Should you restrict access to generative AI?

It's advisable not to discourage the use of generative AI by introducing this type of restrictive rule as it will simply drive employees to use it under the radar and without your knowledge, e.g. on their own personal mobile phones. Rather, what you should do is to focus on education by introducing clear rules on the controlled and responsible use of AI, which you can do through a generative AI policy, covering such matters as:

• the specific generative AI tools you approve for use at work (and confirmation that all other AI tools cannot be used)
• what work-related tasks the approved tools may be used for (permitted uses) and what work-related tasks they must not be used for (prohibited uses)
• the legal risks associated with generative AI, e.g. relating to data protection and confidentiality, copyright infringement, discriminatory bias, information inaccuracy and cybersecurity
• your measures for countering each of the risks, e.g. guidelines on how to handle data input into the approved tools, a requirement that all outputs from the approved tools are critically reviewed and fact-checked for truthfulness and accuracy, a requirement that all outputs are amended to minimise the risk of copyright infringement, etc.

You should also make breach of your policy a disciplinary offence and you can then conduct audits to ensure policy compliance. In addition, consider introducing practical staff training on generative AI, and on the terms of your policy, so that staff feel confident in using generative AI as a support tool within the boundaries of your policy.

Finally, you must keep your policy under regular review as generative AI technology is continually evolving with new tools being introduced and existing tools being upgraded at a rapid rate.