University of Chicago

Approved and Restricted AI Tools If a proposed tool or use case isn't listed on this table, the next step depends on whether the tool requires payment for use. For paid tools, individuals should submit a request through the Service Now Procurement Intake. For free tools, if a researcher or staff member intends to use a generative AI tool with sensitive data, or in research contexts, please complete the Generative AI Tool Evaluation Form.

Source language

English (en)

Snapshot hash

40aaab755c6a42cb281ae2185d50afff3f295b722cb2c63741531ad7015457ef

Evidence locator

Page header and instructions

The use of confidential data with publicly available generative AI tools is prohibited without prior security and privacy review. This includes personally identifiable employee data, FERPA-covered student data, HIPAA-covered patient data, and may include research that is not yet publicly available.

Source language

English (en)

Snapshot hash

764b5baf5e211016e662d1fbfdd423d7b5e20301534b7720da12a35b146df51f

Evidence locator

Guideline 1: Protection of University Data

Generative AI systems, applications, and software products that process, analyze, or move confidential data require a security review before they are acquired, even if the software is free.

Source language

English (en)

Snapshot hash

764b5baf5e211016e662d1fbfdd423d7b5e20301534b7720da12a35b146df51f

Evidence locator

Guideline 4: Procuring and Acquiring Generative AI Tools

Data Use Restrictions: Use of University data by vendors to train or improve their models is not permitted.

Source language

English (en)

Snapshot hash

764b5baf5e211016e662d1fbfdd423d7b5e20301534b7720da12a35b146df51f

Evidence locator

FAQ: Review criteria for Generative AI tools

Confidential data, sensitive data, or restricted data should not be used with generative AI tools unless the tool and the use have been reviewed and approved through the appropriate University process.

Source language

English (en)

Snapshot hash

2c80278c2e993a2d7e9eb8a044de11118518edf0e16872ba87b893a915d6ed17

Evidence locator

General Guidelines

Please note: even when a tool is listed as approved, it is not risk-free. Approval simply means the tool can be used under specific conditions, but not that all data is safe to enter. Users are still responsible for evaluating the sensitivity of their data, understanding vendor limitations, and ensuring that confidential, regulated, or contract-restricted information is not shared with AI tools unless explicitly allowed.

Source language

English (en)

Snapshot hash

40aaab755c6a42cb281ae2185d50afff3f295b722cb2c63741531ad7015457ef

Evidence locator

Disclaimer paragraph

PhoenixAI | See PhoenixAI Service Usage Guidelines | General Use | Enterprise-supported | Can be used for sensitive information with IRB approval. | June 30, 2025

Source language

English (en)

Snapshot hash

40aaab755c6a42cb281ae2185d50afff3f295b722cb2c63741531ad7015457ef

Evidence locator

Tools table: PhoenixAI row

ChatGPT 3.5 | Approved for data that is made publicly available by its source. | General Use | Free | Only for non-sensitive information | January 17, 2025 ChatGPT 4.0 | Approved for data that is made publicly available by its source. | General Use | Free | Only for non-sensitive information | January 17, 2025

Source language

English (en)

Snapshot hash

40aaab755c6a42cb281ae2185d50afff3f295b722cb2c63741531ad7015457ef

Evidence locator

Tools table: ChatGPT rows

AI-generated content may be misleading or inaccurate. Generative AI technology may create citations to content that does not exist. Responses from generative AI tools may contain content and materials from other authors and may be copyrighted. It is the responsibility of the tool user to review the accuracy and ownership of any AI-generated content.

Source language

English (en)

Snapshot hash

764b5baf5e211016e662d1fbfdd423d7b5e20301534b7720da12a35b146df51f

Evidence locator

Guideline 2: Responsibility for Content Accuracy and Ownership

Getting an exception through a Risk Acceptance Letter (RAL): If the proposed use is not prohibited by compliance regulations but exceeds standard risk tolerance, and the requester still wishes to proceed with the purchase, the request is escalated to senior leadership—the Chief Information Security Officer (CISO) and Chief Technology Officer (CTO), and the Chief Privacy Officer (CPO)—for guidance.

Source language

English (en)

Snapshot hash

764b5baf5e211016e662d1fbfdd423d7b5e20301534b7720da12a35b146df51f

Evidence locator

FAQ: What happens if a Generative AI tool does not meet University standards?

Generative artificial intelligence (AI) is a quickly evolving technology that offers capabilities to enhance teaching and learning, research, and administrative work at the University of Chicago. We want to provide the UChicago community with information on the latest tools integrating generative AI, as well as training, resources, and guidance.

Source language

English (en)

Snapshot hash

70fc1f89d7a4335ed37f5837642b63ddac7801408fe0a7bbf681139400111668

Evidence locator

Opening paragraph

Business Conduct Policy: Staff must act with honesty and integrity, safeguard confidential information, and prevent unauthorized disclosures. Prohibits recording conversations without consent. AI transcription/assistant tools may not be used to secretly record or join meetings.

Source language

English (en)

Snapshot hash

2c80278c2e993a2d7e9eb8a044de11118518edf0e16872ba87b893a915d6ed17

Evidence locator

Policy Crosswalk: Business Conduct Policy

Policy on Harassment, Discrimination, and Sexual Misconduct: Prohibits unlawful harassment, discrimination, and sexual misconduct. AI tools may not be used to generate harassing, discriminatory, or otherwise unlawful content. This includes the use of AI to create or alter images, audio, and videos.

Source language

English (en)

Snapshot hash

2c80278c2e993a2d7e9eb8a044de11118518edf0e16872ba87b893a915d6ed17

Evidence locator

Policy Crosswalk: Policy on Harassment, Discrimination, and Sexual Misconduct

Entering sensitive data into AI tools without review and approval by security, privacy, and the appropriate data steward may create an unauthorized data disclosure. Such disclosures may violate University policy, federal and state law, sponsor or contract obligations, and data use agreements.

Source language

English (en)

Snapshot hash

2c80278c2e993a2d7e9eb8a044de11118518edf0e16872ba87b893a915d6ed17

Evidence locator

Footer warning