Procedure for using artificial intelligence (AI) for employees

1. Introduction

The purpose of this policy is to harness the capabilities of artificial intelligence (AI) tools to improve efficiency in business activities, while ensuring ethical, secure, and compliant use that protects data privacy.

2. Definitions

2.1. “AI System” – A tool or technological system that simulates human intelligence and, for explicit or implied purposes, processes data, draws conclusions, makes decisions, provides predictions and/or recommendations that affect its connected environment and/or people, without pre-programmed decision rules. This includes any platform, tool, or service integrated with artificial intelligence (AI) used by Leket, either locally, in the cloud, or by third parties (e.g., vendors). Examples of AI systems include: (a) Large Language Models (LLMs) (b) Automated decision-making systems (c) AI-powered analytics tools (d) General purpose AI models Examples: ChatGPT, Google Gemini, DALL·E, Midjourney

2.2. “Personal Data” – Any data relating to an identified or identifiable individual; for this purpose, an “identifiable individual” is one who can be identified, directly or indirectly, with reasonable effort, including by name, ID number, biometric data, location data, online identifier, or one or more factors relating to physical, health, economic, social, or cultural identity.

2.3. “Commercial Information” – Any data related to the organization, including its activities (current and/or future), intellectual property, business or technological plans, or any other data about the organization or parties related to it.

2.4. “Organization Data” – Any information, knowledge, or data of any kind, including personal or commercial information.

2.5. “Authorized Use” – Use that has been approved for a specific AI system, according to organizational approval.

2.6. “User Content” – Content that the user inputs into an AI system (e.g., queries or data accessed via API) – input.

2.8. “Machine Content” – Content generated by the AI system in response to user content. This may include text, code, contracts, audio, and more – output.

3. Method

3.1. An employee requiring an AI system to enhance and support their work must first approach their direct manager to justify the need and obtain installation approval. Installation will be allowed only after receiving approval from the responsible VP and signing a statement confirming that the employee has read and understood this policy.

3.2. No AI system may be used on organizational systems or with organizational data unless it has been approved by Leket Israel according to internal procedures.

3.3. AI systems must be used only through an organizational business account, not personal accounts. Use must be limited to business accounts that ensure the model does not train on or retain organizational data and are pre-approved by the organization.

3.4. User content and machine-generated output must be reviewed as outlined below.

4. Limitations of AI

It is important to be aware of the inherent limitations of AI systems and to evaluate machine-generated content and any intended processes accordingly.
For example, an AI-generated response that includes false or misleading information presented as fact is known as a “hallucination”, a common issue where AI systems produce text, images, or other content that is inaccurate, meaningless, or irrelevant in context. This affects reliability and user expectations and presents a key challenge in the maturity of these technologies.
When such systems are used in decision-making processes, errors of this type can have serious consequences, especially since such errors are not always easy to detect in user content.

5. Usage Guidelines

5.1. Do not write, upload, or expose any user content to an AI system that contains personal data (of employees, clients, suppliers, etc.) or confidential/non-public organizational data, unless general or fictional names are used in personal scenarios or examples that cannot be identified from context.

5.2. Use caution and apply human judgment, recognizing that AI tools can be useful but do not replace human discretion or creativity.

5.3. Assume any information submitted to an AI system may become public. Treat all shared data as potentially public, regardless of the tool’s privacy settings or provider assurances.

6. Machine Content

6.1. Check the accuracy of machine-generated content. AI systems may “invent” information or produce inaccurate, false, or partial content. Always verify content against other sources.

6.2. Do not use unapproved AI systems with organizational systems or data. Be aware of malicious chatbots that could pose information security risks.

6.3. Do not use machine-generated content without verifying that it is reliable and does not pose legal or reputational risks to the organization. Extra care must be taken with code scripts, financial calculations, copyright issues, legal references, etc.

7. Negative Incidents

7.1. Do not use machine-generated content without verifying that it is reliable and does not pose legal or reputational risks to the organization. Extra care must be taken with code scripts, financial calculations, copyright issues, legal references, etc.

7.2. In any case of doubt or uncertainty—regarding an incident or use of an AI system—consult with the organization’s Information Security Officer.

I confirm that I have read and understood the AI Usage Policy for employees of the organization, and I agree to comply with it.