Stanford
University Communications

AI guidelines for marketing and communications

Introduction, scope, and definitions

These guidelines establish expectations for the responsible use of artificial intelligence in the marketing and communications functions at Stanford University. They are intended to support flexible, thoughtful experimentation while protecting the university’s interests and ensuring that AI is used in ways that are consistent with Stanford’s values and mission.

These guidelines build on direction from the AI at Stanford Advisory Committee, whose report held that AI should be used to augment human capabilities, not replace them. The committee encouraged experimentation and recommended flexible approaches over rigid policies. This document seeks to mirror that approach: bright-line requirements exist only in limited areas where there are clear legal, intellectual property, ethical, or administrative considerations.

These guidelines complement existing university policy. If there is a conflict between this document and a policy in the Administrative Guide, the Administrative Guide controls. All other portions of these guidelines will continue to apply where there is not a conflict. Please keep in mind that in general, use of AI should not waive or diminish professional, ethical, or legal obligations (“no AI exceptionalism”)—all applicable laws and Stanford policies continue to apply when AI is used. Further, these guidelines are for general guidance and do not constitute legal advice.

Application of guidelines: These guidelines apply to all staff, interns, casual employees, consultants, and contractors who perform marketing or communications work on behalf of Stanford University, regardless of department or school. This includes communicators in schools, institutes, administrative units, and affiliated programs.

Definition of “Artificial Intelligence” and/or “AI”: Within these guidelines, “AI” refers broadly to software systems that generate content (text, images, video, audio, code), analyze data, automate tasks, or make recommendations using machine learning, large language models, or related techniques. This includes, but is not limited to, tools such as ChatGPT, Claude, Gemini, and Copilot. It also includes AI features embedded in existing software (such as grammar tools, presentation assistants, and analytics platforms), as well as custom applications, agents, and automated workflows built using AI models or APIs.

As a general rule, a tool falls within the scope of these guidelines for marketing and communications activities if it generates, predicts, or recommends outputs using a neural network, large language model, or other system trained on data. When in doubt, consult your manager, IT organization, and/or University Communications.

What is not covered in these guidelines: These guidelines address the use of AI in the marketing and communications functional areas. They do not provide guidance on how to use specific AI tools; training resources are available through University IT and University Communications’ training programs.

Finally, the absence of a specific use case in this document should not be read as a prohibition. These guidelines favor flexibility, iteration, responsible experimentation, and continuous growth.

Guiding principles for responsible use

Consistent with the Report of the AI at Stanford Advisory Committee (which is incorporated herein by reference), the following principles should guide all use of AI in marketing and communications work at Stanford. What follows in this section is a summary of the report and colleagues are encouraged to review the full report for further detail.

Human oversight: You must take personal responsibility for any work you produce using AI. This means reviewing outputs for accuracy, ensuring alignment with institutional values, and confirming compliance with these guidelines and university policy. This responsibility cannot be delegated.

Alignment with university values: AI systems should be selected, built, and used in ways that support Stanford’s mission. Applications that conflict with university values—or that create reputational risk—should not be pursued.

Human professionalism: All communicators and marketing professionals should maintain high standards of quality in their work and exercise sound judgment and critical thinking when using AI tools. AI outputs are drafts and starting points, not finished products.

Ethical and safe use: AI should improve university functions. Before deploying an AI system in your work, you should understand what the tool does, how it handles data, and what its limitations are. If you do not fully understand the system, seek guidance from your IT organization or University Communications before proceeding.

Privacy, security, and confidentiality: When AI tools involve personal or sensitive data, you must carefully consider the legality and impact of the application. Some uses of data—such as those involving medical records, privileged information, or student or employee records—require express consent. Uploading such data to a third‑party hosted solution may constitute unauthorized disclosure or result in waiver of legal privilege. Review the university risk classifications to determine the sensitivity of the data you are working with. Do not provide confidential, restricted, or legally privileged information of Stanford or a third party to generative AI tools except within Stanford enterprise solutions explicitly approved to handle that specific class of sensitive data.

