Artificial intelligence is now part of everyday work for many associations and not-for-profits. It can help draft communications, summarise information, improve productivity, support event planning, analyse feedback, prepare first drafts of submissions, and reduce pressure on small teams.

But AI also brings real risks.

For New Zealand associations, those risks are not only technical or legal. They go to trust, privacy, governance, member relationships, reputation, fairness, copyright, and the quality of advice provided to members, stakeholders and government.

The answer is not to ban AI. That would be unrealistic. Nor is it sensible to allow unrestricted use. The practical middle ground is to have a clear AI Usage Policy that allows staff, volunteers, board members and contractors to use AI safely, transparently and responsibly.

Here are ten key considerations for New Zealand associations when developing or reviewing an AI Usage Policy.

1. Keep humans accountable for final work

AI can support the work of an association, but it should not replace human judgement.

It may be useful for drafting, summarising, editing, brainstorming, planning and testing ideas. However, any final communication, advice, report, policy submission, board paper, resource or member-facing material must still be reviewed and approved by an appropriate person.

This is especially important for associations because members rely on the organisation’s judgement, not the output of a technology tool. AI can assist, but accountability must remain with staff, officers, board members or authorised representatives.

A useful policy principle is:

AI may be used as a support tool, but all final decisions, advice, communications, submissions, reports and member-facing content must be reviewed and approved by an appropriate person before use.

2. Protect member, staff, board and stakeholder information

Associations hold a significant amount of information. This may include member records, event registrations, board papers, committee papers, employment information, complaints, awards entries, survey responses, financial information, sponsor details and commercially sensitive material.

This information should not be copied into public or unapproved AI tools.

The issue is not just whether the information is obviously confidential. It is whether the organisation has permission, authority and appropriate safeguards to use that information in this way.

A good AI policy should make it clear that staff, board members, volunteers and contractors must not enter personal, confidential or sensitive organisational information into AI tools unless the tool has been approved and the risks have been assessed.

3. Be clear about which AI tools may be used

Many people are already using AI in their work, whether their organisation has a policy or not. A good policy should not pretend otherwise. It should provide clear and practical guidance.

The policy should set out which tools are approved, what they may be used for, and what uses are not allowed.

For example:

Use of AI	Position
Drafting a general email or newsletter item	Usually acceptable, with human review
Summarising public information	Usually acceptable, with source checking
Uploading board papers	Not acceptable unless using an approved secure tool
Uploading member lists	Not acceptable
Drafting a policy submission	Acceptable as a support tool, but evidence and member positions must be checked
Recruitment shortlisting	High risk and should require senior approval
Complaints, disciplinary or membership decisions	AI must not be the sole decision-maker

The goal is not to make AI difficult to use. The goal is to make sure people understand the boundaries.

4. Apply New Zealand privacy obligations

For New Zealand associations, privacy needs to be at the centre of any AI policy.

The Privacy Act 2020 sets out rules for how personal information is collected, used, stored, disclosed and protected. When personal information is entered into an AI tool, that may involve a use, disclosure, storage or transfer of information.

This means associations should be cautious about using AI tools with information relating to members, staff, volunteers, board members, complainants, event attendees, sponsors, suppliers or stakeholders.

The policy should require people to consider:

• whether the information is personal or confidential
• whether the organisation has authority to use it in this way
• where the information may be stored or processed
• whether the AI provider may retain or use the information
• whether the use is consistent with the organisation’s privacy statement
• whether the information should be de-identified first

In simple terms, if you would not publish the information or send it to an unknown third party, do not put it into an unapproved AI tool.

5. Check accuracy before relying on AI output

AI can produce confident answers that are wrong, incomplete, outdated or misleading. This is a real risk for associations because members often rely on association guidance to make decisions.

AI-generated information should always be checked before it is used, especially where it relates to:

• law or regulation
• health and safety
• employment matters
• governance
• financial information
• industry standards
• technical guidance
• public policy
• member advice
• statistics or research
• quotes or source material

Associations should be particularly careful when using AI for policy submissions, advocacy work or public statements. AI can help structure arguments, identify possible themes and improve readability, but it must not invent evidence, overstate a position, or replace genuine member consultation.

A useful rule is:

AI output must be treated as a draft or prompt, not as verified fact.

