AI governance for non-profit organisations.

Charity law and trustee duties

Charity trustees have fiduciary duties that extend to governance of technology risks. AI systems that cause harm to beneficiaries, donors, or the charity's reputation can constitute a breach of trustee duty. Boards of trustees need to understand and exercise oversight of material AI risks.

Data protection and beneficiary privacy

Non-profits frequently process sensitive personal data about vulnerable individuals — beneficiaries of health, welfare, legal aid, and social services. AI tools processing this data must comply with GDPR, Australia's Privacy Act, or equivalent — and the sensitivity of the data demands particularly careful governance.

EU AI Act

Non-profits deploying AI in social services, healthcare, employment, or legal aid contexts may be using high-risk AI systems within the meaning of the EU AI Act. Size of organisation is not an exemption criterion.

Donor data and fundraising regulation

AI used in donor prospecting, wealth screening, and fundraising campaign targeting is subject to data protection law and, in some jurisdictions, specific fundraising regulation. Charity regulators have issued guidance on responsible use of donor data.

Beneficiary data in consumer AI tools

Non-profit staff using consumer AI tools — ChatGPT, Copilot, consumer-tier Gemini — for case notes, grant applications, or client communications have inadvertently shared sensitive beneficiary information with third-party AI systems. The consequences include privacy breaches reportable to data protection authorities.

AI fundraising without donor consent

Wealth screening AI and donor prospecting tools that aggregate personal data from public sources without donor awareness have attracted data protection enforcement action against UK charities. The lawful basis for processing must be established before AI wealth screening is deployed.

Automated beneficiary decisions without oversight

Non-profits that use AI to triage or allocate services to beneficiaries — welfare assessments, housing allocation, legal aid eligibility — without adequate human oversight risk procedural unfairness to vulnerable individuals and regulatory exposure.

AI procurement without governance assessment

Small non-profits adopting AI tools through grant-funded technology programs often lack the governance capacity to assess those tools before deployment. Governance requirements do not disappear because the organisation is resource-constrained.

Have your trustees received a briefing on the AI tools the organisation uses and the governance risks they create — including for beneficiary data?

Does your organisation have a written AI use policy that covers what tools are approved, what data may be entered, and who is accountable?

Have you assessed whether any AI tools used for beneficiary services are processing sensitive personal data in ways that require Data Protection Impact Assessments?

What is the lawful basis for any AI-assisted donor prospecting or wealth screening — and have affected donors been informed?

For AI systems that influence which individuals receive services, what human review process exists to ensure fairness and proportionality?

Does your volunteer and staff induction process cover responsible AI use — including what not to enter into consumer AI tools?