Data quality and control: All data used with AI tools should be collected in legal and ethical ways. You should understand and document the provenance of any data you provide to a model. You should also confirm whether the tools you use retain or train on your inputs, including Stanford content such as articles, brand assets, and institutional knowledge.

The AI “golden rule”: As stated in the committee report: “Use or share AI outputs as you would have others use or share AI output with you.”

Readers of these guidelines are strongly encouraged to familiarize themselves with the full content of the committee report.

Data classification and security requirements

Think about how prompts and other inputs are used and stored by the AI tools, and ensure that they meet the appropriate data classification and security requirements. The university’s risk classification framework categorizes data into high-, moderate-, and low-risk tiers. The following requirements apply to all AI use.

High-risk data: use only in explicitly approved environments for such data.
Unless you are working in an environment that has been explicitly approved for high-risk data use, you may not use such data in prompts, as attachments, through an API, or in any other interaction with an AI tool. Examples include protected health information (PHI), student education records, donor information, or employee personnel records. There are no exceptions—high-risk data can only be used in an approved environment that has been approved for that specific category of data. If you are uncertain whether your data qualifies as high-risk, consult the risk classification guide or contact your IT organization.

Moderate-risk data: use in approved environments and with appropriate safeguards.
You may use moderate-risk data with AI tools only when the tool provides appropriate protections for that data. This typically means using university-provisioned tools or tools reviewed and approved by your IT organization for moderate-risk data. Exercise good judgment and document the safeguards in place.

Low-risk data: use with caution and appropriate safeguards.
Low-risk data, such as publicly available information, may be used with AI tools consistent with these guidelines. Even with low-risk data, be mindful of the tool’s data retention (including of your prompts) and training policies.

Protect Stanford content from model training.
Some AI tools retain user inputs and may use them to train or improve their models. Before providing Stanford content to an AI tool—e.g., unpublished articles, brand assets, strategic documents, internal research, or institutional data—confirm that the tool does not use your inputs for training. University-provisioned tools like the AI Playground are configured to prevent this. For other tools, carefully review the provider’s data use and retention policies.

Compliance, intellectual property, and other legal considerations

As a general rule, AI use is not an exception to existing laws or university policies. When using AI for marketing and communications, comply with all applicable laws and Stanford policies governing copyright, trademarks, trade secrets, privacy, confidential information, rights of publicity, and social media. Use AI in ways that are transparent, accurate, and do not mislead.

Adhere to university policies. You must adhere to applicable university policies, including the University Code of Conduct, Information Security, and Privacy Policies when using AI technologies. You may not use AI tools to promote for-profit organizations, engage in commercial activities, or provide explicit or implicit commercial endorsements. Similarly, consistent with Administrative Guide 1.5.1, you may not use AI to advocate on behalf of Stanford for any political position or political party.

Review the terms of use. Before using any AI tool that isn’t already approved as a University IT enterprise service or vetted through Stanford Procurement, review its Terms of Use and consult Procurement/OGC as needed. Do not proceed if the terms allow marketing use of your or Stanford’s name/marks (prohibited by Administrative Guide 1.5.4), permit training or “product improvement” on Stanford inputs, outputs, or metadata, or lack clear subprocessor disclosure and commitments on data retention, deletion (including backups). If any appear, route to Procurement for negotiation or use an approved alternative.

Prompts, inputs, and data handling. Use only AI tools approved for the content and data you plan to upload and use (see the section regarding classification and security requirements).

Respect intellectual property. Respect copyright, trademark, and other intellectual property rights. Do not use AI to reproduce or closely imitate protected works, logos, brands, or distinctive creative styles in ways that could infringe the rights of others.

Obtain written permission before using an individual’s name, image, voice, or likeness (including realistic or recognizable AI-generated depictions or imitations) in published content. Do not create content that depicts, impersonates, or closely resembles a real person (including public figures, students, employees, donors, or alumni) without appropriate authorization and required clearances.

Clearly identify AI-generated or AI-manipulated content (e.g., images, audio, or video) when omission could mislead audiences about what is real. Do not create or publish AI-generated content that falsely depicts Stanford people, events, research, facilities, or achievements. Make sure you comply with applicable law and platform policies regarding synthetic media.

