April 2025
Recommendations for Enterprises in Establishing Internal Guidelines for Generative AI Usage (Taiwan)
Since 2023, Generative AI, led by ChatGPT, has experienced significant growth, leading to diverse and innovative AI applications becoming widely adopted. People increasingly utilize these tools in their daily lives and workplaces to enhance efficiency. This trend has intensified in 2025, particularly after Deepseek gained global popularity, triggering a worldwide surge in the use of Generative AI.
Consequently, enterprises must now address potential employee use of Generative AI at work, which raises various risks and concerns. For instance, employees might use Generative AI to create presentations for new products, inadvertently causing leaks of confidential product information. Additionally, Generative AI might provide incorrect or fabricated industry insights which used by the employees, leading to challenges in business operations. More importantly, if companies fail to implement proper controls, employees may misuse Generative AI in ways that could result in legal risks—such as violations of personal data protection, privacy rights, or intellectual property laws.
However, should companies completely prohibit employees from using Generative AI? In reality, banning Generative AI entirely is impractical since its usage aligns with current trends and significantly boosts productivity. Instead, enterprises should focus on establishing internal guidelines for using Generative AI, creating collective standards for employees to mitigate potential risks related to information security, privacy breaches, ethical concerns, and legal compliance.
Recommendations for formulating guidelines for using Generative AI are as follows:
1. Define Scope of Use
Companies should clearly delineate the permissible scope and purposes for using Generative AI, specifying approved AI tools and permitted employee activities, such as market research, data aggregation, content generation, document writing, and presentations. Explicitly prohibit uploading company trade secrets, customer data, and technical documents related to new products into Generative AI tools to prevent leakage risks.
2. Confirm Usage Principles
Internal guidelines on Generative AI usage must be clear and explicit, forbidding employees from engaging in illegal or company policy-violating activities via AI tools. Moreover, content generated by AI must undergo human verification and review before formal usage, ensuring accuracy and preventing misinformation that could damage corporate reputation.
3. Regular Internal Training
Conduct periodic training sessions on Generative AI usage guidelines to educate employees on secure, correct, and effective AI tool utilization, with relevant training records properly documented and maintained.
4. Establish Risk Management Mechanisms
Formulate internal regulations to build effective management mechanisms, including a Generative AI usage review process and an AI risk incident reporting system. Regularly review and update these guidelines according to AI technological advancements to ensure ongoing compliance with company interests and market demands.
Our firm provides comprehensive services in formulating Generative AI usage guidelines and legal consulting tailored specifically to an enterprise's operational characteristics, ensuring information security and operational effectiveness.
Consequently, enterprises must now address potential employee use of Generative AI at work, which raises various risks and concerns. For instance, employees might use Generative AI to create presentations for new products, inadvertently causing leaks of confidential product information. Additionally, Generative AI might provide incorrect or fabricated industry insights which used by the employees, leading to challenges in business operations. More importantly, if companies fail to implement proper controls, employees may misuse Generative AI in ways that could result in legal risks—such as violations of personal data protection, privacy rights, or intellectual property laws.
However, should companies completely prohibit employees from using Generative AI? In reality, banning Generative AI entirely is impractical since its usage aligns with current trends and significantly boosts productivity. Instead, enterprises should focus on establishing internal guidelines for using Generative AI, creating collective standards for employees to mitigate potential risks related to information security, privacy breaches, ethical concerns, and legal compliance.
Recommendations for formulating guidelines for using Generative AI are as follows:
1. Define Scope of Use
Companies should clearly delineate the permissible scope and purposes for using Generative AI, specifying approved AI tools and permitted employee activities, such as market research, data aggregation, content generation, document writing, and presentations. Explicitly prohibit uploading company trade secrets, customer data, and technical documents related to new products into Generative AI tools to prevent leakage risks.
2. Confirm Usage Principles
Internal guidelines on Generative AI usage must be clear and explicit, forbidding employees from engaging in illegal or company policy-violating activities via AI tools. Moreover, content generated by AI must undergo human verification and review before formal usage, ensuring accuracy and preventing misinformation that could damage corporate reputation.
3. Regular Internal Training
Conduct periodic training sessions on Generative AI usage guidelines to educate employees on secure, correct, and effective AI tool utilization, with relevant training records properly documented and maintained.
4. Establish Risk Management Mechanisms
Formulate internal regulations to build effective management mechanisms, including a Generative AI usage review process and an AI risk incident reporting system. Regularly review and update these guidelines according to AI technological advancements to ensure ongoing compliance with company interests and market demands.
Our firm provides comprehensive services in formulating Generative AI usage guidelines and legal consulting tailored specifically to an enterprise's operational characteristics, ensuring information security and operational effectiveness.
