The number of companies using Artificial Intelligence (AI) technologies has exploded in recent years. This is true across most sectors and with companies of all sizes. In many cases, companies have pursued and paid for AI software as part of an intentional business strategy. In even more cases, companies have a few AI enthusiasts using their preferred AI tools on their own initiative. In all cases, usage of AI technologies by a company’s personnel can create some risk: risk of losing protection for trade secrets, of accidentally violating non-disclosure agreements, of losing valuable intellectual property, and more.
This article contains a checklist that any company can use to conduct an assessment. No answer to any of the questions below is a cause for alarm. Instead, we recommend using the checklist to better understand the nature of your company’s AI practices and determine whether any steps should be taken to change them.
1.) AI Usage & Awareness
Do employees use AI tools (e.g., ChatGPT, Copilot, Midjourney) as part of their jobs?
☐ Yes ☐ No ☐ I don’t know
Are employees using AI with or without company authorization?
☐ Authorized ☐ Unauthorized ☐ Unsure
Has your company inventoried which AI tools are in use?
☐ Yes ☐ No
Has your company reviewed the Terms of Use for the AI tools employees use, to determine whether they comply with applicable laws and will not disclose your company’s trade secrets?
☐ Yes ☐ No
2.) Policies & Governance
Does your company have a written AI usage policy?
☐ Yes ☐ No
Has your employee handbook been updated to address AI use?
☐ Yes ☐ No ☐ N/A
Do you have procedures for approving or disallowing new AI tools?
☐ Yes ☐ No
Does your confidentiality policy reference employee obligations related to confidential information and AI?
☐ Yes ☐ No
Are employees trained on proper and ethical use of AI?
☐ Yes ☐ No
3.) AI Chatbots
If your website uses chatbots, do they comply with U.S. state laws regarding disclosures to customers?
☐ Yes ☐ No ☐ Unsure
4.) Data Privacy & Confidentiality
Do you allow confidential business information to be entered into AI tools?
☐ Yes ☐ No ☐ Unsure
If your company provides confidential information to third parties, do your NDAs restrict them from inputting that information into AI?
☐ Yes ☐ No ☐ N/A
If you collect customer or employee data, do you inform them it may be processed using AI?
☐ Yes ☐ No ☐ N/A
Do your privacy policies explicitly reference AI usage?
☐ Yes ☐ No
5.) Intellectual Property
Has your company considered whether AI-generated content is owned by the company or by employees?
☐ Yes ☐ No
Do you verify that AI-generated outputs do not infringe on third-party IP?
☐ Yes ☐ No
Do your contracts with vendors address ownership of AI-created materials?
☐ Yes ☐ No ☐ N/A
6.) Compliance & Risk
Are you aware of current or pending laws/regulations on AI that may affect your industry?
☐ Yes ☐ No
Do you operate, sell or advertise in jurisdictions (e.g., the European Union, California, Colorado, Maine) with specific AI or privacy regulations?
☐ Yes ☐ No
Has your legal or compliance team reviewed AI use for liability risks?
☐ Yes ☐ No
Does your business insurance policy appropriately cover any AI-related risks that your company’s usage of AI presents?
☐ Yes ☐ No
7.) Labor & Employment
Have you addressed employee concerns about AI replacing or altering job duties?
☐ Yes ☐ No
Does your company use AI in hiring, performance evaluation, or HR decision-making?
☐ Yes ☐ No
If yes, do you conduct bias or fairness audits of these tools?
☐ Yes ☐ No ☐ N/A
8.) Security
Do you have security controls preventing sensitive data from being shared with external AI platforms?
☐ Yes ☐ No
Have you assessed AI vendor security practices (e.g., SOC 2, ISO 27001)?
☐ Yes ☐ No
Do you log and monitor employee use of AI tools for compliance purposes?
☐ Yes ☐ No
9.) Strategic & Operational
Do you have an internal committee or working group overseeing AI adoption?
☐ Yes ☐ No
Do you have a process to evaluate the cost-benefit of AI tools?
☐ Yes ☐ No
Is your company considering AI for customer-facing products or services?
☐ Yes ☐ No
