Insight
May 22, 2023

Six Steps Companies Can Take to Manage the Risk of Using Generative AI

Companies should develop detailed policies for how their organizations may use generative AI systems.

As generative AI systems improve and proliferate, people are increasingly using them at work to increase productivity, creativity, and even innovation. The benefits can be significant, but organizations should take six steps to minimize the risk of using generative AI at work.

  1. Get ahead of the situation. Send an email acknowledging that generative AI is increasingly being used at work. Remind users that the technical and legal ramifications are not yet clear, and warn them against inputting proprietary or confidential information into AI systems — or using them to do things like generate code for use in products. State that a more comprehensive policy regarding company use of generative AI is being developed.
  2. Identify use cases. To develop an effective policy on generative AI, it is important to understand how different teams within an organization intend to use it. Some uses may be relatively low risk, such as using generative AI tools to write press releases. Others, such as writing code for use in products, may introduce complex risks that can be hard to assess. Once identified, determine the risk involved with each use case and develop policies that address the specific risk in each case.
  3. Review the terms of use. Compile and maintain a list of generative AI tools that could be used by the organization, and analyze the terms of use for each to fully understand the licenses, restrictions, and IP terms that govern their use. For more detail, see “To Manage Generative AI Risk, Understand the Terms of Use.”
  4. Develop a policy on generative AI. Working with the legal, security, and development teams, draft company-wide policies addressing each use case. Like policies governing the use of open-source software at an enterprise software company, the policy addressing use of cogeneration tools should be quite detailed and include approval steps from the legal or development department.
  5. Compile a software bill of materials. Keep an inventory of all software products built using generative AI, especially because the use of AI could be an important area for diligence in future transactions.
  6. Continually update the policy. Generative AI systems, their terms of use, the company’s use cases, and the law will evolve. Policies should be updated frequently to remain accurate and relevant.

Every situation is unique. Connect to let us know how we can help with your particular situation.