AI Usage Policy

AIAdopt, version 1.0

In force: 21 April 2026 · Next review: Q4 2026

Why are we publishing this document?

AIAdopt sells EU AI Act compliance training to other organisations. It would be odd if we didn't have an AI Usage Policy ourselves. We have one, since 21 April 2026, and we publish it here because we think that is consistent: practising what we teach. This document is not a marketing piece, it is our working internal policy. Anyone who wants to see how a sole proprietorship sets up workable AI governance can read along here.

1. Document control

•Document: AIAdopt AI Usage Policy

•Version: 1.0

•Status: In force

•Effective date: 21 April 2026

•Next review: Q4 2026 (and annually thereafter)

•Owner: Rob Ummels, founder

•Applies to: AIAdopt (KBO 0893.223.510), all persons acting on behalf of the organisation, and all AI systems used by or on behalf of the organisation

•Legal basis: Article 4 EU AI Act (Regulation (EU) 2024/1689)

•Voluntary commitment: EU AI Pact pledges, signed April 2026

2. Purpose

This policy describes how AIAdopt deploys artificial intelligence in its own operations, and which rules apply to everyone who uses AI tools on behalf of AIAdopt. It exists for two reasons: to ensure that AIAdopt itself practises what it teaches its clients, and to comply with the AI literacy obligation of Article 4 EU AI Act, as well as the voluntary governance commitments AIAdopt has entered into under the EU AI Pact pledges.

3. Scope and organisational context

AIAdopt is a Belgian sole proprietorship. The organisation has one human worker (the founder, Rob Ummels) and uses AI systems intensively as a working tool. This is a deliberate choice of operating model, not a temporary situation. The policy is written to reflect that reality, not a fictional larger organisation.

Persons covered by this policy

•Rob Ummels, founder, in his role as operator and reviewer of all AI use within AIAdopt.

•Any future contractor, freelancer, family member or successor who acts on behalf of AIAdopt and uses AI tools in that capacity.

•Third parties providing AI-related services to AIAdopt (translators, designers, developers) are contractually asked to comply with this policy or equivalent safeguards, where their work is published or used by AIAdopt.

AI systems covered by this policy

•All AI tools listed in the AIAdopt AI Tool Inventory (separate internal document).

•Any new AI tool the organisation acquires. Addition to the inventory is mandatory before the tool may be used operationally.

4. Roles and responsibilities

Because AIAdopt has one human worker, role separation as in larger organisations is not possible. The founder fills all governance roles, supported by the explicit rules and reviews in this policy.

•The founder is the AI accountable owner, responsible for GDPR compliance in the role of controller or processor depending on the specific processing, the reviewer of AI output, the incident manager and the policy owner.

•The founder is also the only person authorised to introduce a new AI tool into the organisation, to grant third parties access to AI tools, or to approve AI-generated content for external publication.

•When a third party (translator, designer, developer) uses AI in work delivered to AIAdopt, the founder remains accountable for the result and for compliance with this policy.

5. Permitted use of AI

Permitted applications

•Drafting, editing and translating content for the AIAdopt website, training materials, marketing and client communication, with mandatory human review before publication.

•Code generation, code review and technical support in the development of the AIAdopt platform, with mandatory tests before deployment.

•Research, summarising and analysis of public information (legislation, market data, competitive intelligence) to support business decisions.

•Internal productivity tasks: meeting notes, drafting documents, brainstorming, image generation for illustrative purposes.

•Monitoring of EU AI Act developments via the internal EU AI Act Monitor.

Prohibited applications

•Entering personal data of clients, learners, leads or third parties into AI tools that do not have a GDPR-compliant processing agreement or comparable legal basis.

•Entering confidential business information (financial data, contracts, internal strategy documents containing third-party data) into AI tools without first verifying the tool's data processing terms.

•Publishing AI-generated or AI-manipulated content externally without appropriate transparency where Article 50 EU AI Act requires it, or where AIAdopt considers it necessary as a matter of its own policy (see section 8).

•Using AI to make autonomous decisions about individuals (recruitment, certification outcomes, client eligibility, pricing) without human review and final approval by the founder.

•Using browser extensions or unapproved AI tools that are not included in the AI Tool Inventory.

6. Operational rules

The following rules apply to day-to-day AI use within AIAdopt. They arose during the build-up phase of the organisation and are formally recorded here.

Rule 1: Noticeboard test for input

Before entering information into an AI tool, the operator applies the noticeboard test: would I not mind if this information were posted on a public noticeboard? If the answer is no, the information must not be entered. This rule applies to client names, personal data, contracts, financial data, login credentials, internal strategy, and third-party information obtained in confidence.

Rule 2: Output review before publication or deployment

No AI output is published, deployed, sent to a client or otherwise used externally without review by the founder. The review checks factual accuracy, accuracy of quotations and source references, alignment with the house style, absence of hallucinations, and compliance with copyright and applicable law.

Rule 3: Transparency about AI use

Where AI has played a substantial role in externally published content, the AI use is disclosed in line with Article 50 EU AI Act. AI-generated images are given an indication of the tool used. Articles in the AIAdopt Insights section written in collaboration with AI carry an attribution at the end of the article.

