Versions Compared

Old Version 4

changes.mady.by.user Jarvis Luong

Saved on

compared with

New Version 5

changes.mady.by.user Jarvis Luong

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

To ensure consistency, security, and compliance in the use of Artificial Intelligence (AI), Tekai maintains a curated list of approved AI tools and platforms. Personnels are required to use only these approved tools for AI-related tasks unless explicitly authorized otherwise.

4.1 List of Approved AI Tools

The following AI tools are approved for use at Tekai:

  • GitHub Copilot
  • OpenAI’s GPT, including GPT 3.5, GPT 4, GPT 4o, GPT o1
  • Deepseek V3, R1
  • OpenRouter Framework, using the above mentioned AI tools

Additional tools may be approved on a case-by-case basis, subject to evaluation by the Management team. At the current time of writing, this includes Tekai's founders, and Tekai's COO.

4.2 Criteria for Approval

To be included in the list of approved tools, each AI platform must meet the following criteria:

  • Security: Ensure robust data protection and encryption mechanisms to safeguard sensitive information.
  • Compliance: Align with EU regulations, including GDPR and the AI Act, as well as client-specific requirements.
  • Ethical Standards: Demonstrate a commitment to fairness, transparency, and non-discrimination in AI outputs.
  • Integration: Seamlessly integrate with Tekai’s existing workflows, tools, and systems.
  • Support and Maintenance: Provide reliable customer support and regular updates to address vulnerabilities and improve functionality.

4.3 Prohibited AI Tools

The use of unapproved AI tools (listed in section 4.1) is strictly prohibited. This includes:

  • Public platforms that do not guarantee data privacy or security.
  • Tools that have not been evaluated for compliance with Tekai’s ethical and regulatory standards.
  • AI applications that are known to produce biased, harmful, or discriminatory outputs.

Exceptions may be made for specific projects or clients, but only with prior approval from the AI Governance Committee.

4.4 Monitoring and Updates

Tekai’s Management team will:

  • Regularly Review Tools: Assess the performance, security, and compliance of approved tools on an ongoing basis.
  • Update the List: Add or remove tools from the approved list as new technologies emerge or regulatory requirements change.
  • Address Issues: Investigate and resolve any concerns or incidents related to the use of approved AI tools.

5. Data Privacy and Security

...

  • Restrict the input of sensitive or proprietary data into AI tools, especially public platforms.
  • Align with GDPR and other EU data protection regulations.
  • Reference existing confidentiality and data use policies.

5.1 Data Input Restrictions

To minimize risks, Personnels must adhere to the following guidelines when using AI tools:

  • No Sensitive Data: Prohibit the input of sensitive or confidential information (e.g., client data, personal information, trade secrets) into public or unsecured AI platforms (e.g., ChatGPT, open-source tools).
  • Anonymized Data: When using AI for data analysis, ensure that all data is anonymized or pseudonymized to protect individual identities.
  • Data Minimization: Use only the minimum amount of data necessary to achieve the intended purpose of the AI application.

If any of the restrictions are violated, Personnels are required to report to Tekai's management team as specified in section 5.4

5.2 Guidelines for Tool Usage

When using approved AI tools, Personnels must adhere to the following guidelines:

  • Data Input Restrictions: Listed out in section 5.1
  • Output Validation: Review and validate all AI-generated outputs for accuracy, fairness, and relevance before use.
  • Attribution and Transparency: Clearly indicate when AI has been used to create or modify content, and ensure compliance with intellectual property laws.
  • Training and Familiarity: Complete required training on the proper use of approved AI tools to maximize their potential and minimize risks as specified in section 7

5.3 Compliance with GDPR and Other Regulations

Tekai is committed to complying with all relevant data protection regulations, including:

  • GDPR Principles: Ensure that AI-related data processing adheres to GDPR principles, such as lawfulness, fairness, transparency, and data minimization.
  • Cross-Border Data Transfers: Avoid transferring data to AI tools or platforms located in jurisdictions without adequate data protection standards.
  • Data Subject Rights: Respect the rights of data subjects, including the right to access, rectify, and erase their data.

5.4 Reporting Data Breaches

Employees must immediately report any suspected or actual data breaches involving AI tools to Tekai's Management Team. Details of reporting instruction are listed out in Section 9. Tekai will:

  • Investigate: Assess the scope and impact of the breach.
  • Mitigate: Take steps to contain the breach and prevent further damage.
  • Notify: Inform affected clients, stakeholders, and regulatory authorities as required by law.

