Bertie Bosrédon
Bertie Bosredon, resources for NGOs and charities
Artificial Intelligence

AI readiness checklist

AI is already inside most organisations, whether it has been formally approved or not. Staff are testing tools, drafting content, summarising notes, translating text, analysing data, and looking for shortcuts.

The risk comes when AI use grows faster than governance, training, data protection, and human accountability.

This checklist is a practical starting point for charities, NGOs, membership organisations, and mission-driven profits that want to use AI safely, usefully, and without creating unnecessary risk.

Who this checklist is for

This resource is designed for organisations that are:

  • Exploring AI tools for fundraising, communications, operations, programmes, or supporter engagement
  • Seeing staff use AI informally and wanting clearer rules
  • Considering Claude, Microsoft Copilot, ChatGPT, Mistral, Gemini, Notion AI, or similar tools
  • Worried about data protection, confidentiality, bias, hallucinations, and reputational risk
  • Trying to move from exploration to a simple, responsible AI operating model

If that sounds familiar, you do not need 50-page AI policy before you begin. But you do need a few non-negotiables.

Five must-have

A named AI lead: one person accountable for coordination, guidance, and escalation. Not a committee that never meets
An approved tools list: a clear list of which AI tools staff are allowed to use, for what purpose, and under which conditions
A data protection rule: a visible list of data that must never be entered into AI tools, including personal data, HR files, medical or legal records, safeguarding information, donor payment details, and anything sensitive
A human validation rule: every AI-assisted output is reviewed, checked, and owned by a person before it is used
An escalation channel: a simple way for staff to ask questions, report doubts, or flag mistakes without fear or confusion
The general principle is simple: AI can support but it cannot own the judgement. Every AI-assisted output must be reviewed and validated by a team member before use.

Why this matters

AI can help charities and international organisations move faster. It can support drafting, research, segmentation, reporting, translation, internal knowledge management, and donor communications.

But usage without governance creates new risks.

Common problems include:

  • Staff using personal AI accounts with sensitive organisational data
  • Different teams choosing different tools without shared guidance
  • AI-generated content being published without fact-checking
  • Donor, supporter, or beneficiary information being copied into unsafe systems
  • Unclear responsibility when an AI-assisted output is wrong, biased, or inappropriate
  • Senior teams approving AI pilots before the organisation is ready to manage them

Most organisations start with the tool. The better starting point is the operating model.

A simple AI readiness framework

Before scaling AI, look at five areas.

AreaReadiness question
GovernanceWho is responsible for AI use, decisions, approvals, and escalation?
DataWhat information is safe to use, restricted, or completely off limits?
ToolsWhich AI tools are approved, and which are not?
PeopleDo staff understand the risks, limits, and expected behaviours?
QualityHow are AI outputs checked before they influence decisions or public communication?

If you cannot answer these questions clearly, it is too early to scale AI across the organisation.

What good looks like

A responsible AI setup does not need to be complicated. At minimum, your organisation should be able to say:

  • We know which AI tools staff can use
  • We know what data must never be shared with AI tools
  • We have a named person responsible for AI guidance
  • We have a human review process for AI-assisted work
  • We have a way to capture questions, incidents, and lessons learned
  • We have an offboarding process that removes AI tool access, recovers role-related workspaces or agents, and checks that organisational data is not left in personal or unapproved accounts
  • We can explain our approach to trustees, leadership, staff, donors, and partners

This is not about slowing innovation down. It is about making AI useful enough, safe enough, and trusted enough to last.

Quick self-assessment

Use these questions with your leadership, digital, fundraising, communications, HR, data, and programme teams.

QuestionYesNot yet
Do we have an agreed position on which AI tools staff can use?
Have we defined what information must never be entered into AI tools?
Do staff know when AI can support their work and when it should not be used?
Is there a clear review process before AI-assisted content is published or shared?
Do we have a named owner for AI governance and escalation?
Are AI risks included in our wider data protection, safeguarding, or information security thinking?

If you answer “not yet” to two or more of these, your organisation would benefit from a short AI readiness review before scaling usage.

A few red lines

Every organisation will need its own guidance, but these red lines are a useful starting point.

Do not put the following into public or unapproved AI tools:

  • Personal data about donors, supporters, beneficiaries, staff, volunteers, or partners
  • Information relating to casework, safeguarding, protection, health, or legal matters
  • CVs, cover letters, or candidate application files, because the future impact of automated analysis on a person’s career is difficult to predict
  • Payment details, bank details, identity documents, or due diligence records
  • Confidential strategy papers, board documents, contracts, or internal investigations
  • Raw exports from CRM, email, analytics, fundraising, or service delivery systems
  • Anything you would not be comfortable explaining to a data protection officer, trustee, regulator, or affected person

What to do next

If you want to introduce AI safely, start with small steps.

  1. Map where AI is already being used
  2. Agree the tools that are approved for staff use
  3. Define your data red lines
  4. Create a simple human review rule
  5. Set up an escalation route
  6. Train staff with practical examples from their own work
  7. Review the approach after 60 to 90 days

This gives you enough structure to reduce risk without turning AI governance into a theoretical exercise.

Need help assessing your AI readiness?

I help NGOs, foundations, and international organisations design practical AI frameworks that staff can actually use.

A short AI readiness review can help you:

  • Identify current AI use across teams
  • Clarify risks and red lines
  • Define approved tools and use cases
  • Create simple governance and review processes
  • Build staff confidence with practical guidance
  • Turn AI from scattered experimentation into a responsible operating model

Resource last updated 6 July 2026


View more resources