Session 3: Time for a GenAI policy? – 60 minutes

Part of any organisation-wide implementation should include designing a GenAI use policy for your organisation.

Having a GenAI policy can help to leverage the effectiveness of these tools, outline what is and is not acceptable use within your organisation, as well as minimising potential risks. The adoption of a policy could directly address accountability concerns within your organisation.

Cartoon generated using the AI prompt: Generate a cartoon illustrating the importance of AI literacy in a professional legal setting.

Show description|Hide description

Six-panel cartoon illustrates the importance of AI literacy in a professional legal setting: Panel 1: A manager enthusiastically announces to two employees, a woman and a man in business attire, “Starting today, we’re integrating LexAI into our workflow.” Panel 2: The woman types on a laptop labelled “LexAI” and says, “Decent start, but I’d better verify this before sending it.” Panel 3: The man, holding a printed document, reviews a computer screen and echoes, “Decent start, but I’d better verify this before sending it.” Panel 4: The man looks surprised while a client says, “Is this clause a joke? AI doesn’t exist in UK law!” Panel 5: A training session titled “AI LITERACY FOR LEGAL PROFESSIONALS” shows a woman instructor saying “VERIFY. QUESTION. UNDERSTAND.” to the two employees seated in front of her. Panel 6: The trainer reassures them: “Don’t worry—you don’t need to be an engineer. You just need to think like a lawyer,” with a poster in the background repeating “VERIFY. QUESTION. UNDERSTAND.”

Cartoon generated using the AI prompt: Generate a cartoon illustrating the importance of AI literacy in a professional legal setting.

A comprehensive GenAI policy will outline straightforward directions for its application. A well-rounded policy will regulate how your employees use GenAI within their work, help to prevent violations and/or legal compliance issues, assist with protecting sensitive data and will address ethical concerns (Verduyn, 2025).

Having a detailed policy will provide a point of reference for anyone working with or within your organisation who is using or expected to be using GenAI tools. It will also outline the organisation’s position in respect of GenAI tools, how to use them, when to use them, and the strategies for managing their risks.

GenAI policies should include details that cover the following aspects:

• Your protocols for data protection.
• Definitions of how sensitive data should be handled and processed within GenAI tools.
• Guidelines for data encryption.
• Guidelines for data anonymisation.
• Data access controls to manage and mitigate potential breaches of data protection and privacy regulations (ISACA, 2023).
• Legal compliance procedures for GDPR requirements.
• Procedures to validate and verify GenAI outputs (Dietzen, 2024).
• Strategies and details for identifying and mitigating risks with GenAI adoption within the organisation (ISACA, 2023).

• This may include:
  • Scenario planning.
  • Contingency measures.
  • Periodic risk assessments.

• Identification of a manager in the organisation with ownership of, and responsibility for the GenAI Policy.
• Specific details of approved GenAI tools.
• Terms of use of the GenAI tools adopted by the organisation.
• Professional development and/or training needs for those using approved GenAI tools.
• Periodic audit details.

A policy should include specific details relating to the professional development and training needs of those who are using and are expected to be using GenAI tools. An understanding of how to use GenAI tools is required in order to safely, responsibly, and ethically use these tools but also to ensure that they are maximised for the benefits to the organisation.