Where We Stand

Artificial Intelligence is no longer on the horizon — it is already embedded in how we work. More than 80% of organisations worldwide are applying AI in some form, and 83% treat it as a top strategic priority. Three in four employees now use AI tools regularly, yet the majority have not received adequate guidance on how to do so safely or effectively.

In the heart of Europe, nearly half of employees in Belgium already use generative AI. Those who do report meaningful benefits: greater productivity (72%), higher-quality output (67%), and more time freed up for meaningful work (60%). At the same time, roughly half of those same employees say their employers have not adequately prepared them — and a similar proportion worry about the accuracy and security risks that AI tools can introduce.

This document is our response to that gap. It sets out how we approach AI: what we encourage, what we prohibit, and what we expect from everyone in our organisation.

Understanding the Risks

Data Protection & Privacy

AI tools consume data — often large volumes of it. When employees enter information into external AI platforms, that data may be stored, processed, or used by third-party providers in ways that fall outside our control. The European Data Protection Board has specifically warned that inputting personal data or commercially sensitive information into generative AI chatbots can result in data breaches. Any breach must be reported to the relevant supervisory authority without delay.

The rule is simple: if you would not send it to a stranger, do not enter it into an AI tool.

Accuracy, Bias & Explainability

AI systems can produce plausible-sounding results that are simply wrong. They can reflect the biases present in their training data. Many operate as “black boxes” — producing outputs that cannot be easily traced or explained. These characteristics create real risks: decisions based on incorrect AI outputs, discriminatory outcomes, and reputational harm. Critical review of AI-generated content is not optional — it is a professional obligation.

Third-Party Tools & Shadow IT

Not every AI tool on the market meets our security and compliance standards. When employees install or integrate unapproved tools — sometimes called “shadow IT” — they introduce unknown vulnerabilities into our systems and potentially expose organisational data without authorisation. All AI tools must be approved before use, regardless of how widely available or seemingly harmless they appear.

What We Expect: Do’s & Don’ts

Do’s — What Good AI Use Looks Like

  • Protect sensitive information. Never input personal data, confidential contracts, financial records, or strategic plans into an AI system. Assume that anything you enter into an external tool may be accessible to the provider.
  • Use only approved tools. Our IT and cybersecurity teams maintain a list of AI tools that have been assessed for security and legal compliance, including GDPR. Use those tools. If you want to use something not on the list, request approval first.
  • Keep humans in the loop. AI is a powerful assistant, not a decision-maker. Before acting on or sharing any AI-generated output, verify its accuracy, check for bias, and apply your own professional judgement.
  • Be transparent about AI use. If a report, email, or document was produced with the help of AI, say so. A brief note is sufficient. Transparency protects you and maintains trust.
  • Invest in your AI literacy. The EU AI Act requires employers to ensure their staff are AI-literate. We take that seriously — and so should you. Attend the training sessions we provide and stay current as the technology evolves.
  • Raise concerns early. If you are unsure whether a particular AI application is appropriate, ask. Contact your manager, our AI Officer, or the legal team. It is always better to ask than to assume.

Don’ts — Lines We Do Not Cross

  • Do not share confidential data. Patient records, customer information, employee data, and proprietary business information must never be uploaded to external AI services. This applies regardless of the tool’s stated privacy policy.
  • Do not accept AI output uncritically. AI systems hallucinate. They produce confident-sounding errors. Treat every output as a first draft that requires your expert review, not a final answer.
  • Do not install unauthorised tools. Installing AI applications or plug-ins that have not been approved by IT is a security risk and a policy violation. This includes browser extensions, productivity add-ons, and API integrations.
  • Do not present AI-generated work as solely your own. Failing to disclose the use of AI where it has shaped the substance of your work is misleading and may constitute a form of misrepresentation. Disclose appropriately.
  • Do not attempt to circumvent controls. Our security and privacy measures exist for good reasons. Attempting to work around them — whether technically or procedurally — may result in disciplinary action and potential legal liability.

Our AI Policy Framework

A responsible approach to AI requires more than a list of rules. It requires a living framework that addresses risk, supports people, and evolves alongside the technology. Our framework is built around the following pillars:

  • Risk classification. We assess AI systems against the categories defined in the EU AI Act. Systems that pose unacceptable risk — such as those that perform real-time biometric surveillance, social scoring, or subliminal manipulation — are prohibited. High-risk systems require heightened oversight and documentation.
  • Data governance. All AI-related data processing must comply with GDPR and any applicable sector-specific regulation. We maintain clear policies on data encryption, access controls, and deletion schedules.
  • Transparency and fairness. We require documentation of the datasets, algorithms, and parameters used in AI systems we deploy. Where AI informs decisions about people, we conduct fairness assessments and maintain the ability to explain those decisions.
  • Permitted and prohibited uses. Approved uses include tasks such as translation, summarisation, scheduling assistance, and workflow automation. Uses that are prohibited include any AI-assisted personnel selection based on sensitive characteristics, and any system that makes consequential decisions without human review.
  • Training and governance. Every employee receives AI literacy training appropriate to their role. Our AI Governance Team is responsible for monitoring compliance, reviewing new tools, updating this policy, and serving as a point of contact for questions.
  • Accountability and enforcement. Violations of this policy are taken seriously. Depending on severity, consequences may range from additional training to disciplinary action. All employees are required to confirm that they have read and understood this policy.
  • Continuous review. AI is changing rapidly. We will review this policy at least annually and update it in response to new legislation, technological developments, and the lessons we learn from our own experience.

Closing Statement

AI offers genuine and significant benefits: faster work, better outputs, and space for human creativity and judgment to operate at a higher level. We want our people to realise those benefits. But the figures are clear — too many employees feel underprepared, and too many organisations are learning about AI risks after something has gone wrong.

This policy is not a barrier to using AI. It is the foundation that allows us to use it well.

AI will change the world.

Let’s change with it — responsibly.