Copyrightability of AI outputs. Be mindful that AI-generated content may have uncertain copyright status and may not be exclusively owned by Stanford. Consult OGC if ownership, licensing, commercialization, or other significant rights issues are important to the project.

Prompts and outputs are discoverable. Treat prompts and AI outputs as records that may be discoverable or subpoenaed, just like your emails. Consult with OGC before using AI for matters involving actual or anticipated litigation, regulatory inquiries, or privileged legal analyses.

Tool selection and evaluation

Use the tool that best serves your work while protecting the university’s data and interests. The guidance below will help you make that determination.

Start with university-provisioned tools. The UIT AI Playground provides access to a range of large language models in an environment configured to protect Stanford data. Files uploaded to the Playground are not shared externally or used to train models. For most common tasks—drafting, research, brainstorming, editing, summarization—the AI Playground is the lowest-risk starting point and is strongly recommended.

Using other tools: You may need capabilities beyond what the AI Playground currently offers. Stanford maintains a GenAI tool matrix comparing approved options and their suitability for different data types. Other AI tools may be used, provided you first verify and understand the following:

CriterionWhat to verify
Data retentionDoes the provider retain your inputs? For how long? Can you opt out of retention?
Training on inputsDoes the provider use your inputs to train or improve its models? Is there an enterprise or professional tier that prevents this?
Terms of use

Do the terms grant the provider rights to use Stanford’s name or your content in its marketing (not permitted under Administrative Guide 1.5.4)?

Do the terms grant broad licenses over user input, content, or outputs?

Security postureDoes the provider offer encryption in transit and at rest? Does it maintain relevant security certifications (SOC 2, ISO 27001, or equivalent)?
Data classificationIs the tool appropriate for the sensitivity of data you intend to use? (See Data classification and security requirements above.)

If you cannot verify these criteria, do not use the tool with Stanford data at any risk level. To the greatest extent practical, you should be evaluating such tools in partnership with your local IT team or with University IT.

Building applications and custom tools

AI platforms increasingly allow communicators to build their own tools: custom applications, dashboards, chatbots, and prototypes. This kind of experimentation is encouraged; however, building tools introduces considerations beyond standard AI use.

Consult with your IT organization: Before deploying any custom AI-powered tool, whether for internal use or for an external audience, consult with your local IT department or, for units within External Relations, with Business Technology Services (BTS). Your IT partners can help evaluate data handling, security, and integration requirements.

Data handling in custom builds: The data classification and security requirements in these guidelines apply to any tool you build, not just to prompts you type. If your application ingests, processes, or surfaces Stanford data, the same considerations apply. Pay particular attention to what data is sent to external APIs and whether those APIs retain or train on that data.

Distinguish prototypes from production tools: There is an important difference between a prototype you are testing internally and a tool that will be used by others, or that interacts with external audiences. Prototypes developed for your own use or for evaluation by your immediate team carry lower risk. Tools intended for broader use—especially those that are public facing or that handle institutional data—should be developed in partnership with your IT organization and reviewed for security, accessibility, maintainability, and compliance before deployment.

Audience-facing applications: Applications that present AI-generated content directly to external audiences (such as chatbots, search agents, or recommendation tools) should be approved by your unit’s head of marketing and/or communications, and should be developed in close coordination with your IT organization. These tools carry reputational risk and must include appropriate controls, human oversight, and clear disclosure to users that AI is involved.

Agents and automated workflows

AI agents and automated workflows differ from standard interactions with a language model. Rather than typing a prompt and reviewing a response, an agent or automated workflow can take actions on your behalf: monitoring feeds, generating and scheduling content, sending alerts, updating databases, or executing multi-step processes with limited or no real-time human review. Stanford’s Information Security Office has published specific guidance on agentic AI that applies to these use cases.

The following principles apply to the use of agents or automation processes:

Close collaboration with your IT organization: Any agent or automated workflow that operates in a Stanford environment should be developed and maintained in direct collaboration with your local IT team. This includes agents that monitor data sources (e.g., a daily news digest), execute scheduled tasks (such as data retrieval), or interact with Stanford systems.

