Why your NFP needs an AI policy – and how to write one

Your NFP needs an AI policy
April 22, 2026 Human Resources, Legal Issues, Organisational Strategy

Generative AI has quickly made its way into almost every organisational workflow, and left the door open for a range of ethical grey areas to become potentially serious issues.

From privacy breaches and the misuse of sensitive data, to biased outputs, misinformation and reputational risks – the risks that AI use pose to NFPs are new, varied, and often invisible until something goes wrong.

(And if you think your organisation’s employees aren’t really using AI, then think again – as many as a quarter (21-27%) of all employees are using AI tools secretly at work, according to the federal government.)

This is where a well-designed AI policy for your organisation is critical. Research shows that for 67% of Australian NFPs already using generative AI, only 14% have formal policies or guidelines in place.

So if you’re keen to make sure your organisation is on top of the risks, then where should you start when it comes to writing an effective AI policy? What elements should you include? We spoke with Adrian Hubble, founder of Not For Humans – a behavioural AI governance initiative specifically for NFPs – to learn more.

AI creeping into the workplace

Whether you’ve approved it or not, generative AI has likely made its way into your organisation somewhere – from helping staff draft emails and write reports to streamlining everyday tasks.

According to Hubble, the greatest risk of AI use in the workplace isn’t from using obvious tools like ChatGPT or Claude, but from it quietly “creeping in the back door” through software many organisations already use like Microsoft Office’s Copilot, Canva’s Magic Design, and Xero’s JAX chatbot.

Generative AI is clearly entering the sector from many directions, which makes it a crucial time for leaders to think about what responsible use looks like in their workplace.

“There’s such a large percentage of community organisations that haven’t thought about implementing an AI policy,” says Hubble. “This is an opportunity to slow down and embed deliberate processes within a policy that create space for really wise use of AI.”

Why you need an AI policy

Without proper oversight, generative AI poses serious risks to privacy, compliance and organisational reputation, as recent incidents – from harmful advice to flawed automated decision-making – have shown.

Illustrating further complexity, a new report from the UK found that NFPs using AI-generated images in campaigns risked undermining trust in unexpected ways – for example, when organisations didn’t disclose their use of AI, audiences tended to fixate on whether the images were real, instead of focusing on the cause itself.

In some cases, even when organisations were transparent about their use of AI, campaigns still faced backlash – for example, WWF Denmark was criticised for using energy-intensive AI tools to promote sustainability.

Without clear guardrails, these kinds of risks become more urgent. So where do you start when it comes to writing your organisation’s AI policy?

What to include in your AI policy

A strong AI policy should include (at a minimum):

1. A Definition of AI

Clearly explain what the organisation means by AI and what tools are covered, starting with the ones that your team uses on a regular basis.

2. Purpose and scope:

State why, where and how AI is used in your organisation, including in what departments, teams or roles.

3. Data privacy and security:

Consider how data in your organisation is collected, stored, used and protected. Hubble says: “You have to make sure that you’re compliant in the sense that you’re not sharing IP and sensitive client information with AI. There needs to be really clear guidelines on this, both internally – and also when it comes to informing your community members about how and why you’re using AI.”

4. Bias monitoring

Hubble says: “A really good AI policy considers particularly vulnerable community members, like people experiencing homelessness, Aboriginal and Torres Strait Islander people, and priority populations that you’re here to serve that aren’t well-represented in the data that AI draws from. You need to make sure that you are centring your organisation in human practice, and that there’s a human review component of anything that’s AI generated.”

5. Governance

Outline how decisions about AI use are made and reviewed in your organisation.

6. Oversight and accountability

State who is responsible for approving and monitoring AI use. According to Hubble, individuals who interact with AI software need to have some level of accountability and responsibility. “A policy must reflect who owns risk within an organisational governance structure, and consider if that needs to be distributed, as the power really sits with the person that’s doing the direct interaction with the AI tool,” he says.

7. When the policy will be revisited or updated

Technology is evolving incredibly fast, and regulation is developing not far behind. Your AI policy should include a requirement for regular review and updates to ensure it remains relevant.

“For not-for-profit and for-purpose organisations, the starting point is always the same: community first,” says Hubble. “That means continually asking where the community sits in the work being delivered, and whether decisions, including those supported by AI, are genuinely serving their needs.”

AI policy templates

There are a number of publicly available AI policy templates that can be adapted for NFPs, including guidance from the Australian Government.

