Red X iconGreen tick iconYellow tick icon
Skip to main content
Category Information Technology
Type Policy
Approved by Council, 10 March 2026
Date Policy Takes Effect 10 March 2026
Last approved revision 
Sponsor Chancellor
Responsible officer Vice-Chancellor
Review Date 1 July 2026

Purpose

This policy establishes the governance framework for the responsible, ethical, and effective oversight of Artificial Intelligence (AI) across the University. It ensures AI technologies are utilised in alignment with the University’s strategic objectives, values, and legal obligations, and that risks and opportunities are managed transparently and accountably.

Organisational scope

This policy applies to all AI -related activities within the University, including development, deployment, procurement, and use of AI systems. It covers all staff, contractors, researchers, and third-party partners acting on behalf of the University, regardless of funding source, technology ownership, or work location.

Definitions

Artificial Intelligence (AI) Systems
Any technology or tool that uses data to make inferences and generate outputs such as predictions, recommendations, decisions, or content (text, images, video, code) with a degree of autonomy. This includes machine learning models, generative AI tools, predictive analytics systems, neural networks, natural language processing designed to enhance efficiency, decision making and automation and chatbots that generate their own responses.
Generative AI
A type of AI that creates new content, including text, images, videos, and code, by learning from large amounts of data and generating responses to user prompts. Examples include Chat GPT, Claude, Microsoft Copilot, and similar tools.
Māori Data Sovereignty
Refers to the inherent rights and interests that Māori have in relation to the collection, ownership, and application of Māori data (further guidance is available from Te Mana Raraunga).
Advanced Technology Reference Group (ATRG)
A University committee advising the University Senior Leadership Team (SLT) about Advanced Technology, including AI and is responsible for monitoring future and current advanced technologies that impact the University's vision and mission.

Content

  1. AI Governance statement

    1. Ōtākou Whakaihu Waka | University of Otago affirms its commitment to the responsible, ethical, and effective governance of Artificial Intelligence (AI) across all University activities. The University will ensure that the adoption and use of AI systems aligns with its Vision 2040 and Pae Tata: Strategic Plan to 2030, upholds Te Tiriti o Waitangi obligations, protects data sovereignty, and maintains the highest standards of integrity, transparency, and accountability.
    2. The University recognises that AI technologies present significant opportunities to advance its mission, enhance operational excellence, and support innovation in research, teaching, and service delivery. At the same time, the University acknowledges the inherent risks associated with AI – including those related to accuracy, bias, privacy, security, and cultural appropriateness – and is committed to robust governance, oversight, and risk management to ensure these are identified, assessed, and managed in the best interests of the University and its stakeholders.
    3. The University acknowledges that AI technologies and their associated governance requirements are rapidly evolving; therefore, this policy, other university AI policies and frameworks as well as the roles and responsibilities of governance committees must remain flexible and agile, with monitoring, reporting, and review processes designed to adapt promptly to emerging risks, opportunities, regulatory and best practice changes.

  2. Principles for AI Governance

    1. AI procurement must support the University’s strategic objectives. AI should be harnessed to drive innovation, operational excellence, and research advancement.
    2. AI use must respect Aotearoa | New Zealand's unique cultural context, Te Ao Māori principles (rangatiratanga, kaitiakitanga, manaakitanga), and Pacific values of relationality and collective wellbeing.
    3. AI risks (privacy, bias, accuracy, security, legal, reputational) must be managed using best-practice frameworks. AI use must comply with data protection, privacy, and Māori/Pacific data sovereignty requirements
    4. AI governance practices must be regularly reviewed and updated to reflect technological and regulatory changes. Council and Council committee members must maintain AI literacy and receive ongoing training.
    5. AI governance is integrated into existing Council committee structures, with clear roles and responsibilities.
    6. AI adoption must consider staff impact and support capability development.
    7. AI practices must be transparent, explainable, and communicated clearly to stakeholders.
    8. The University recognises the environmental impact of AI systems.

