How do AI biases affect ESG indicators?

Biases in AI systems used for recruitment, performance evaluation or customer service can generate unintended discrimination that directly impacts the S indicators for diversity and inclusion. If the AI system lacks human oversight, the company has a governance problem that affects the G indicator.

Which ESG reporting frameworks already include AI governance?

GRI, SASB and the European ESRS are incorporating AI governance as an element of the G dimension. Specifically: transparency around AI systems used in processes that affect people, human oversight mechanisms and decision criteria for adopting new tools.

Do I need to include how my suppliers use AI in my ESG policy?

The AI Act establishes responsibilities for organizations that deploy high-risk systems, even if they did not develop them. The most practical step is to include AI governance questions in supplier assessment questionnaires and ESG due diligence processes.

AI usage policy for your company:
How to build it from within

An AI policy that no one reads is paper. A policy that the team co-constructs becomes a criteria. Ethiceye helps companies build the second.

The difference between a policy that is archived and one that is used

Generic policy (the one that doesn't work)

The legal wording and the download by email

No one knows what he says exactly

Filed when a new tool appears

Covers the file

Generates resistance (They control us)

Politics co-constructed with Ethiceye

It is built by the team in 5 sessions

Each person can explain it with their words

It has an integrated update protocol

Change how decisions are made

Generates property (We decided this)

What does your policy have at the end of the process?

Inventory of approved tools

What does it answer?

What can we use?

concrete example

ChatGPT Enterprise with DPA: Yes.
ChatGPT Plus Personal: Only for internal drafts without customer data.

Data classification

What does it answer?

With what data?

concrete example

Customer data Individuals: Prohibited in external tools without DPA.
Non-personal internal data: Approved.

Use Cases by Role

What does it answer?

For what and who?

concrete example

Marketing can use AI for drafts. HR cannot use IA to filter CVS without human supervision.

Approval Protocol

What does it answer?

How is something new approved?

concrete example

Application to IT → Evaluation in 5 days → Approval or proposed alternative.

human supervision

What does it answer?

Who is reviewing?

concrete example

No AI-generated content for clients is published without human review.

Update

What does it answer?

When is it reviewed?

concrete example

Semi-annual review. Automatic when there is relevant regulatory change (AI Act, GDPR).

Frequently Asked Questions

How to create an AI usage policy for my company?

An effective AI usage policy requires three previous steps: Inventory of which AI tools use the equipment, data classification by sensitivity, and map of current uses. Without that diagnosis, any policy will be generic and not used. The Ethiceye process builds the policy with the team, not for the team.

How long does it take to create an AI policy for a company?

The initial diagnosis can be made in 1–2 weeks. A complete operational policy, in another 3–4 weeks. The time depends on the size of the equipment and the complexity of the use of AI in the organization.

What differentiates an AI policy from a compliance document?

A Compliance Policy is written by the Legal Department and is published. A criteria policy is co-constructed with the team, part of the existing values and generates criteria that the team uses autonomously. The difference is in whether the team can explain politics in their own words.

Doesn't your company still have AI policy?

Every week that passes, your team makes AI decisions without criteria. Building it takes 5 weeks. Call to start, 30 minutes.

AI usage policy for your company: How to build it from within

The difference between a policy that is archived and one that is used

What does your policy have at the end of the process?

Frequently Asked Questions

Doesn't your company still have AI policy?

AI usage policy for your company:
How to build it from within