AI policy

Policy Statement

EPP is committed to the ethical, safe and lawful use of Artificial Intelligence (AI). This policy ensures that all use of AI aligns with our mission, values and legal obligations, particularly under the UK GDPR and Data Protection Act 2018. AI must always support human decision-making and never undermine fairness, transparency or accountability.

1. Purpose and Scope

This policy outlines EPP’s approach to the responsible use, development, and management of AI. It applies to all employees, contractors and third parties who use, procure or manage AI systems on behalf of EPP.

2. Definitions

Artificial Intelligence (AI): Systems that perform tasks requiring human intelligence, such as learning, note-taking, decision-making or problem-solving.

Automated Decision-Making (ADM): Decisions made by algorithms with minimal or no human involvement.

High-Risk AI: Applications that may affect safety, employment, legal rights or individual freedoms.

3. Guiding Principles

• Transparency: AI must be explainable, and individuals must be informed when interacting with AI.

• Fairness: AI must minimise bias and discrimination.

• Privacy and Data Protection: AI must comply with GDPR and the Data Protection Act 2018.

• Accountability: Human oversight is required over all AI systems.

• Security: AI must be protected against misuse or attacks.

• Human-Centred Design: AI should support, not replace, human decision-making.

4. Acceptable Use of AI

The use of AI at EPP must:

• Support organisational goals and values.

• Be reviewed and approved by relevant Partners.

• Be subject to ongoing monitoring and evaluation.

• Include human oversight and intervention mechanisms.

5. Prohibited Use of AI

• Surveillance or profiling without legal and ethical justification.

• Use of AI for deceptive or manipulative purposes.

• Deployment of unvetted AI tools for sensitive or critical decisions.

• Use of personal or sensitive data in AI training without consent or a lawful basis.

6. Data Protection and Security

EPP will ensure that AI systems comply with GDPR requirements, including lawful basis, data minimisation, transparency and individuals’ rights. Sensitive data, such as CVs, client information, and internal strategies, must never be uploaded into external AI systems unless explicitly authorised.

7. Approved AI Tools and Use Cases

EPP currently uses approved AI tools, including ChatGPT (secure account), Owl (premium account) and Otter (premium account). These tools are used in the following ways:

• Note-taking and summary creation, subject to candidate or client consent.

• Assisting in the drafting of role briefs, based on approved transcripts stored in SharePoint.

• Supporting communications and documentation using EPP-created tone guides.

• Monthly review and deletion of data from company devices to ensure compliance with retention policies.

8. Roles and Responsibilities

AI Governance Lead: Oversees AI implementation, compliance and ethical reviews.

IT Department: Ensures AI systems meet security and infrastructure requirements.

Legal and Compliance Team: Ensures compliance with AI laws and regulations.

All Staff: Required to follow this policy, report misuse and complete training.

9. Training and Awareness

EPP will provide regular training to ensure staff understand AI capabilities, risks and responsibilities. Training will reinforce the ethical and safe use of AI in line with this policy.

10. Monitoring, Review and Enforcement

This policy will be reviewed annually or in response to significant changes in law, technology or organisational needs. Non-compliance may result in disciplinary action up to and including termination of employment or contract.

11. Contact and Reporting

To report concerns or request clarification, contact: steve.edwards@eppglobal.com