1. Introduction

This document outlines the AI Usage Policy for A&T Video Networks Pvt Ltd, combining general guidelines and detailed department-specific frameworks to ensure ethical, secure, and compliant use of Artificial Intelligence (AI) tools. This policy applies to all employees, contractors, and temporary staff, covering all AI tools and platforms used for work-related purposes, whether on company or personal devices. The policy aims to enhance operational efficiency, protect intellectual property, and ensure compliance with legal and industry standards, including India’s DPDP Act 2023, GDPR, EU AI Act, NIST AI RMF, and ISO/IEC 42001.

2. General Policy Guidelines

This section integrates general principles, conditions of use, and dos and don’ts for AI tool usage across the organization.

2.1 Purpose

The policy establishes rules to ensure security, confidentiality, compliance, and protection of company intellectual property while using AI tools to improve efficiency, accuracy, and productivity.

2.2 Scope

This policy governs:

• All AI tools, applications, and platforms (licensed or free) used for work-related purposes.
• All employees, contractors, consultants, and third parties accessing AI systems, whether in the office or remotely.

2.3 Guiding Principles

• Ethical Use: AI must uphold fairness, transparency, accountability, and respect for human rights, including privacy and non-discrimination.

• Data Security and Privacy: Sensitive data (e.g., customer PII, financial records) must not be input into unapproved AI tools.
• Compliance: AI usage must adhere to applicable laws and standards.
• Accuracy and Oversight: Employees must verify AI outputs for accuracy and ensure human oversight for critical decisions.

• Intellectual Property: AI-generated content for company work is the exclusive property of A&T Video Networks Pvt Ltd and must be stored in approved systems.

2.4 Conditions of Use

• Authorized Users: Only employees authorized by the Management/AI Governance Committee may use AI tools, with access based on role requirements and subject to periodic review.
• Licensed Version Usage: All office data, confidential information, and client details must be processed only through company-approved, licensed AI tools, managed by the IT Department.

• Free Version Restrictions: Free AI tools require prior approval from the reporting manager (L4 and above employees must inform the AI Committee). They may only be used for general purposes and never for processing confidential or work-related data. Violations are considered serious breaches, with L3 employees accountable for their reportees.

• Public Domain Content: Only publicly available content (e.g., company website, brochures, press releases) may be used in free AI tools, provided it contains no proprietary information.

2.5 Do’s and Don’ts

Do’s:
• Use AI tools only if authorized.
• Use licensed AI versions for all work-related tasks.
• Use AI for publicly available company content in free versions.
• Save AI-generated work in approved storage systems.
• Treat AI like any workplace tool, following security and confidentiality rules.

• Verify AI-generated content for accuracy and compliance.

Don’ts:
• Do not enter confidential or client data into free AI tools.

• Do not upload work-related documents or proprietary information to non licensed tools.

• Do not share internal project details with AI platforms.
• Do not store AI outputs on personal devices or unauthorized cloud storage.
• Do not bypass IT or management approval for AI use.
• Do not assume AI outputs are final without review.

3. Department-Specific Guidelines

The following guidelines tailor AI usage to specific departmental functions, ensuring alignment with organizational goals and compliance requirements.

3.1 Human Resources (HR)
• Approved Uses: Draft job descriptions, analyze resumes, generate training materials.
• Prohibited Uses: No final decisions on hiring, promotion, or termination by AI. No employee monitoring without consent.
• Risks: Ensure compliance with privacy and anti-discrimination laws.
• Example Tool: Lattice AI for HR documentation.

3.2 Accounts and Finance
• Approved Uses: Automate data entry, generate reports, detect fraud.
• Prohibited Uses: No input of sensitive financial data into public AI tools.
• Risks: Comply with RBI guidelines and SOX. Validate outputs to avoid errors.
• Example Tool: AuditBoard or Drata for risk assessments.

3.3 Sales
• Approved Uses: Generate pitch content, analyze trends, optimize forecasts.
• Prohibited Uses: No sharing of customer PII or sole reliance on AI for pricing.

• Risks: Protect competitive secrecy.
• Example Tool: Salesforce AI for customer data analysis.

3.4 Marketing
• Approved Uses: Create campaign assets, optimize ad copy, translate content.

• Prohibited Uses: No public use of AI-generated content without IP verification.

