Institutional policies and guidelines can be a critical part of mitigating the inappropriate and unethical uses of AI that are a concern of many respondents. Although a plurality of respondents (42%) reported that their institution does not currently have AI-related acceptable use policies (AUPs), the proportion that do increased from 23% last year to 39% this year (see figure 12).

Zooming out to consider this issue more broadly, few respondents reported that their institution's policies and guidelines have not been impacted by AI (13%), and the vast majority of institutions are either creating new policies and guidelines or revising existing ones to accommodate new AI-related issues and use cases (see figure 13).

The impacts of AI on institutional policies appear to be increasing in almost all areas of the institution. The largest year-over-year increases are observed for technology, cybersecurity and data privacy, and data and analytics (increasing by 12, 13, and 14 percentage points, respectively) (see figure 14). Reported impacts on teaching and learning policies remained relatively stable, still ranking as the most impacted area of the institution, with 93% of respondents indicating that teaching and learning policies have either already been impacted by AI or soon will be.

Asked specifically about their institution's cybersecurity and privacy policies, only 9% of respondents reported that these policies are adequate to address AI-related risks to the institution (see figure 15), with a plurality of respondents (42%) reporting that their policies are only "somewhat adequate." Of the 30 survey respondents who identified as cybersecurity and privacy professionals, none reported that their institution's cybersecurity and privacy policies are adequate. Asked about specific areas of concern related to cybersecurity, privacy, and AI, a majority of responses focused on data security, end-user behavior, and the data collected by third-party tools (see figure 16).