Hubble recommends PwC’s NFP-specific template as a starting point, noting that it “ticks most of the boxes,” while also pointing to additional considerations that can support effective implementation of your policy.

Once you have a strong policy in place, how do you make it work in practice?

Tips for implementing your AI policy

When it comes to implementing your AI policy, success is less about choosing tools and more about shaping culture, behaviour and trust.

1. Lead with clarity

Organisational leaders need to make a clear declaration that AI is already present in workplace tools. The goal is to normalise its existence while setting expectations for safe, transparent use.

As Hubble puts it, “Leaders must enable a culture of shared review” – a collaborative environment where experiences and insights around AI use are openly discussed, and people can learn from each other’s experience.

2. Build psychological safety (and reduce “status threat”)

One of the biggest barriers to successful AI adoption is what Hubble calls “status threat”: an individual or collective fear that AI will devalue staff expertise or replace hard-won skills.

If staff feel that using AI is a “cheat” or a shortcut, they are more likely to hide it. As Hubble warns, the risk is not just technical, it is human: “What does a better alternative look like, and how do you create psychological safety in that environment?”

Healthy implementation of an AI policy must create psychological safety so staff can experiment, learn and disclose AI use without judgment.

3. Train for “everyday AI”

Many policies assume AI is a deliberate choice, but in reality, AI is often already embedded in everyday systems.

This makes training essential. Staff need to understand:

  • When they are interacting with AI;
  • What they can and cannot use AI tools for; and
  • How to critically review AI outputs

Not For Humans is currently developing a toolkit that will help not-for-profit organisations navigate these conversations within organisations. You can join the waitlist for it here.

4. Always keep humans in the loop

AI-generated content can be fluent, confident and wrong. That fluency can reduce scrutiny, leading to errors being repeated and amplified through workflows.

Without active human review, organisations risk what Hubble describes as a “cascade effect”, where flawed AI outputs are used to generate further flawed work. An example could be creating a workflow where content or imagery that is created or edited with AI must be reviewed by several team members before publicly sharing.

5. Protect trust through transparency and data discipline

Staff must be clear on what not to share with AI systems, for example: sensitive client data, personal information, donor details and employee data.

At the same time, organisations must be transparent with communities about when AI is being used, particularly in client-facing tools. Trust is the sector’s most valuable asset, and its most fragile.

As Hubble notes, this means continually centring the community in decision-making – ensuring that any work, including that supported by AI, is genuinely serving their needs.

6. Design for culture, not just compliance

AI governance in NFPs is not just a matter of policy – it requires a broader cultural shift. A policy alone is not enough to shape how AI is understood and used in practice.

“The real work is in building shared language, shared understanding and a workplace where human judgement is still valued alongside AI assistance,” Hubble says.

“Your community members are also dependent on us as humans to be involved. That’s ultimately the biggest risk – that community members feel ‘nothing here is human, nothing here is authentic, I could obtain the same information by having a chat with Gemini. Why am I coming to your organisation if I could go get this information elsewhere?’ So you want to make sure that human presence is always visible.”

The risk of relying too heavily on automated systems is that lived experience becomes less visible in decision-making. A strong AI policy and implementation process will respond to this question: how do we ensure that human judgement, care and accountability remain at the centre of our work?

Ultimately, a generative AI policy is not just about managing risk – it’s about defining how your organisation shows up in an increasingly automated world. For NFPs, where trust, care and human connection are central, the challenge is to use AI in a way that strengthens, rather than erodes, those values – which is why having the right guardrails, culture and accountability in place is critical.

Not-For-Profit People is an initiative of EthicalJobs.com.au — Australia’s top job-search site for the not-for-profit sector and beyond. 10,000 Australian charities, not-for-profits and social enterprises use EthicalJobs.com.au to find dedicated and passionate staff and volunteers to help them work for a better world. Find out more at EthicalJobs.com.au/advertise

Related Posts

Leave a Comment

    Your email address will not be published. Required fields are marked *

  • Name *
  • Website

Copyright © All rights reserved 2026 - EthicalJobs.com.au.

We respectfully acknowledge the Kulin Nations – the traditional owners of the place now known as Melbourne, on which our office stands. We pay respect to their Elders, past, present and emerging. We also recognise that no treaty was ever signed with the Kulin Nations, nor was this land ever ceded by them. We support the treaty currently being negotiated to make amends for past wrongs.