Regulatory Framework on the Use of Artificial Intelligence-Based Tools

1. Preamble

Vanier College must establish the necessary conditions to enable staff, faculty, and students to integrate artificial intelligence (AI) tools into their daily work, while promoting the ethical and secure use of these tools.

The following principles apply to any use of a tool or system based on artificial intelligence, whether generative or otherwise. Caution is always advised when using such tools. It is imperative to adhere to this framework to ensure responsible organizational practices and to comply with obligations regarding the protection of personal information and information security. Furthermore, it is essential to preserve and protect the credibility of Vanier College and its information.

2. Guiding principle

The use of artificial intelligence must be viewed as a tool to support innovation, efficiency, and the college’s mission, never as a substitute for professional judgment, human expertise and analysis.

3. Rigor, bias, and validity

Any information, analysis, or content produced using AI must be verified, validated, and refined by a human before internal or external dissemination, in accordance with all applicable laws, regulations and College governing documents. The use of AI can introduce biases in the results obtained and “hallucinations,” i.e., false or misleading information. The use of results derived from biased responses could distort the work performed and encourage discriminatory biases.

The core processes and tasks that traditionally require human intelligence and judgment, such as analyses, case studies, and the drafting of complex documents, must remain human-driven.

The accuracy and quality of the information and content disseminated remain the responsibility of staff members, faculty and managers.

4. Human oversight

The relevant staff member and their department retain control and responsibility for the final content at all times. AI does not replace human judgment, sensitivity, or decision-making. Any permitted use of artificial intelligence must be subject to the authorizations provided herein.

5. Protection of personal and confidential information and data security

It is strictly prohibited to submit or input any confidential, strategic, personal, or non-public information into an GenAI (Generative Ai) tool, including:

Any personal information as defined by the Act respecting Access to documents held by public bodies and the Protection of personal information;
Internal documents or projects not released to the public containing sensitive or strategic information, including intellectual property, confidential data;
Financial, contractual, or human resources data;
Information regarding partners that is not publicly available;
Research data (not public or restricted in distribution);
Correspondence (via any means of communication), internal records, or reports.

6. Responsibility and correction

Any error resulting from the improper use of artificial intelligence must be reported immediately to the IST (Information Systems and Technology) Management to allow for prompt correction, if possible, in accordance with the values of rigor, integrity, and transparency. The incident must also be reported to the immediate supervisor. When the incident involves personal information, the standard reporting procedures applicable to such situations must be followed.

7. Authorized uses

The use of GenAI is authorized in professional, academic, and research settings, under human supervision and in accordance with the principles outlined above.

The following uses are specifically permitted:

Contextual and informational research or publicly available documents, provided that all data and information generated by AI is independently validated before its use. It is imperative to validate the information using original sources, as artificial intelligence may generate erroneous interpretations or conclusions.
Assistance with writing or linguistic editing (ideas, rephrasing, translations, summaries), subject to full human validation prior to distribution and only in situations that do not involve restricted, personal, confidential, or strategic information under any circumstances.
Production of inspirational visual or graphic materials, provided that they do not imitate or distort actual facts and that copyright is respected. The use of images must be in accordance with standard practices for the use of royalty-free images. Users can contact Corporate Affairs and Communication should they want to validate a use case on this subject.
Generation of ideas, communications, training, or activities to support teams, but not as a substitute for their own thinking.
Production of educational materials based on public and royalty-free information and only in situations that do not involve restricted, personal, confidential, or strategic information.

The College Management Executive Committee (MEC) may approve domain-specific guidelines that provide additional direction to further define the use of GenAI in the context of specific activities.

8. Prohibited uses

The following uses of GenAI are strictly prohibited:

Entrusting GenAI with the complete drafting of an official document, paragraphs, or entire sections of a recommendation, analysis, press release, or research report.
- Risks include: plagiarism, intellectual fraud, copyright infringement, bias, factual inaccuracies.
Transmitting restricted, confidential, sensitive, or protected information to an GenAI tool.
- Risks include: serious violation of the Act respecting Access to documents held by public bodies and the Protection of personal information, violation of confidentiality agreements signed by employees, administrative and financial penalties, breach of data confidentiality, triggering a confidentiality incident.
Generating images, videos, or graphics that could be misleading or conceal the truth.
- Risks include: dissemination of false information, misinformation.
Transcription of meetings or gatherings.
- Risks include: lack of consent, unauthorized collection of personal information, breach of confidentiality, triggering a confidentiality incident.

9. Supervision and discussion with the manager

A list of approved use cases of generative AI is published and updated regularly.

Any employee who wishes to adopt or continue using a tool or use cases not included on this list is encouraged to discuss it with their manager. The manager must then consult with IST Management to have a security and compliance analysis conducted using the Privacy Assessment Form. The form must be submitted to the Co-Chairs of the Privacy and Generative AI Governance Committee for review by that committee.

The Co-Chairs of the committee are the Director of Corporate Affairs and the Director of Information Systems and Technology. This process aims to assess suitability, ensure the compliance and security of the intended uses, and verify their alignment with the organization’s values and objectives.

Furthermore, any employee who has doubts regarding the interpretation of this directive or who has any other questions is encouraged to discuss the matter with their immediate supervisor.

10. License acquisition

Any use of software or an artificial intelligence system involving initial or recurring costs must be approved in advance by the manager and the IST Department. This requirement applies to both current uses and new initiatives.

11. Usage registry

Vanier College maintains a usage registry for any tool, system, or practice that utilizes artificial intelligence outside the aforementioned approved list of applications and use cases. This registry records essential information to ensure the traceability and transparency of internal practices. It is reviewed periodically by IST.