Toggle search
Toggle menu

Use of Generative Artificial Intelligence (AI) large language models

On this page

There are no headings on this page to navigate to.

  1. 1. Introduction

    1. 1.1.The purpose of this policy document is to provide a framework for the use of Generative Artificial Intelligence Large Language Models (GenAI) such as Microsoft Copilot by council employees, contractors, temporary staff, consultants or other third parties, hereinafter referred to as 'users'.

    2. 1.2.This policy is designed to ensure that the use of GenAI is ethical, complies with all applicable laws, regulations and council policies, and complements the council's existing information and security policies.
    3. 1.3.The current pace of development and application of GenAI is such that this policy will be in a constant state of development.

  2. 2. Use

    1. 2.1.This policy applies to all users with access to GenAI, whether through council-owned devices or BYOD (bring your own device) in pursuit of council activities.
    2. 2.2.Use of GenAI must be in a manner that promotes fairness and avoids bias to prevent discrimination and promote equal treatment and be in such a way as to contribute positively to the council's goals and values.
    3. 2.3.Users may use GenAI for work-related purposes subject to adherence to this policy. This includes tasks such as generating text or content for reports, emails, presentations, images and customer communications.
    4. 2.4.Particular attention should be given to Confidentiality, Accuracy, Copyright, Ethical Use, Disclosure and Integration with other tools.

  3. 3. Confidentiality

    1. 3.1.Confidential and personal information must not be entered into an GenAI tool, as information may enter the public domain.
    2. 3.2.Users must follow all applicable data privacy laws and organisational policies when using GenAI.
  4. 3.3.If a user has any doubt about the confidentiality of information, they should not use GenAI until they have discussed with the IMT Manager or DPO.

  5. 4. Accuracy

    1. 4.1.All information generated by GenAI must be reviewed and edited for accuracy prior to use.
    2. 4.2. Users of GenAI are responsible for reviewing output and are accountable for ensuring the accuracy of GenAI generated output before use or release.
    3. 4.3.If a user has any doubt about the accuracy of information generated by GenAI, they should not use GenAI.

  6. 5. Copyright

    1. 5.1.Users must adhere to copyright laws when utilising GenAI. It is prohibited to use GenAI to generate content that infringes upon the intellectual property rights of others, including but not limited to copyrighted material.
    2. 5.2.If a user is unsure whether a particular use of GenAI constitutes copyright infringement, they should contact NP Law to seek advice before using GenAI.

  7. 6. Ethical Use

    1. 6.1.GenAI must be used ethically and in compliance with all applicable legislation, regulations and organisational policies.
    2. 6.2.Users must not use GenAI to generate content that is discriminatory, offensive, or inappropriate.
    3. 6.3.If there are any doubts about the appropriateness of using GenAI in a particular situation, users should consult with their manager or the Legal & Governance Team.

  8. 7. Disclosure

    1. 7.1.Content produced via GenAI must be identified and disclosed as containing GenAI-generated information.
    2. 7.2.A note identifying a document contains Gen AI information must be added as a footnote, example:

    3. Note: This document contains content generated by Artificial Intelligence (AI). AI generated content has been reviewed by the author for accuracy and edited or revised where necessary. The author takes responsibility for this content.

  9. 8. Integration with other tools

    1. 8.1.API and plugin tools can enable access to GenAI and extended functionality for other services to improve automation and productivity outputs.
    2. 8.2.Users must follow OpenAI's Safety best practices when using Application Programming Interfaces (API) and plugin tools.
    3. 8.3.API and plugin tools must be rigorously tested for:
      • moderation - to ensure the model properly handles hate, discriminatory, threatening, etc. inputs appropriately
      • factual responses - provide a ground of truth for the API and review responses accordingly

  10. 9. Risks

    1. 9.1.Use of GenAI carries inherent risks. A comprehensive risk assessment should be conducted for any new project, system or process where use of GenAI is proposed.
    2. 9.2.A risk assessment for the use of AI is only required in instances where AI is going to be used to either automate or manipulate data flows / data information for system efficiency or data presentation.
    3. 9.3.The risk assessment should consider potential impacts including: legal compliance; bias and discrimination; security (including technical protections and security certifications); and data sovereignty and protection.
    4. 9.4.An example of 9.2 is when data is being extracted from a corporate system, care and attention must be given to ensure the extraction criteria is relevant and appropriate for the purpose of the report to ensure accuracy.
    5. 9.5.A risk assessment is not required for business as usual activities.

  11. 10. Legal compliance

    1. 10.1.GenAI platforms may be hosted internationally, under data sovereignty rules information created or collected in the originating country will remain under jurisdiction of that country's laws.
    2. 10.2.If information is sourced from GenAI hosted overseas, the laws of the source country regarding its use and access may apply.
    3. 10.3.Data entered into GenAI may enter the public domain. This can release non-public information and therefore may breach confidentiality, regulatory requirements, customer or supplier contracts, or compromise intellectual property.
    4. 10.4.Any release of personal information without the authorisation of the information's owner could result in a breach of data protection laws.
    5. 10.5.Use of GenAI to compile content may also infringe on regulations for the protection of intellectual property rights. Users should ensure that their use of any GenAI complies with all applicable laws and regulations and with council policies.

  12. 11. Bias and discrimination

    1. 11.1.GenAI may make use of and generate biased, discriminatory or offensive content. Users must ensure any use of GenAI is done responsibly and ethically, in compliance with council policies and applicable laws and regulations.

  13. 12. Security

    1. 12.1.GenAI may store sensitive data and information, which could be at risk of being breached or hacked. If a user has any doubt about the security of information input into GenAI, they should not use GenAI.
    2. 12.2.Under no circumstances should Personal data ever be entered into GenAI.

  14. 13. Compliance

    1. 13.1.Any violations of this policy should be reported to the council's Legal and Governance Team or senior management. Failure to comply with this policy may result in disciplinary action, in accordance with council's Human Resources policies and procedures.

  15. 14. Acknowledgement

    1. 14.1.By using GenAI, users acknowledge that they have read and understood these guidelines, including the risks associated with the use of GenAI.

  16. 15. Review

    1. 15.1.This policy will be reviewed periodically and updated as necessary to ensure continued compliance with all applicable legislation, regulations and organisational policies.
Policy review details
AuthorJames Wedon and Alan Quinton
DateAugust 2025
Last review dateN/A
Next review dateAugust 2028
Last updatedNew policy
Version1.0
Document statusDraft

 

Last modified on 03 November 2025

Share this page

Share on Facebook Share on Twitter Share by email