Application of the Artificial Intelligence (AI) Use Policy

Supplemental Document: AI Use Policy in Relation to Other University Policies and Standards
Responsible Executive: Vice President for Information Technology and Chief Information Officer
Responsible Office: Office of the Vice President for Information Technology
Date Issued: 4/13/2026
Date Last Revised: N/A

Contacts

Clarification of Supplemental Material

Purdue Systems Security | itpolicyanswers@purdue.edu

Statement of Supplemental Material

Purdue encourages the responsible use of generative artificial intelligence (GenAI) and large language model (LLM) tools and technologies, such as OpenAI's ChatGPT, Microsoft’s CoPilot and Google Gemini, in research, education, and administrative work.

As an education and research institution, Purdue supports responsible, measured experimentation with and use of new technologies. These tools have the potential to increase productivity and allow the university to create new value for the world. However, information entered into tools that Purdue has not established an appropriate agreement with may become the property of the tool provider and used in training the services it provides to others. Responsible use of AI is essential to maintain academic integrity, data security, and institutional standards.

GenAI and LLM technologies evolve rapidly. The AI Use policy (VII.A.5) includes requirements for responsible use of AI tools. As AI tool capability and university use evolve and mature, the policy will also be evaluated and changed as needed.

AI Use Policy in Relation to Other University Policies and Standards

The AI Use policy (VII.A.5) outlines certain limitations. These limitations are applicable to other policies and standards as listed below.

Limitation: Sensitive and Restricted Data must not be entered into AI tools without prior approval.

This includes testing and training AI tools. Approval must be granted for the tool itself and for the specific usage case. Refer to policy VII.A.5 for information on obtaining approvals.

The Acceptable Use of IT Resources and Information Assets (VII.A.4) policy provides definitions for Sensitive Data and Restricted Data. Purdue must safeguard data and comply with all relevant laws, regulations, and policies. Uploading sensitive or restricted data into unapproved GenAI or LLMs poses significant security, confidentiality, and institutional integrity risks. These systems may retain, process, and inadvertently expose sensitive information to unauthorized individuals.

The policies and standards below address types of data that are protected in some way and therefore considered sensitive or restricted:

• Access to Student Education Records (VIII.A.4) – Student information and records
• Assignment, Construction, Alterations, Improvements and Maintenance to Facilities (IV.B.4) – Building specifications, architectural drawings, floorplans
• Biometric Technologies (S-14) – Biometric data and biometric hashes
• Charitable Donations to the University (II.B.2) – Donor information and records
• Classified Information (I.A.7) – Information related to research deemed classified by the federal government
• Compliance with HIPAA Privacy and Security Regulations (S-10) – Protected health information
• Controlled Unclassified Information (CUI) in Research (S-32) – CUI subject to Cybersecurity Maturity Model Certification (CMMC)
• Electronic Mail (S-7) – Messages sent or received on Purdue email servers
• Intellectual Property (I.A.1) - Intellectual property owned by the University or its supporting organizations
• IT Resource Logging (S-11) – System, network or application logs
• Limited English Proficiency (S-25) – Protected student information for translation
• Official Identification Cards (IV.B.5) – Copies or images of ID cards and the data associated with them
• Payment Card Acceptance, Security, Compliance and Governance (S-1) – Cardholder data and transaction information
• Programs Involving Minors (III.A.6) – Participant information and records
• Privileged Accounts and Service Accounts (S-15) – Information associated with career accounts, privileged accounts and service accounts
• Race and Ethnicity Data in Admissions and Financial Aid (S-30) – Applicant data
• Research Involving Human Subjects (I.C.1) – Data and information gathered on human subjects
• Social Security Numbers (SSNs) (S-18) – SSNs recorded for students, employees, and other individuals associated with the University
• User Credentials (S-16) – Usernames, passwords, and other authentication information
• Volunteers (VI.B.2) – Data and records on volunteers

 

Limitation: AI must not be the sole factor used in making personnel, award or disciplinary decisions.