6. Watch for bias, discrimination and unfairness

AI tools can reflect bias in the data they have been trained on. This matters when AI is used to support decisions about people.

Associations should be careful using AI in areas such as recruitment, awards judging, complaints, membership applications, disciplinary matters, grants, scholarships, speaker selection, committee appointments or service access.

AI should not be the sole basis for decisions that affect a person’s employment, membership, reputation, opportunity or access to services.

The policy should require human oversight and, where appropriate, a fairness check.

A practical policy statement could be:

AI must not be used as the sole basis for decisions affecting employment, membership status, complaints, disciplinary matters, awards, funding, access to services or other significant outcomes. Any AI-assisted process must be checked for bias, fairness, accuracy and explainability.

7. Protect the association’s voice, purpose and reputation

Associations are built on trust, relationships, credibility and sector knowledge. AI can help with efficiency, but it can also make communication sound generic, impersonal or detached from the sector.

This is a particular risk in New Zealand, where sectors are often small and relationships matter. Members usually know when something sounds like it has been written without care or context.

AI-generated content should still reflect the association’s purpose, values, tone, member knowledge and New Zealand context.

This is especially important for:

• member newsletters
• advocacy updates
• public statements
• media releases
• governance resources
• conference material
• learning summaries
• sensitive member communications

A policy should make it clear that AI must support the association’s voice, not replace it.

8. Do not replace human relationships with automation

AI can be helpful for administration and communication, but it should not be used as a substitute for proper member engagement.

Associations exist because people need connection, representation, learning, standards, advocacy and community. Over-automation can weaken that relationship.

There will be times when a direct phone call, personal email, meeting or human response is still the right approach.

This is particularly true for:

• complaints
• member dissatisfaction
• sponsorship discussions
• board matters
• employment issues
• conflict
• sensitive advocacy matters
• major partnership discussions
• crisis communication

The policy should recognise that AI can assist with efficiency, but human judgement and relationships remain central to association work.

9. Manage copyright, ownership and intellectual property carefully

AI can create text, images, templates, summaries, policies, reports and resources very quickly. However, associations should not assume that AI-generated material is automatically safe to use.

There may be issues around copyright, ownership, licensing, confidential information, third-party content, trademarks, images, and whether the material is sufficiently original or properly sourced.

This matters for associations that publish resources, sell templates, produce training material, run conferences, prepare reports, or provide guidance to members.

A practical policy should say:

Staff, contractors and volunteers must not assume AI-generated material is free of copyright, privacy, trademark or licensing risk. AI-generated content, images, templates, reports and resources must be reviewed before publication or commercial use.

Associations should also be careful about asking AI tools to reproduce or summarise paid resources, member-only content, standards, publications, training material or documents owned by another organisation.

10. Require contractors, speakers and volunteers to follow the policy

Associations often rely on more than paid staff. Contractors, consultants, speakers, authors, committee members, judges, facilitators and volunteers may all create or handle information on behalf of the organisation.

The AI policy should apply to them where relevant.

This is especially important when external people are preparing reports, judging awards, writing resources, delivering training, reviewing submissions, handling member information or creating content for the association.

A useful clause is:

Where a contractor, consultant, speaker, author, judge, committee member or volunteer uses AI in preparing material or services for the organisation, they must comply with this AI Usage Policy, protect confidential and personal information, check the accuracy of AI-assisted work, and disclose AI use where requested.

For speakers and contributors, the requirement can be kept simple:

Speakers and contributors are responsible for ensuring their content is accurate, lawful, appropriately sourced, and not in breach of copyright or confidentiality obligations, including where AI tools have been used.

And... 

AI is not going away. For New Zealand associations, the question is not whether AI should be used, but how it should be used well.

A good AI Usage Policy should be practical, clear and proportionate. It should help people use AI confidently while protecting member trust, privacy, governance standards, intellectual property, fairness and the reputation of the organisation.

Used well, AI can help associations work smarter and free up time for the things that matter most: members, relationships, advocacy, learning, leadership and community.

Used poorly, it can damage trust very quickly.

That is why every association should have a clear position on AI use before a problem arises.

Adapted for New Zealand associations from Business Law Today’s article, “Top Ten AI Usage Policy Considerations for Nonprofits”.