Human oversight scales with stakes: The degree of human oversight required should be proportional to the consequences of the action. An agent that, for example, flags potential stories for editorial review carries lower risk than one that publishes content to a Stanford website. For any automated workflow that takes an action visible to an external audience—publishing, sending, posting—a human must review and approve each action before it is executed.

Logging and auditability: Automated workflows should maintain logs sufficient to understand what actions were taken, when, and on the basis of what inputs. This is important for both troubleshooting and accountability.

Scope limitation: Design agents with the narrowest scope of authority necessary to accomplish the task. An agent built to monitor academic publications, for example, should not also have the ability to post content or modify data in other systems.

Disclosure and transparency

Transparency about the role of AI in our work supports trust with colleagues, with leadership, and with the audiences we serve.

Internal disclosure
When AI tools play a material role in producing a work product—e.g., written content, research, data analysis, visual media, or strategic recommendations—disclose that use to the relevant editor, supervisor, or decision-maker. This is not a bureaucratic requirement; it is about maintaining trust and shared awareness within teams. A brief note is sufficient (e.g., “Research for this analysis was supported by [name of tool]”).

For institutional statements—including statements from the president, provost, or vice presidents—any use of AI in the drafting process must be disclosed to the vice president for university communications.

External disclosure
When Stanford publishes content that was materially supported by AI, we should be transparent with our audiences. “Material support” is a matter of professional judgment and responsibility, to be determined by the communicator supervising the AI tool. The appropriate form of disclosure depends on the context:

  • Published content (articles, reports, web pages): Include a brief disclosure note, typically at the end of the piece, describing the role AI played. Example: “This article was supported by research using [tool name]. All outputs were reviewed by humans and the final expression was produced by the authors.”
  • AI-generated images or media: Credit the AI tool in the appropriate credit line, as you would credit any other production tool.
  • Audience-facing AI applications (chatbots, search tools, recommendation engines): Clearly inform users that they are interacting with an AI-powered tool.

External disclosure is not required for routine uses of AI such as grammar checking, transcription, or internal brainstorming.

Standard of care for AI use cases

Rather than enumerating every possible use case, these guidelines organize activities by the level of care they require. All activities must conform to the principles, data requirements, and compliance standards above. The guidance below helps you calibrate the degree of review and oversight appropriate to your situation.

Activities requiring ordinary care
These are activities where AI supports your thinking and efficiency, the data involved is low risk, and you review the outputs before they are used. No additional approval or additional care is required beyond your own professional judgment. Examples include, but are not limited to:

  • Brainstorming, outlining, and drafting content
  • Editing for grammar, style, clarity, and consistency
  • Research and summarization of publicly available information
  • Preparing presentations or internal documents
  • Generating initial drafts of social media posts for editorial review
  • Transcribing interviews or events (with appropriate data handling)
  • Analyzing publicly available data or performance metrics

In all cases, you are responsible for the accuracy and quality of the final product.

Activities requiring a higher level of care
These activities involve higher visibility, greater institutional sensitivity, or the use of moderate-risk data. They require additional judgment, disclosure, and in some cases consultation with colleagues or supervisors. Examples include, but are not limited to:

  • Use: Drafting content for publication under Stanford’s name, including Stanford Report articles, press releases, and institutional web content.
    • Care required: Disclose AI use to the relevant editor or manager.
  • Use: Using AI to generate or substantially enhance images or video for public use.
    • Care required: Ensure compliance with intellectual property guidelines and credit the tool.
  • Use: Using AI to analyze or summarize moderate-risk data, such as aggregated survey results or internal performance data.
    • Care required: Use university-provisioned tools or tools vetted by your IT organization.
  • Use: Using AI-generated content for paid media or advertising.
    • Care required: Confirm compliance with intellectual property guidelines and platform terms of service.
  • Use: Monitoring and summarizing social media sentiment.
    • Care required: Validate output against a representative sample of underlying data.

