:
Approved AI tools
Clearly define which AI platforms staff are permitted to use and whether personal accounts are allowed. This helps reduce the risk of staff unknowingly using insecure or non-compliant tools.
Data protection & confidentiality
One of the biggest risks with AI is data exposure. Your policy should clearly state that confidential, sensitive or personal data must never be entered into public AI tools unless appropriate safeguards and agreements are in place. This is particularly important for charities handling beneficiary, donor or safeguarding information.
Human oversight
AI should support decision-making, not replace it. Policies should reinforce that all AI-generated content, recommendations or outputs must be reviewed by a human before being published or acted upon.
Accuracy & bias
AI can generate incorrect, misleading or biased responses. Your policy should encourage staff to fact-check outputs and remain aware of the limitations of AI-generated information.
Cybersecurity
AI tools can also introduce cybersecurity risks, particularly through unapproved applications or browser extensions. An AI policy should align with broader cybersecurity and acceptable use policies already in place within the organisation.
Ethical use
Charities should consider how AI aligns with their organisational values.
For example:
- Is AI being used transparently?
- Could it unintentionally disadvantage certain groups?
- Are staff and service users aware when AI is being used?
For mission-driven organisations, ethical considerations are just as important as technical controls.
Building an AI policy: where to start
Understand current usage
Before writing a policy, identify what AI tools staff are already using and for what purpose. You may discover AI is already being widely adopted informally across teams.
Assess organisational risk
Consider what type of data your charity handles, what regulatory obligations apply, and what would the impact of misuse look like. Higher-risk organisations may require stricter controls and approval processes.
Define clear boundaries
Provide practical guidance around what staff can use AI for, what they should avoid, and when additional approval is needed. The clearer the guidance, the easier adoption becomes.
Train staff
Policies alone are not enough, staff need training to understand the risks associated with AI, good practice, data handling responsibilities, and how to use tools effectively and securely. Awareness and education are essential to reducing risk.
Review regularly
AI technology is evolving rapidly. Your policy should be reviewed regularly to ensure it remains aligned with emerging risks, tools and regulations.
AI should support your mission
When implemented responsibly, AI has the potential to help charities work more efficiently, reduce administrative burden, and free up valuable time for mission-focused work.
An AI policy is not about restricting innovation. It’s about creating a safe and practical framework that allows organisations to embrace AI confidently, responsibly and in line with their values.
Looking to create or improve your charity’s AI policy? Qlic IT has created a practical AI Policy Guide designed specifically for not-for-profit organisations, covering governance, data protection, acceptable use, risk management and staff guidance. Read the guide.