Getting started on a responsible AI use policy for nonprofits

Nonprofits are choosing how they use generative AI tools intentionally—drafting donor appeals, summarizing meeting notes, translating materials, brainstorming program ideas, and saving time on everyday administrative tasks. But as AI enters more workflows, so do new risks: data privacy slip-ups, hallucinations, overconfidence, bias, and harm to trust with clients, donors, volunteers, and communities.

This is why every nonprofit hoping to adopt AI responsibly needs a responsible AI use policy—and the time to get started is now.

What is a responsible AI use policy?

A responsible AI use policy is a practical set of agreements that helps staff use generative AI tools safely, consistently, and in a human-centered way. It’s a guide that protects people, respects their data, and strengthens accountability—while giving staff the confidence to explore with good judgment.

According to the 2025 AI Equity Project, only 15% of surveyed U.S. and Canadian nonprofits have successfully implemented an AI policy—which means no policy is perfect or complete. The success of a responsible AI use policy doesn’t depend on sophistication (i.e., legal complexity and exhaustive rules) or polish (i.e., fancy language, perfect formatting, or a corporate tone). It depends on how joyfully the policy language permits staff to build a trust-enabling relationship with AI—and with each other about AI. For example: “We encourage staff to experiment with approved AI tools for low-risk tasks. If you’re unsure, pause and ask—no one will be penalized for raising a question or choosing not to use AI.”

4 essentials for a responsible AI use policy

If your nonprofit hasn’t drafted a policy yet, start with these four essentials:

1. Purpose and scope: what this policy is—and who it’s for
Name the goal (responsible use, harm reduction, learning) and the scope—what “AI use” includes and to whom it applies (e.g., staff, contractors, interns, volunteers). A clear scope prevents confusion, reduces inconsistent practices across teams, and keeps the policy from becoming irrelevant or overly broad.

2. Values and commitments: how you want AI use to feel and function
Nonprofits don’t only manage risk—they manage trust. Ground the policy in values like privacy, transparency, equity, accessibility, consent, human oversight, and accountability. These values signal to staff—and the public—what you refuse to trade away for speed and efficiency.

3. Prompting and data-handling norms: what staff should do and avoid
Keep the guidance simple, for example:

• Use AI for low-risk drafting, brainstorming, or summarizing—when you can verify the output.
• Treat AI as a collaborator, not an authority. Ask for sources, address uncertainties, and double-check facts.
• Don’t enter sensitive information: personally identifying or confidential information, legal documents, passwords, or anything you wouldn’t paste into a public website.

4. When NOT to use AI: the most important section
Some use cases are too high-stakes, too sensitive, or too relational—where tone, empathy, and accountability matter as much as accuracy. Consider a clear “do not use AI” list for tasks such as:

• Making or recommending eligibility decisions for services, benefits, or funding
• Drafting communications in moments of crisis, grief, domestic violence, or trauma response
• Creating or rewriting client case notes with sensitive personal data
• Conducting performance/disciplinary HR analysis or employee monitoring
• Generating content that represents community voice without consent and context
• Any task where AI output could cause harm if the information is wrong—and you can’t confidently verify it

AI policy becomes truly “responsible” when it protects the moments where dignity, safety, and trust matter most.

8 dos and don’ts for a responsible AI use policy

Here are my eight go-to dos and don’ts when developing an AI policy:

Dos:

• Do keep it simple and adaptable so staff remember it—and you can iterate.
• Do write in plain/accessible language. If staff need a lawyer to interpret the policy, it won’t shape behavior.
• Do design for real roles and workflows (fundraising, programs, finance, operations, communications), not just IT.
• Do build in a learning loop: how staff report issues, flag risky use-cases, and propose updates.
• Do involve leadership and the board early for alignment on values, risk posture, and accountability (not to approve every prompt).

Don’ts

• Don’t copy a template without adapting it to your data practices, jurisdiction, and community context.
• Don’t make it overly restrictive or legally binding. Fear-based policies drive AI use underground, where staff use unapproved tools, don’t disclose AI assistance, and avoid asking questions—so risks go unreported and guidance can’t improve.
• Don’t treat the policy as “done” once published—pair it with practical, low-burden training (for example, a 30-minute kickoff, a one-page cheat sheet, and a few role-based scenarios), plus examples and regular check-ins.

The key is to start with a policy that protects trust, not one that tries to predict every future tool.

Fostering a culture of clarity, consent, and shared responsibility

The healthiest AI cultures aren’t built on fear or hype—they’re built on clarity, consent, and shared responsibility.

Name what feels safe, what doesn’t, and what must always stay human-led. Then invite staff to learn together. Enable your nonprofit to build that joyful relationship with AI that allows trust-centered relationship with the communities whose data, stories, and dignity you’re entrusted to hold. A thoughtful responsible AI use policy will help you do that.

Photo credit: fizkes/Getty Images