Activities requiring the highest level of care
These activities could carry significant reputational, legal, or regulatory consequences. They require explicit approval and/or close collaboration with relevant stakeholders. Examples include:

  • Use: Drafting or contributing to institutional statements from senior university leaders.
    • Care required: Disclose AI use to the Vice President for University Communications.
  • Use: Deploying AI-powered tools that interact directly with external audiences, such as chatbots, search agents, or recommendation engines.
    • Care required: Approval from your unit head of marketing and/or communications and collaboration with your IT organization.
  • Use: Building and deploying automated workflows that take actions visible to external audiences, such as publishing or sending content.
    • Care required: Human approval of each action and collaboration with your IT organization.
  • Use: Using AI to segment audiences and deliver personalized content at scale.
    • Care required: Ensure compliance with privacy policies, platform terms, and anti‑discrimination requirements; consult OGC/Privacy Office if you have questions.
  • Use: Any application involving the creation of synthetic media depicting real individuals.
    • Care required: Not permitted without explicit consent; see Compliance and Intellectual Property above.

Specific guidelines for Stanford Report content

AI tools may be used to support the production of content for publication in Stanford Report. The following uses are permitted and do not require prior editorial consultation, provided that the author discloses AI use to the receiving editors in University Communications:

  • Post-production enhancement of images, including optimizing image quality and retouching minor sections.
    • Generated images will be accepted at the discretion of the editorial team. The organization submitting the image to Stanford Report remains responsible for securing any necessary rights. University Communications is not responsible for ascertaining the status of such images and accepts no liability arising from their publication.
  • Translation and captioning of accompanying video and motion assets. All captions must be reviewed by a human for accuracy.
  • Research and summarization of publicly available information related to the subject of the content.
  • Drafting portions of written editorial content, including brainstorming questions for interviews, proposing article outlines, analyzing data for use in stories, and suggesting refinements to narrative structure for clarity or consistency.
  • Capturing and transcribing interview notes.
  • Preliminary editing to reduce grammatical, spelling, or other typographical errors.

In all cases, the author—not the AI—is responsible for the accuracy and quality of any content, images, or research submitted. Editors involved in the review of material prior to submission must adhere to the same standards.

Applications of AI in editorial production are evolving rapidly, and useful applications may emerge beyond what is listed above. In those cases, consult with the editors of Stanford Report prior to submission.

Compliance with these guidelines does not guarantee placement. All other editorial standards and content considerations remain in effect. University Communications exercises discretion in determining which content appears in Stanford Report. This process involves rigorous editorial review during which a variety of factors are carefully considered.

Continuous learning and evaluation

AI capabilities are changing rapidly. University Communications will review and update these guidelines on a regular basis. Between updates, the following practices will help ensure that AI use remains responsible and effective.

Stay current: Regularly review the AI tools you are using to ensure they continue to meet these guidelines and your professional needs. Pay attention to changes in providers’ terms of use, data handling practices, and capabilities.

Talk with your team: All employees communicating on behalf of Stanford are encouraged to discuss their AI practices with colleagues and, where appropriate, supervisors. Open conversation builds shared understanding, surfaces concerns early, and helps teams develop practices suited to their context.

Contribute to shared learning: As you develop effective practices, share them with your colleagues and with University Communications. This contributes to a growing body of institutional knowledge that benefits communicators across campus.

Report concerns: If you encounter an AI-related issue—a tool that behaves unexpectedly, a potential data exposure, a question about whether a use case is appropriate—raise it with your supervisor and with your local IT team. Early reporting helps the university respond effectively and refine its guidance.

Concluding remarks

These guidelines are intended to enable experimentation, protect the university’s interests, and keep human judgment at the center of our work.

The scope of application will continue to evolve. While we will keep these guidelines current through regular review, new situations will arise that are not addressed here. When they do, apply the guiding principles in this document, exercise your professional judgment, and consult with colleagues or University Communications as needed.

These guidelines were developed by University Communications in collaboration and consultation with colleagues from University IT, the Graduate School of Education, the School of Engineering, the Office of Development, the Graduate School of Business, the Stanford Institute for Human-Centered Artificial Intelligence, and Business Technology Services. The designated point of contact is John Stafford, assistant vice president for marketing and digital strategy. Please contact John with any questions, concerns, or suggestions.

Consistent with these guidelines, this document was supported by research using Anthropic Claude. All outputs were reviewed by humans and the final expression was produced by the authors.