  3. Governance Structure

    1. The University Council holds ultimate responsibility for AI governance, ensuring alignment with Vision 2040, Pae Tata, Te Tiriti o Waitangi obligations, and institutional values. Under this policy, the Council delegates oversight of AI governance to four key committees.
    2. The Audit and Risk Committee will be responsible for:
      1. Reviewing and monitoring AI risk management frameworks, including material institutional risks related to AI .
      2. Overseeing compliance with laws, regulations, and University policies governing AI use.
      3. Ensuring appropriate internal and external audit coverage of AI systems and processes.
      4. Coordinating with other committees to avoid duplication and ensure comprehensive oversight.
    3. The Digital Technologies Committee will be responsible for:
      1. Providing governance oversight of the University’s adoption and use of Artificial Intelligence (AI) technologies and ensuring alignment with strategic objectives and values.
      2. Monitoring the ethical and responsible use of AI , providing oversight of AI risks and ensuring compliance with this policy and applicable legislation.
      3. Reviewing AI strategy and making recommendations to Council as required for its adoption.
      4. Receiving updates, as required on compliance with legislation and all applicable areas including privacy, cyber security, data governance and AI, from the convenor of Audit and Risk Committee.
      5. Reviewing and endorsing for Council governance policies and frameworks related to AI
      6. Receiving reports on the progress, risks, and benefits of AI-related projects and programmes.
    4. Senate will be responsible for:
      1. Advising and making recommendations to Council on academic matters relating to AI.
      2. Advising University leaders (including, but not limited to, the Senior Leadership Team) on the impact of AI , and potential decisions relating to AI, on the University’s academic endeavours, student success, and the ability of academic staff to succeed in their roles.
      3. Ensuring appropriate monitoring of the impact of AI and AI policies on the academic functions of the University.
    5. The Advanced Technologies Reference Group will be responsible for:
      1. Advising the Vice-Chancellor and Senior Leadership Team on advanced technologies, including AI, and their implications for the University.
      2. Supporting and providing reports to the DTC to enable it to fulfil its roles and responsibilities.
      3. Monitoring current and emerging technologies and providing direction to ensure their adoption is ethical, equitable, and cost-effective.
      4. Identifying and removing barriers to advanced technology use, ensuring the University has the resources and capability to deliver a coherent, institution-wide strategy.

  4. Risk Management and Compliance

    1. AI activities must comply with relevant laws, University policies, and sector good practice guidelines.
    2. Before using any AI system on confidential or restricted information, that system or tool must undergo risk assessment and follow approval pathways appropriate to the risk level.
    3. AI use on confidential or restricted data requires the approval of the Chief Digital Officer.
    4. AI has the potential to introduce unique cybersecurity risks, including data breaches, malicious manipulation and unathorised access. The University will apply a robust risk assessment and approvals pathway which will take into consideration matters such as; integration with the university’s Cyber Security framework, prevention and detection mechanisms and continuous monitoring for vulnerabilities, misuse and emerging threats.
    5. Audit plans and compliance reviews will take into consideration AI use, with findings reported to ARC and DTC.

  5. Ethical and Responsible AI Use

    1. The University is committed to the responsible, ethical and effective use of AI.
    2. AI systems must be used to augment human capability, with human judgment and oversight remaining central. Staff are accountable for all AI-assisted work products and decisions as well as compliance with the University’s AI policies and procedures e.g. Use of AI Systems Policy and Procedures.
    3. AI system use must be inclusive, accessible, and designed to avoid unfair discrimination or bias. AI use must respect cultural, ethical, and environmental responsibilities, including Te Ao Māori principles and sustainability targets.

  6. Training and Awareness

    1. AI literacy is required for all staff and Council members involved in AI governance. Ongoing training and resources will be provided to Council, Council committee members, and staff on AI technologies, risks, and ethical considerations.

  7. Monitoring and Reporting

    1. Reports on AI governance activities, risks, incidents, and outcomes will go to the appropriate Committees depending on relevant Terms of Reference.
    2. The Council, through DTC will review AI strategy, strategic roadmap and ethical considerations annually.
    3. Transparency in reporting to stakeholders is required, including public disclosure of key governance practices and audit outcomes.

Related policies, procedures and forms

Contact for further information

If you have any queries regarding the content of this policy, procedure, or guideline, or need further clarification, contact:

Steven Turnbull
Chief Digital Officer
Email cdo@otago.ac.nz

Back to top