These tools are used in a fragmented and unmonitored manner by company employees, often without awareness of the risks and implications. Operating without any integration into official business processes makes it difficult, if not impossible, to have a clear picture of the data being processed, the purposes of use, the associated risks, and the actual potential.

 

According to a recent report by the Capgemini Research Institute, 65% of European companies admit that their employees use AI tools without a clear policy or oversight from the IT department. In Italy, the percentage rises to 72%, highlighting greater vulnerability in managing this phenomenon.

“In a survey, Microsoft found that 75% of workers worldwide use GenIA (generative artificial intelligence) at work and that 78% of users bring their own AI to work (tools not provided or managed by the organization). Our latest research on GenIA revealed that unauthorized use by employees is relatively common. Among the 39% of organizations that have a policy prohibiting or restricting its use, half report that there is still unauthorized use of GenIA in the workplace. Furthermore, our recent research on GenIA for computer engineering reports that 63% of professionals who use GenIA do so without authorization, while only 37% use a licensed tool provided by their organization.” Capgemini Research Institute 2024.”  Capgemini Research Institute 2024

Risks

So what are the risks associated with this unguided use?

• Sensitive data uploaded to external servers, posing risks to privacy, GDPR compliance, and intellectual property;
• Violations of privacy and security regulations (e.g., GDPR, AI Act);
• No visibility, no traceability, and a lack of training;
• Regulatory pressure and potential penalties.

Article 4 of the European AI Act requires providers and users of artificial intelligence systems to “take measures to ensure, to the greatest extent possible, a sufficient level of AI literacy among their staff and other persons involved in the operation and use of AI systems on their behalf, taking into account their technical knowledge, experience, education and training, as well as the context in which the AI systems will be used and the individuals or groups of individuals on whom the AI systems will have an impact.”

 

Here are two important points to pay particular attention to:

• The requirement for AI literacy applies not only to AI system providers but also to users (deployers);
• This specific provision, along with others, has already taken effect as of February 2, 2025.

The innovative potential of implementing AI in business processes is clear. Most users of these tools report that AI improves productivity; therefore, the goal is to regulate, not to ban. Prohibiting the use of generative AI risks stifling internal innovation and competitiveness. The challenge, therefore, is twofold: on the one hand, to mitigate risks; on the other, to harness the transformative and strategic potential of AI through responsible and informed use.

 

Our modular program aims to:

• Create a shared ethical culture around technological innovation;
  
  
• Raise awareness of the social, ethical, and legal risks associated with AI;
  
  
• Meet the compliance requirements of the AI Act regarding AI literacy.

Now, to help us understand your situation and offer you a tailored solution, we invite you to complete our short survey.