7 Acceptable use policies of GenAI tools and providers

GenAI provider standard terms and conditions can be lengthy documents.

While these should be reviewed fully before any GenAI tools are used within organisations, there are some key aspects that require particular attention. Within these, Acceptable Use Policies (AUPs) specify permissible and prohibited uses of GenAI tools to prevent misuse, protect intellectual property, and ensure data security. They require users to comply with laws, maintain confidentiality, and avoid harmful activities.

AUPs typically include:

  • Prohibited uses: Restrictions on using GenAI outputs, such as not training other AI models.
  • Sensitive information: Prohibits sharing passwords or personally identifiable information.
  • User conduct: Users must engage lawfully and respectfully, avoiding illegal activities and harmful purposes.
  • Misuse of AI outputs: Restrictions on manipulating AI outputs to misrepresent facts or deceive audiences.

AUPs also cover compliance with laws, data protection, privacy regulations, and security (Kostadinov, 2014). Managers should review AUPs, ensure organisational awareness, and include these provisions in training sessions if necessary.

The following checklist highlights some of the core clauses within AUPs that need reviewing by managers and/or organisations considering GenAI tool use.

  1. Data usage
    • Does the provider retain your input data (e.g. prompts, uploads)?
    • Is your data used for future training or improvement of the model?
  2. Confidentiality
    • Can you opt out of data retention?
    • Are there risks if the content includes sensitive or client-specific information?
  3. Intellectual property
    • Who owns the GenAI output?
    • Can you use the content commercially or modify it freely?
    • Can you share it without attribution? Or is there an attribution requirement?
    • If there is no attribution requirement, is the content subject to license arrangement?
  4. GenAI use restrictions
    • Are there any prohibited activities (e.g. use in legal, medical, or financial advice)?
    • Does the provider restrict high-risk applications?
  5. Model reliability
    • Are you expected to verify and supervise the content?
    • Is it made clear that the provider is not liable for inaccurate or harmful outputs?
  6. Limitation of liability
    • Does the GenAI provider disclaim, limit, or exclude responsibility for errors?
    • Are you (the user) solely responsible for how the content is used?
  7. GenAI service and model updates
    • Can the provider change the model or withdraw features with little notice?
    • How might this affect your workflows?
  8. Transparency clauses
    • Are you required to disclose when GenAI has been used in content creation?
    • Are version numbers and dates of GenAI outputs important for compliance?

Activity icon Why it is important to read key contractual clauses

Timing: Allow 10 minutes

Guest users do not have permission to interact with embedded questions.
Interactive feature not available in single page view (see it in standard view).

Discussion

Reading terms and conditions of GenAI providers is important, particularly if you are considering using GenAI tools for the work of your organisation, or to support some of the work of your organisation.

6 Regulatory considerations with GenAI terms and conditions

Session 3: Time for a GenAI policy? – 60 minutes