6. Intellectual Property (IP) Protection

At Tekai, we recognize the importance of protecting intellectual property (IP) in all AI-related activities. This section outlines our approach to ensuring that AI tools are used in ways that respect and safeguard the IP rights of both Tekai and our clients. Our guidelines are designed to align with industry best practices and legal standards.

6.1 Ownership of AI-Generated Content

  • Client Ownership: Any Result created by AI-generated content created specifically for a client project is governed in the Customer's own Frame Agreement.
  • Internal Ownership: AI-generated content developed for internal use, such as process automation or training materials, is the property of Tekai, subject to applicable laws and contracts.

6.2 Attribution and Transparency

To maintain transparency and accountability, Personnels must:

  • Disclose Use of AI: Clearly indicate when AI tools have been used to create or modify content, ensuring clients are aware of the role of AI in deliverables.
  • Avoid Misrepresentation: Never present AI-generated content as entirely human-created unless explicitly authorized.

6.3 Compliance with IP Laws

Tekai adheres to all relevant IP laws and regulations, including those governing copyright, patents, and trade secrets. This includes:

  • Licensing Requirements: Ensuring that all AI tools used by Tekai are properly licensed and comply with their terms of use.
  • Prohibited Content: Avoiding the use of AI tools to generate content that infringes on third-party IP rights, such as copyrighted material or proprietary data.

6.4 Handling IP Disputes

In the event of an IP dispute related to AI-generated content, Tekai will:

  • Investigate: Conduct a thorough review of the content creation process to determine the source of the dispute.
  • Mitigate: Take corrective action, such as revising or removing the disputed content, to resolve the issue promptly.
  • Collaborate: Work closely with clients and legal advisors to ensure a fair and compliant resolution.

6.5 Personnels Responsibilities

All personnels must adhere to the following guidelines to protect IP:

  • Training: Specified in Section 7.
  • Reporting: Specified in Section 9.
  • Documentation: Maintain accurate records of AI tool usage and content creation processes to support IP claims and disputes.

7. Employee Training and Guidelines

At Tekai, we believe that empowering our employees with the knowledge and skills to use AI tools responsibly is essential for maintaining ethical standards, compliance, and operational efficiency. This section outlines our approach to training and providing clear guidelines for the use of AI technologies.

7.1 Training Programs

Tekai, from time to time, provides comprehensive training programs to ensure Personnels understand how to use AI tools effectively and responsibly. These programs include:

  • AI Fundamentals: An introduction to AI concepts, tools, and their applications in software development and offshoring.
  • Ethical AI Use: Training on ethical considerations, such as avoiding bias, ensuring transparency, and protecting data privacy.
  • Tool-Specific Training: Hands-on sessions for approved AI tools (e.g., GitHub Copilot, OpenAI’s ChatGPT) to maximize their potential while minimizing risks.
  • Compliance Training: Education on relevant regulations, such as GDPR and the EU AI Act, and how they apply to AI use at Tekai.

7.2 Responsible AI Practices

To promote responsible AI use, Personnels are encouraged to:

  • Stay Informed: Keep up-to-date with the latest developments in AI technologies, regulations, and best practices.
  • Seek Guidance: Consult with the AI Governance Committee or supervisors when unsure about the appropriate use of AI tools.
  • Report Issues: Immediately report any concerns, errors, or ethical dilemmas related to AI use to the appropriate team.

7.3 Continuous Learning and Improvement

Tekai fosters a culture of continuous learning and improvement by:

  • Feedback Mechanisms: Encouraging Personnels to provide feedback on AI tools and training programs to identify areas for improvement.
  • Regular Updates: Updating training materials and guidelines to reflect new technologies, regulations, and client requirements.
  • Knowledge Sharing: Promoting collaboration and knowledge sharing among Personnels to enhance collective understanding of AI.

7.4 Consequences of Non-Compliance

Personnels who fail to adhere to Tekai’s AI policies and guidelines may face disciplinary action, including:

  • Warnings: For minor violations, such as improper use of AI tools without malicious intent.
  • Training Requirements: Mandatory retraining for repeated or significant violations.
  • Suspension or Termination: For severe breaches, such as intentional misuse of AI tools or violation of data privacy laws.

8. Monitoring and Governance

This section outlines our approach to monitoring AI systems, ensuring compliance, and maintaining transparency across all operations.

