1. ai
  2. /ethics

Responsible Use

AI coding tools raise questions beyond "does it compile" — licensing, accountability, bias, and what you ship to users.

Last reviewed: June 2026

Legal and regulatory guidance evolves. Consult your legal team for binding policy; use Team AI Policy as a starting template.

Developer Responsibilities

PrinciplePractice
You own the mergeAI suggests; you approve. Your name is on the commit.
Verify everythingChecklist before production
Disclose when appropriateTeam norms for ai-assisted PR labels
Respect licensesCopilot and models train on public code — understand org policy
Protect user dataDo not paste PII/secrets into prompts

Bias and Fairness

Models reflect training data biases. Generated code can:

  • Use exclusionary examples in docs and variable names
  • Assume defaults (names, locales) that exclude users
  • Skew toward patterns overrepresented in open source

Review user-facing copy and business logic for fairness — especially hiring, credit, health, and moderation features.

Reference: NIST AI Risk Management Framework for structured risk assessment.

Licensing and IP

Questions to clarify with your employer/legal team:

  • Are AI-generated snippets allowed in proprietary code?
  • What attribution is required for open-source projects?
  • Does your Copilot/enterprise plan include IP indemnity?

Primary sources:

When in doubt, treat AI output like code from an unknown contributor — review license compatibility.

EU AI Act (high level)

If you ship AI features in the EU, your product may face transparency and risk-management obligations depending on use case (e.g. employment, credit, law enforcement). Developers should know whether their feature is limited risk (transparency) vs high risk (conformity assessment). Official overview: EU AI Act.

This is not legal advice — route classification questions to counsel.

User-Facing AI Features

If your product uses LLMs:

  • Be transparent that responses are AI-generated when users expect it
  • Provide escalation to humans for high-stakes decisions
  • Log and monitor for abuse (security guide)
  • Do not present probabilistic output as guaranteed fact

UX patterns that work

PatternExample
Label"Generated by AI — may contain errors" below the response
ConfidenceShow when retrieval found no matching docs ("I couldn't find this in your knowledge base")
Human escalation"Talk to support" button on billing, medical, or legal topics
CitationsLink to source doc chunks in RAG-powered answers
Regenerate / editLet users fix bad output without starting over

Avoid: fake human names, hiding AI involvement in customer support, or presenting guesses as verified facts.

Environmental and Cost Awareness

Large model inference consumes energy. For high-volume features:

  • Use smaller models where quality allows
  • Cache responses
  • Rate limit to prevent waste

See Cost, Latency, and Tokens.

Sample Team Policy Block

Paste into internal docs and customize. Full rollout guide: Team AI Policy.

## AI-Assisted Development Policy

### Approved tools
- Cursor (Business) and GitHub Copilot (Enterprise) for company repositories
- Claude Code only on non-production clones with anonymized data

### Data handling
- Do not paste customer PII, production credentials, or unreleased financials into cloud models
- Use .cursorignore / rules to exclude secrets paths

### Review requirements
- All AI-assisted PRs labeled `ai-assisted`
- Auth, payments, and infra changes require senior reviewer regardless of AI use
- Run lint, test, and build before merge — see Pre-Merge Verification checklist

### Incidents
- If secrets are pasted into a cloud model: rotate credentials within 1 hour and notify security@

Team Norms Checklist

  • [ ] Shared AGENTS.md or rules file
  • [ ] Required CI before merge
  • [ ] Security review for auth/payments changes
  • [ ] Document which tools are approved for company code
  • [ ] Incident plan if secrets are pasted into a cloud model
  • [ ] Published Team AI Policy linked from onboarding