AI Fundamentals: What Every Employee Needs to Know
Module 1 — Responsible AI at Work | Foundation course for all employees — required before any AI tool access
Generative AI is already in your organization. Employees are using it to draft emails, summarize documents, generate images, and write code. Many are using it without thinking about whether they should — because the tool is fast, the output looks good, and nothing about the experience signals risk.
That is the gap this module addresses. Before an employee opens ChatGPT, Copilot, Gemini, or any other AI tool to complete a work task, they need to understand three things: how these tools actually handle the data they receive, what the boundaries of acceptable use look like, and who is accountable when the output is wrong.
What This Module Covers
Risks This Module Addresses
- Employees entering confidential data into public AI tools without recognizing the exposure
- AI-generated content submitted as accurate without verification
- No shared framework for what is and is not acceptable AI use across the organization
- Employees unaware that AI use carries regulatory obligations under the EU AI Act, UK AI Principles, and US NIST
- AI governance policy exists on paper, but employees lack the judgment to apply it in real situations
The Three Pillars — Introduced Here, Applied Throughout the Series
| Privacy | Accountability | Transparency |
|---|---|---|
| If it’s confidential, it stays off public AI. | You are the pilot. | We do not deceive. |
| No exceptions. | AI supports your work. It never replaces your judgment. | If a machine made it, we label it. |
Each subsequent module applies one pillar in depth through workplace scenarios and decision-making practice. Regulatory alignment — EU AI Act, UK AI Principles, and US NIST — is woven into each pillar so employees understand that responsible AI use is a compliance obligation, not a suggestion.
Course Scenarios — Privacy and Data Exposure
Module 1 addresses the most common AI privacy mistake employees make — entering confidential information into a public tool because prompting doesn’t feel like publishing. The following course scenario is representative of the decision-making situations employees encounter in the course.
📽 From the Course — Scenario: Data Privacy and AI Prompts
Sarah and David — The Strategy Meeting Summary
Sarah wants to paste the transcript from a quarterly strategy meeting — ten pages covering the company’s unreleased product roadmap and Q3 financial targets — into ChatGPT to generate a bulleted summary.
David’s response: “If you paste that into a public AI tool, you are essentially publishing our trade secrets to the world. That violates our data privacy policy and could breach GDPR if client names are mentioned.”
Sarah didn’t think of it as ‘publishing.’ That is exactly the problem — and the reason this training exists.
▶ This is one of 3 decision scenarios employees work through in Module 1.
Pasting a confidential document into a public AI tool feels like a shortcut to productivity. It acts like a disclosure. The training closes that perception gap before it becomes a data breach.
Course Framework — Allowed / Restricted / Prohibited
The course gives every employee a practical three-tier decision framework to apply before using any AI tool at work. This framework is introduced in Module 1 and referenced throughout the series.
| ✓ Allowed | ⚠ Restricted | ✗ Prohibited |
|---|---|---|
| Rewriting general, non-confidential text | Editing or summarizing legal or regulatory documents | Uploading customer or employee data |
| Drafting non-sensitive emails | Drafting HR policies | Entering financial records |
| Improving grammar and tone | Analyzing internal financial data | Drafting or reviewing contracts |
| Creating generic project plans | AI for customer-facing communications | Inputting proprietary code |
| Summarizing publicly available content | Creating marketing claims | AI-driven hiring, firing, or compensation decisions |
Course Assessment — Knowledge Checks Throughout
Each module tests employee understanding through scenario-based knowledge checks that require applying the framework — not just recalling definitions. The following example reflects the format and difficulty level employees encounter in Module 1.
📝 From the Course — Knowledge Check
The Acme Corp Slide Deck
You are working on a slide deck for a new client, Acme Corp. You need an image of a futuristic car for the presentation.
Which of the following actions is safe and compliant?
❌ Option A — Upload the client’s design blueprints to Midjourney
✅ Option B — Ask the AI tool to “Generate an image of a futuristic blue sedan” with no client data
❌ Option C — Paste the confidential creative brief into a chatbot for ideas
Why B is correct: A generic prompt reveals no confidential information. Options A and C expose the client IP and strategy. The rule: use generic descriptions, never upload client materials.
Course Deployment Information
| 📋 Module 1 — At a Glance | |
|---|---|
| Audience | All employees — required before any AI tool access |
| Length | 15–20 minutes |
| Format | Scenario-based, SCORM-compatible, LMS-ready |
| Covers | GenAI basics, data exposure risk, the three pillars, Allowed / Restricted / Prohibited framework |
| Regulatory alignment | EU AI Act, UK AI Principles, US NIST |
Frequently Asked Questions
The three-pillar framework applies regardless of which specific tool an employee uses — ChatGPT, Gemini, Copilot, Claude, Midjourney, or any other. The principles are tool-agnostic because the risks are consistent: data exposure, confident inaccuracy, and transparency obligations apply across all generative AI platforms.
Company-approved sandbox tools that do not retain or train on your data are the appropriate option for confidential tasks. The Allowed / Restricted / Prohibited framework applies to public external tools. Your organization’s internal guidelines will specify which tools are approved and for what use cases.
It means those tasks should not go through public external AI tools. Some restricted and prohibited tasks may be appropriate using company-approved private tools with appropriate controls. The training establishes the baseline — your organization’s AI governance policy provides the specifics.
No. Module 1 is designed for all employees regardless of role or technical background. The risks covered — data privacy, accountability for AI output, and transparency — apply to every employee who uses an AI tool for work, from writing emails to summarizing meeting notes.
The Privacy Pillar in this series directly intersects with GDPR compliance training and confidentiality obligations. Client names in AI prompts are a GDPR risk. Internal financial data in prompts is a confidentiality risk. Module 2 covers the data privacy intersection in depth.
Ready to Explore the Full Series?
Module 1 is the foundation. The remaining three modules build the practical judgment employees need to apply these principles in the specific moments where AI use creates risk.
Responsible AI at Work — 4-Module Series
▶ Module 1: AI Fundamentals — What Every Employee Needs to Know (this page)
Module 2: The Privacy Rule — What Stays Off Public AI
Module 3: The Accountability Rule
Ready to Deploy Module 1?
Module 1 is the recommended starting point for all employees before any AI tool access. It is available as a standalone course or as the foundation of the full four-module Responsible AI at Work series. SCORM-compatible and LMS-ready. Customization to your organization’s approved tools and AI governance policy is available.