Artificial intelligence: what trustees need to know

Written By Glos VCSE Alliance

Artificial Intelligence (AI) is becoming part of everyday working life. From drafting communications and analysing data to automating administrative tasks, many charities are already using AI tools such as ChatGPT, Microsoft Copilot or automated fundraising platforms.

While these tools can bring real efficiencies, they also introduce new risks that trustees need to understand.

Trustees are not expected to be technology experts. However, they do have a responsibility to ensure their charity manages risk appropriately and uses its resources responsibly. The Charity Commission’s guidance The Essential Trustee (CC3) guidance explains that trustees must manage risks, protect charity assets and ensure appropriate systems are in place to safeguard the organisation and those it serves.

For trustees, the key message is simple: AI is not something to fear, but it is something to govern responsibly.

AI raises several governance questions for boards.

  • Data protection

    Many AI tools process large amounts of information, and if staff or volunteers enter personal or sensitive data into external systems there is a risk of breaching UK data protection law. The Information Commissioner’s Office provides detailed guidance for organisations using AI in its Guidance on AI and data protection for organisations, explaining that organisations must ensure AI systems process personal data lawfully, fairly and transparently under UK GDPR.

  • Accuracy and reliability

    AI tools can produce confident sounding answers that may be incorrect or misleading. If AI-generated content is used in funding bids, public communications or research without proper checking, it may affect a charity’s credibility and have disastrous consequences as cases earlier this year have shown.

  • Ethical considerations

    Some charities are exploring AI to analyse service user data or support decision making processes. Trustees should ensure that technology aligns with the organisation’s mission, vision and values and does not reinforce bias or exclusion.

So, what does good practice look like?

Trustees should ensure the organisation has clear internal policy guidance on the use of AI tools, particularly around data protection, confidentiality and human oversight. You can find a template AI policy on our website.

Digital and technology risks should also be included in the charity’s risk register and reviewed regularly by the board.

It can be helpful for trustees to ask a few simple questions:

  • Are staff or volunteers already using AI tools?

  • What guidance exists on responsible use?

  • Are there risks relating to personal data or confidentiality?

Ignoring these questions could expose a charity to reputational or legal risk. But, when managed thoughtfully, AI can also support innovation and free up valuable staff time.

Further reading

1 - Charity Commission – The Essential Trustee (CC3) guidance

2 - Information Commissioner’s Office – AI and Data Protection Guidance
3 - Plinth - AI Strategy for Charity Trustees: A Balanced Guide to Opportunities, Risks, and Governance

4 - Third Sector (member only access) - ‘Significant gap’ between charities’ AI use and board oversight, report suggests

5 - Charity Excellence - Charity Sector AI: Where We Are Now — and Why It Matters

6 - Charity Digital - A trustees’ guide to AI ethics

7 - Civil Society - Concern as figures show fewer charities prioritise cybersecurity

8 - DPO Centre - White Paper: Deploying LLMs with confidence 

Glos VCSE Alliance https://www.glosvcsealliance.org.uk
Next

INTERVIEW: “Trustee of the Year” Nicola Baggott