Which AI tools can you use?
15 min read
Not all generative AI tools are the same. Which tools you can use, and what you can do with them, depends on how they're deployed and governed. Most public sector organisations work with three tiers of generative AI tools.
Tier 1. Bespoke AI systems
These are custom-built tools designed for specific organisational needs. They have their own governance frameworks, risk assessments, and usage protocols, determined during development and deployment.
If your organisation has built or commissioned a bespoke AI system, it will have specific guidance on appropriate use. Follow that guidance.
Tier 2. Enterprise secured tools
Tools like Microsoft Copilot or Google Workspace AI can be deployed within your organisation's secure environment. They run behind your organisation's firewalls with enterprise-grade security controls.
What you can do with these tools depends on your organisation's specific deployment and data governance policies. Generally, data processed through them stays within your organisation's secure environment. They integrate with existing access controls and permissions, and your IT team controls which features are available. Usage can be monitored and audited.
An enterprise-secured tool doesn't automatically make every use of it appropriate. If you're unsure what's permitted, your IT department or information security team can advise.
Tier 3. Publicly available tools
Tools like ChatGPT, Claude, and NotebookLM are accessed through public websites or applications. They operate outside your organisation's security perimeter.
Most public sector organisations have strict limitations on what you can share with these tools. Common restrictions cover sensitive, confidential, or personal information. This includes anything that could identify individuals, unpublished research or internal analysis, and information covered by your organisation's data classification scheme.
Some organisations prohibit publicly available AI tools entirely for work purposes. Others allow limited use for general research or skill development. Check your organisation's acceptable use policy before using any publicly available AI tool for work.
These three tiers provide a starting framework. The specifics vary between organisations, and sometimes between teams within the same organisation. If you're unsure where a tool sits or what your organisation permits, check before you use it.