1.0 Purpose & Scope
This policy defines the responsible, ethical, and effective use of Artificial Intelligence (AI) across the Lean Ireland (www.LeanIreland.ie) consulting practice. It ensures full compliance with the EU Artificial Intelligence Act (Regulation 2024/1689) and data protection laws.
This policy applies to all employees, contractors, and associates. It covers all generative AI, analytics, automation tools, and any AI systems we deploy or recommend within client engagements.
2.0 Guiding Principles
- Human-in-the-Loop: AI augments professional judgement; it never replaces it. Every AI-assisted client deliverable must be reviewed, validated, and approved by a qualified team member. AI recommends; a human decides.
- Accuracy First: AI outputs can be plausible but incorrect. We strictly verify facts, calculations, code, and supply chain models before sharing them with clients.
- Absolute Confidentiality: We use paid enterprise versions of AI applications (primarily MS Copilot) to analyse client information, ensuring data is never used to train public models.
3.0 EU AI Act Risk Classification
Before adopting any AI tool or recommending it to a client, we assess its risk tier under the EU AI Act framework:
| Risk Level | Description | Our Policy |
| Unacceptable | Manipulative, social scoring, or biometric harvesting systems. | Strictly prohibited. We never use, deploy, or recommend these. |
| High-Risk | AI used in critical infrastructure, recruitment, or safety components. | Requires MD approval, conformity assessments, and legal review. |
| Limited / Minimal | General productivity, chatbots, research aids, and data drafting. | Permitted under the guidelines of this policy. |
Supply Chain & operations note: When Lean Ireland work involves deploying or recommending AI within client supply chains or operations, we must actively audit whether high-risk obligations apply.
4.0 Acceptable & Prohibited Uses
4.1 Approved Activities
AI tools may be used to accelerate research, draft initial reports/proposals, support process mapping, identify data patterns, and generate preliminary automation scripts.
4.2 Prohibited Activities
- Entering client-confidential or personal data into free-tier/public AI tools.
- Passing off purely AI-generated content as original human work when there is an expectation of human authorship.
- Using AI to fabricate data, references, or case studies.
- Relying on AI for final decisions in safety-critical or legally binding contexts.
5.0 Data Protection, Transparency & Intellectual Property
5.1 Data Safety Chain
Staff must classify data before inputting it into any system:
- Public info? Okay to proceed.
- Internal info (no client data)? Use approved enterprise-level tools only.
- Client data? Stop. Only use tools explicitly approved in our internal Register and authorized in the client’s project charter.
5.2 Disclosure & Content Labelling
- Client Openness: If AI plays a substantial role in generating client analysis or recommendations, we disclose it openly on reports and presentations.
- Synthetic Media: Any AI-generated images, video, or audio must be clearly labelled as artificially generated. We strictly prohibit creating deepfakes of real individuals.
5.3 Intellectual Property
AI-generated content lacks certain copyright protections. To protect our firm and our clients, ensure significant human contribution and transformation are applied to all final deliverables.
6.0 Training, Compliance & Review
- Training: All staff must complete AI awareness and EU AI Act training annually.
- Enforcement: Policy violations face disciplinary action. Non-compliance with the EU AI Act’s prohibited practices can carry severe regulatory fines (up to €35 million or 7% of global turnover).
- Review Cycle: This policy is reviewed annually. It will next be updated prior to 2 August 2026 to align with the European Commission’s enforcement framework for general-purpose AI models.