• Risks: Ensure materials are bias-free and align with brand values.
• Example Tool: Jasper.ai for content creation.

3.5 Products and Solutions
• Approved Uses: Assist in product design, prototyping, feedback analysis.
• Prohibited Uses: No sharing of proprietary designs with external AI tools.
• Risks: Protect trade secrets and comply with BIS regulations.
• Example Tool: Internal AI tools for secure analysis.

3.6 Manufacturing-Production
• Approved Uses: Optimize schedules, predict maintenance, analyze quality control.
• Prohibited Uses: No AI for safety-critical decisions without human oversight.
• Risks: Ensure compliance with ISO 45001. Audit AI for accuracy.
• Example Tool: AI-driven compliance tools for manufacturing.

3.7 Customer Support
• Approved Uses: Power chatbots, generate knowledge base articles, assist agents.
• Prohibited Uses: No sharing of customer data with unapproved tools or fully automated responses for sensitive issues.
• Risks: Ensure transparency and compliance with consumer protection laws.
• Example Tool: Slack AI for internal knowledge assistance.

3.8 Warehouse, Purchase, and Logistics

• Approved Uses: Optimize inventory, predict supply chain disruptions, streamline routing.

• Prohibited Uses: No input of supplier/customer data into unapproved tools.
• Risks: Protect supply chain data and comply with trade regulations.
• Example Tool: AI tools integrated with ERP systems.

3.9 Standards & Certifications
• Approved Uses: Audit compliance with ISO/IEC 42001 or BIS standards.
• Prohibited Uses: No sole reliance on AI for certification decisions.
• Risks: Ensure AI tools align with standards.
• Example Tool: Sprinto AI for compliance automation.

3.10 Legal & Compliance

• Approved Uses: Assist in contract review, legal research, compliance monitoring.

• Prohibited Uses: No AI for final legal decisions or drafting filings without attorney review.

• Risks: Ensure compliance with legal ethics and client confidentiality.
• Example Tool: Drata for regulatory tracking.

4. Compliance and Governance

• AI Governance Committee: A cross-functional committee (IT, Legal, HR, Standards, and department heads) oversees tool approvals, audits, and policy implementation.

• Regulatory Compliance: AI usage must comply with India’s DPDP Act 2023, GDPR, EU AI Act, NIST AI RMF, ISO/IEC 42001, and BIS standards. High-risk systems (e.g., HR, Finance, Legal) require audits and human oversight.
• Data Protection: Data Protection Impact Assessments (DPIAs) are mandatory for AI tools processing personal data. Regular audits will assess for bias, especially in HR and Marketing.

• Tool Approval: Only approved tools (e.g., Salesforce AI, Slack AI, Drata, Jasper.ai, AuditBoard, Sprinto AI) may be used. New tool requests must be submitted to [email protected].
• Monitoring and Auditing: Quarterly audits by the AI Governance Committee ensure compliance. Departments must report usage metrics.

5. Procedures and Responsibilities

• Training: Mandatory AI training on ethical use and data security is required, with quarterly updates. HR and Legal receive specialized training.
• Incident Reporting: Report violations, data breaches, or biased outputs to [email protected].

• Employee Acknowledgment: Employees must acknowledge the policy annually via the HR portal.

6.Violations and Disciplinary Action

Unauthorized AI use, sharing sensitive data, or bypassing oversight may result in warnings, suspension, termination, or legal action. L3 employees are accountable for their reportees’ breaches.

7. Implementation Steps

Draft Review: The AI Governance Committee, with legal counsel, will finalize the policy within 30 days.

• Communication: Distribute via intranet and HR portal, requiring acknowledgment within 30 days.

• Training Rollout: Conduct initial training within 30 days, with quarterly updates.

• Audit Schedule: Begin compliance audits within 60 days, continuing quarterly.

8. Additional Notes

• Cross-Functional Collaboration: Engage all departments to address unique needs.

• Scalability: The policy accommodates future AI adoption.

• Shadow AI Prevention: Network monitoring and education deter unauthorized use.

• Vendor Selection: Choose vendors with SOC 2 or ISO 27001 compliance.

9. Policy Review

This policy will be reviewed annually or as needed, based on technological advancements, regulatory changes, or business requirements.

10. Disclaimer

This policy is for internal use only and does not constitute legal advice. Legal counsel must be consulted to ensure compliance with all applicable laws and regulations.