Relying on AI-generated content for critical decisions like hiring, promotion, performance reviews, awards, or investigations could introduce bias and undermine established evaluation standards. Unit heads are responsible for determining the extent to which AI may be used to inform decision-makers in their respective areas.

The policies and standards below address instances that involve various types of decision-making.

Employment and Performance

• Academic Freedom, Responsibilities, and Tenure, and Procedures for Termination for Cause (B-48)
• Academic Tenure and Promotion (I.B.2)
• Background Checks (VI.F.6)
• Clinical/Professional Faculty Appointment and Promotion (VI.F.10)
• Performance Evaluations for Staff (VI.F.7)
• Performance Reviews for Tenured, Tenure-Track, Clinical/Professional and Research Faculty (S-4)
• Reduction in Workforce (VI.F.2)
• Research Faculty Appointment and Promotion (VI.F.8)
• Retirement Transition Options (S-6)
• Review of Administrative Officers (VI.F.3)
• Terms and Conditions of Employment of Faculty Members (B-50)
• Terms and Conditions of Employment of Graduate Student Staff (VI.F.11)
• Terms and Conditions of Employment of Lecturers (VI.F.4)
• Terms and Conditions of Employment of Postdoctoral Researchers, Clinical Residents and Clinical Interns (VI.F.13)
• Terms and Conditions of Employment of Staff (VI.F.5)

Admissions and Tuition

• Ethical Recruitment of Students (III.A.7)
• Residence Classification of Students for Tuition Purposes (II.D.1)
• Scholarship Awarding and Administration (II.D.2)
• Student Loan Code of Conduct (III.A.3)

Disputes and Investigations

• Academic Regulations and Student Conduct
• Anti-Harassment (III.C.1)
• Dispute Resolution (VI.D.1)
• Equal Opportunity and Equal Access (III.C.2)
• Faculty Grievances (I.B.1)
• IT Security Incident Response (S-17)
• Persona Non Grata (IV.A.5)
• Protection Against Reprisal for Good Faith Disclosures (Whistleblower Protection) (III.A.4)
• Research Misconduct (III.A.2)
• Title IX Harassment (III.C.4)

Benefits and Recognition

• Courtesy Faculty Appointments (S-29)
• Distinguished and Named Professorships and Faculty Scholars (VI.C.1)
• Emeritus Faculty (S-23)
• Family and Medical Leave (S-26)
• Gifts, Gratuities and Recognition (III.B.5)
• Moving Allowances (II.A.2)
• Retired Faculty and Staff, Surviving Spouses and Surviving Children, Status and Privileges of (VI.A.1)
• Sabbatical Leaves (I.A.5)

Agreements, Partnerships, Contracts

• Approval of Fees and Charges (V.B.7)
• Conflicts of Commitment and Reportable Outside Activities (III.B.1)
• Individual Financial Conflicts of Interest (III.B.2)
• Institutional Conflicts of Interest (III.B.6)
• Intellectual Diversity (S-27)
• Research Security Program (I.A.6)

Delegated Authority – Authority and responsibility may not be delegated to an AI system.

• Delegation of Authority and Responsibility for Making and Executing University contracts and Written Agreements (Except Employment Contracts) (EVPT A-19)
• Delegation of Authority and Responsibility to Members of the Staff of the Vice President and Treasurer (EVPT A-14)
• Delegation of Signature Authority for Approving the Obligation of University Funds for Procurements of Services, Supplies and Expenses, and Capital (EVPT A-35)
• Delegation of the President’s Authority (V.B.5)

Other Related Policies

• Electronic Information, Communication and Technology Accessibility (S-5) – Materials from AI systems and the tools themselves must meet accessibility requirements.
• University-Sponsored Social Media Outlets (VII.C.2) – Posted content generated or manipulated with an AI tool should be labeled as such.

History and Updates

4/13/2026: New supplemental material published in support of the Artificial Intelligence Use Policy (VII.A.5).