Rule 4: No shadow AI

Only AI tools listed in the AI Tool Inventory may be used for AIAdopt work. Browser extensions with AI features, free trial accounts of new tools, and personal AI accounts not registered for business use may not be used for AIAdopt or client data. Adding a new tool requires an update to the inventory before first operational use.

Rule 5: Knowledge of prohibited practices

The founder keeps up-to-date knowledge of the practices prohibited under Article 5 EU AI Act, and ensures that no AI use within AIAdopt falls into a prohibited category. An annual review confirms this.

7. Data protection and confidentiality

All AI use must comply with the General Data Protection Regulation (GDPR) and with applicable Belgian data protection legislation. Specific rules:

•Personal data of clients, learners and leads is only processed via AI tools with which AIAdopt has a processing agreement, or whose provider has verified GDPR-compliant terms of use applicable to the AIAdopt account type.

•The free or consumer versions of public AI tools are not used for processing personal data of identifiable individuals.

•Pseudonymisation or full removal of personal identifiers is applied before a dataset is submitted to an AI tool, to the extent the analysis does not require individual identification.

•Data shared with AI tools for incidental operational tasks (drafting, translating) is assessed beforehand for sensitivity. Where relevant, AIAdopt checks the provider's applicable account settings, processing terms and retention terms.

8. Transparency about AI use (Article 50 EU AI Act and own policy)

Article 50 EU AI Act provides for transparency obligations for certain AI systems, in particular for deepfakes and for AI-generated or manipulated text on matters of public interest. For deployers with human review and editorial responsibility, Article 50 provides an exception. AIAdopt applies the underlying principle of transparency as an internal best practice, even where the law does not strictly require it. We implement this in phases. This section is therefore explicitly split between what already applies and what we are still implementing before 2 August 2026.

Already applicable

•The footer of aiadopt.eu states that all illustrations on this site are AI-generated from human prompts, with the tool used named. This is a voluntary standard stricter than Article 50 strictly requires.

•Insights articles published from May 2026 carry an attribution at the end naming the human author and the AI collaborator, and stating that AIAdopt bears editorial responsibility. AIAdopt discloses these AI contributions as a transparency practice, even where the text has been human-reviewed and falls under AIAdopt's editorial responsibility. Articles I1 and I2 (April 2026) already carry this attribution, ahead of this reference date.

•Synthetic media (deepfakes, voice cloning) are not used.

To be implemented before 2 August 2026

•Should AIAdopt introduce a chatbot or interactive AI agent on the website, it will be clearly labelled as AI to the user, before the interaction begins (in line with Article 50).

•Insights articles published before April 2026 will, where relevant, be given an AI attribution if AI played a substantial role in their creation.

•Per-image labelling on illustrations, in addition to the central footer notice, is being considered on the basis of guidance from the AI Office.

9. Human oversight (principle of Article 14 EU AI Act)

Although Article 14 EU AI Act legally applies to high-risk AI systems, AIAdopt voluntarily applies the underlying principle of meaningful human oversight to all of its AI use. Based on the current AI Tool Inventory, AIAdopt develops or uses no high-risk AI systems. The principle is applied as follows:

•A human reviews every AI output before it leaves the organisation.

•A human makes the final decision in every business judgement informed by AI (pricing, content, client communication, technical architecture).

•The reviewer is trained to recognise the limits of AI: hallucination, bias, outdated knowledge, sycophancy, and convincingly delivered wrong answers.

10. Incident handling

Incidents involving AI tools used by AIAdopt are handled in accordance with the AIAdopt AI Incident Procedure. Triggers in brief: any incident that may constitute a personal data breach under the GDPR, any AI incident that may fall under a legal reporting obligation (including, where relevant, Article 73 EU AI Act), any incident affecting the integrity or availability of the AIAdopt training platform, and any externally published AI output that later proves materially incorrect or harmful.

11. Training and competence

•The founder completes the AIAdopt AI literacy programme appropriate to all relevant roles (employee, manager, IT, sector extensions relevant to client work) and recertifies every 12 months.

•Any future contractor, freelancer or successor with operational access to AIAdopt AI tools completes the same training before first operational use.

•Completion is recorded in the internal training register, with audit-ready certificates kept for at least 5 years.

12. Review and update of this policy

•This policy is reviewed annually, in Q4, by the founder.

•Interim updates are triggered by: significant changes in EU AI Act guidance or national implementation, addition or removal of important AI tools from the inventory, an incident that exposes a gap in the policy, or a material change in the AIAdopt business model.

•Each version is dated and retained. Earlier versions are archived for at least 5 years.

13. References

•AIAdopt EU AI Pact Pledge, signed April 2026

•AIAdopt AI Tool Inventory v1.0 (internal document)

•AIAdopt AI Incident Procedure v1.0

•Regulation (EU) 2024/1689 (EU AI Act), in particular Articles 4, 5, 14, 26, 50 and 73

•Regulation (EU) 2016/679 (GDPR)

Approved by:

Rob Ummels, founder, AIAdopt

[email protected] · https://aiadopt.eu

Place and date: Maaseik, Belgium · 21 April 2026