Lesson 167 · The Grant Architect

167. Organizational AI Policy Development

30 min

By the end you'll be able to

Draft the core sections of an organizational AI policy (scope, permitted uses, prohibited uses, approval, disclosure, QA, documentation, training).
Translate vague aspirations into concrete, enforceable rules.
Align the AI policy with the organization's existing data classification scheme.
Lead a board or executive conversation about AI governance from a position of preparation.

Every organization that touches a grant proposal needs an AI policy, and most do not have one yet. That gap is your opportunity. A well-written policy protects the organization from privacy violations and disclosure failures, gives staff clear permission to use the tools that actually help, and signals to funders that the organization understands its responsibilities. Writing one is not a legal exercise. It is a strategic exercise, and grant professionals are often the best people in the building to lead it.

In this lesson you will work through the sections that a usable AI policy needs: scope, permitted uses, prohibited uses, an approval process for sensitive applications, disclosure requirements, quality assurance protocols, documentation standards, and staff training expectations. You will see why vague policies (use AI responsibly) fail in practice, and why concrete policies (never paste donor PII into a public model, always run a human edit before submission) succeed. You will also learn how to map the policy to your existing data classification scheme, so the rules align with how the organization already thinks about information.

By the end you should be able to deliver a draft AI policy to a board or executive director, defend each section, and revise it as funder rules and tools evolve. That capability moves you from proposal writer to strategic advisor, which is exactly where this course is taking you.

Common mistakes

These are the traps learners hit most often on this topic. Knowing them in advance is half the fix.

Writing the policy without engineering or IT review.
Grant professionals understand the workflow risk, but enforceable rules also depend on what tools are actually deployed, what logging exists, and which enterprise contracts are in place. Skip IT and the policy will not match reality.
Forgetting to schedule revisions.
AI tools and funder rules change every quarter. A policy without a built-in review cadence (at least annual, ideally semi-annual) is out of date the day it is signed.

Practice problems

Try each on paper first. Click Show solution only after you've made a real attempt.

Problem 1
Draft a "Prohibited Uses" section (five concrete bullets) for a mid-sized nonprofit that runs both health and education programs.
Show solution
Prohibited Uses. (1) Do not paste Protected Health Information into any AI tool that is not covered by a signed Business Associate Agreement. (2) Do not paste student records, including names, IDs, grades, or disability status, into any AI tool that is not covered by a FERPA-compliant data agreement. (3) Do not paste donor personal data, payment information, or giving history into any public or non-enterprise AI tool. (4) Do not paste embargoed or NDA-covered funder content into any AI tool, including peer reviews, draft NOFOs, and confidential program officer correspondence. (5) Do not use AI to make final decisions about hiring, terminations, beneficiary eligibility, or disciplinary actions; AI may inform a human-led process but may not be the deciding step.

Practice quiz

Question 1
Which AI policy clause is most likely to fail in practice?
- Staff must not paste donor PII into any public AI model.
- All grant proposals drafted with AI assistance must be reviewed by a human editor before submission.
- Use AI responsibly and in accordance with our values.
- AI use must be disclosed when funder policy requires disclosure, and disclosures must be logged in the proposal record.
Question 2
Why does the lesson recommend mapping the AI policy to the organization's existing data classification scheme?
- Because data classification is a regulatory requirement under all federal grants.
- Because mapping aligns the AI rules with how staff already think about sensitive information, which improves compliance.
- Because data classification automates AI tool selection.
- Because data classification eliminates the need for an approval workflow.
Reflection 3
In one or two sentences, describe the strategic value to a grant professional of being the person who drafts the organization's AI policy.

Lesson 167 recap

A usable AI policy is concrete, mapped to existing data classifications, and assigned an owner with a revision cadence. Grant Architects are well-positioned to draft and steward it.

Coming next: Lesson 168 — AI Detection and Authenticity

Next, we look at how funders and reviewers detect AI-generated content, and how to keep your work authentic and defensible.

Saved in your browser only — no account, no server.

By the end you'll be able to

⚠️Common mistakes

Writing the policy without engineering or IT review.

Forgetting to schedule revisions.

Practice problems

Practice quiz

Lesson 167 recap

Coming next: Lesson 168 — AI Detection and Authenticity

Common mistakes