SQMC Artificial Intelligence (AI) Policy

Responsible Use of Artificial Intelligence Applications

Artificial Intelligence (AI) tools can be extremely useful when used responsibly. This policy explains how SQMC staff, contractors and consultants may use AI tools to support their work while protecting confidential information, maintaining professional standards and ensuring that important decisions remain subject to human judgement.

Jump to: Real-world, plain-English guidance for SQMC staff

1. Purpose

This policy sets out how employees may use Artificial Intelligence (AI) tools in a safe, ethical and compliant manner. It ensures that AI supports productivity and decision-making without compromising confidentiality, data protection, accuracy or organisational integrity.

2. Scope

This policy applies to all employees, contractors, consultants and temporary workers using AI tools for any work-related purpose.

3. Definitions

AI tools: Any system that generates text, images, code, analysis or recommendations, such as Microsoft Copilot, ChatGPT, Claude or Gemini.

Sensitive data: Personal data, confidential business information, financial data, client information, health data, HR records or anything covered by a non-disclosure agreement or contract.

4. Principles for Responsible AI Use

4.1 Confidentiality First

Employees must not input confidential, personal or commercially sensitive information into AI tools unless the organisation has approved both the tool and the data-handling method.

Examples of prohibited inputs include:

• Employee names, medical information or grievances
• Client names, contracts or pricing
• Financial forecasts
• Passwords or access details
• Unreleased product or strategy information

4.2 Human Oversight is Mandatory

AI may support decision-making, but final decisions must be made by a human. AI outputs must be reviewed for accuracy, bias and appropriateness.

4.3 Accuracy and Verification

AI can generate incorrect or fabricated information, sometimes referred to as “hallucinations”. Employees must verify facts using trusted sources before acting on AI-generated content.

4.4 Transparency

If AI is used to produce client-facing or external content, employees must ensure that:

• The content is reviewed by a human
• The organisation’s tone, branding and standards are maintained
• AI use does not mislead or misrepresent expertise

4.5 Compliance with Law and Standards

AI use must comply with:

• Data-protection laws, including UK GDPR and the Data Protection Act 2018
• Employment law
• Contractual obligations
• Relevant industry standards, including ISO 9001, ISO 14001, ISO 45001 and ISO/IEC 27001 where applicable

4.6 Ethical Use

AI must not be used to:

• Generate discriminatory or harmful content
• Manipulate individuals
• Create deepfakes or misleading media
• Replace fair HR processes or investigations

5. Approved Uses of AI

Employees may use AI for:

• Drafting emails, reports, policies and communications
• Summarising documents
• Brainstorming ideas
• Creating templates or checklists
• Analysing non-sensitive data
• Improving the clarity, tone or structure of writing
• Generating training materials
• Supporting research, provided that information is verified

6. Prohibited Uses of AI

AI must not be used for:

• HR decisions, including disciplinary, grievance or performance-rating decisions
• Legal advice or interpretation
• Medical or safety-critical decisions
• Processing personal data without explicit approval
• Uploading client documents to unapproved tools
• Automated decision-making affecting employment or safety

7. Data-Protection Requirements

7.1 Personal Data

No personal data may be entered into AI tools unless:

• The tool has been approved by IT or the person responsible for data protection
• A Data Protection Impact Assessment (DPIA) has been completed
• Appropriate technical and organisational controls are in place

7.2 Special-Category Data

Never input:

• Health data
• Drug and alcohol testing results
• Psychosocial-risk information
• Disciplinary or grievance details
• Passport or identification information

7.3 Retention and Deletion

AI outputs must be stored, retained and deleted in accordance with the organisation’s data-retention schedule.

8. Accountability and Roles

Employees

Use AI responsibly, verify outputs and follow this policy.

Managers

Ensure that teams understand the policy and use AI appropriately.

IT / Data Protection

Approve tools, conduct DPIAs and manage access controls.

HR

Ensure that AI is not used inappropriately in people-related decisions.

9. Breaches

Misuse of AI may result in disciplinary action, including termination of employment or contract, depending on the severity of the breach.

10. Review Cycle

This policy will be reviewed annually, or sooner if legislation or technology changes.