8.1 AI Governance Framework

Tekai has established an AI Governance Framework to oversee the development, deployment, and use of AI technologies. This framework includes:

  • Clear Roles and Responsibilities: Defined roles for employees, project managers, and compliance officers to ensure accountability at every stage of AI use.
  • Policy Enforcement: Mechanisms to enforce compliance with this AI Policy and address violations promptly.

8.2 Monitoring AI Systems

To ensure AI systems operate as intended and adhere to ethical standards, Tekai implements the following monitoring practices:

  • Bias and Fairness Checks: Continuous evaluation of AI models to detect and mitigate biases, ensuring fairness in decision-making processes.
  • Incident Reporting: A system for Personnels to report concerns, errors, or ethical issues related to AI use without fear of retaliation.

8.3 Risk Management

To address potential risks associated with AI, Tekai implements:

  • Risk Assessments: Systematic evaluations of AI projects to identify and mitigate risks related to bias, privacy, security, and compliance.
  • Contingency Plans: Strategies to address AI system failures, such as reverting to manual processes or deploying alternative solutions.
  • Third-Party Evaluations: Engaging external experts to assess the safety and ethical implications of high-risk AI systems.

8.4 Continuous Improvement

Tekai is committed to evolving its AI governance practices to keep pace with technological advancements and regulatory changes. This includes:

  • Feedback Loops: Incorporating employee, client, and stakeholder feedback to refine AI policies and practices.
  • Regulatory Updates: Staying informed about changes in AI-related laws and regulations to ensure ongoing compliance.
  • Innovation with Responsibility: Balancing innovation with ethical considerations to drive progress while safeguarding trust.

9. Incident Reporting and Escalation

This section outlines our approach to identifying, responding to, and mitigating incidents involving AI systems.

9.1 Definition of AI Incidents

An AI incident is any event that results in unintended or harmful consequences due to the use of AI tools or systems. Examples include:

  • Data Breaches: Unauthorized access or leakage of sensitive data caused by AI systems.
  • Bias or Discrimination: AI outputs that perpetuate bias, discrimination, or unfair treatment.
  • System Failures: Errors or malfunctions in AI systems that lead to incorrect decisions or outputs.
  • Non-Compliance: Violations of regulatory or client-specific AI policies.

9.2 Incident Response Process

Tekai follows a structured incident response process to address AI-related issues effectively:

  1. Detection and Reporting:
    • Personnels must immediately report suspected or actual incidents to the AI Governance Committee or IT Security team.
    • Anonymous reporting channels are available to encourage accountability without fear of retaliation.
  2. Assessment:
    • The AI Governance Committee will assess the scope, severity, and potential impact of the incident.
    • Immediate containment measures will be implemented to prevent further harm.
  3. Mitigation:
    • Corrective actions will be taken to resolve the issue, such as revising AI models, updating processes, or disabling faulty systems.
    • Affected systems will be thoroughly tested before being reintroduced into operations.
  4. Communication:
    • Relevant stakeholders, including clients and regulatory authorities, will be informed of the incident and remediation efforts in a timely and transparent manner.
  5. Documentation:
    • Detailed records of the incident, including root cause analysis and corrective actions, will be maintained for audit and accountability purposes.

9.3 Mitigation Strategies

To prevent future incidents, Tekai implements the following mitigation strategies:

  • Ongoing Monitoring: Continuous oversight of AI systems to detect and address potential issues early.
  • Training and Awareness: Regular training for Personnels on identifying and mitigating AI-related risks.
  • Bias Audits: Periodic reviews of AI models to ensure fairness and eliminate discriminatory outputs.
  • Backup Systems: Contingency plans, such as manual processes or alternative tools, to maintain operations during system failures.

9.4 Post-Incident Review

After resolving an incident, Tekai conducts a thorough post-incident review to:

  • Analyze Root Causes: Identify the underlying factors that contributed to the incident.
  • Improve Processes: Update policies, procedures, and AI systems to prevent recurrence.
  • Share Learnings: Communicate lessons learned across the organization to enhance collective awareness and preparedness.

9.5 Client Notification

Tekai is committed to transparency with clients in the event of an incident. This includes:

  • Timely Updates: Informing clients of the incident, its impact, and the steps taken to resolve it as soon as possible.
  • Collaboration: Working closely with clients to address any concerns or mitigate impacts on their projects.
  • Preventive Measures: Sharing preventive actions implemented to avoid similar incidents in the future.

10. Alignment with Client Policies

...