Name: Ben Pascut
Price range: $

Every AI policy reveals what an institution believes about the people this technology will touch: their dignity, their formation, their freedom, their work, and their future. At its deepest level, AI policy begins with love rightly ordered: love for the people affected by the technology, love for the mission of the institution, and love for the common good that wise governance exists to protect.

AI policy is about people. The student whose application will be scanned, the patient whose chart will be summarised, the employee whose performance will be predicted, the donor whose appeal will be drafted: each one is a face. Not a data point. A face. And a face is the place where ethics and economics begin.

Just yesterday, my friend Michael Lee of the Harvard Human Flourishing Program reminded me that the highest aim of human institutions is “loving people into being.” The idiom names what the best schools, hospitals, and companies have always done. They have not merely served people; they have helped them become more fully themselves. The teacher who saw something the student could not yet see. The leader who built a room inside which a person could grow. The institution that defended a person from its own efficiency.

AI policy is where this love will or will not survive contact with scale.

AI is the most remarkable technology we have ever had for progress. But an instrument is only as good as the hand that holds it, and the hand is only as good as the heart that moves it. A policy is how an institution moves its hand. It tells the world how it intends to love its people into being.

Below are twenty-eight principles, each anchored in a long human tradition. Read them as expressions of a single commitment: the people this policy will touch are not the second concern after performance optimisation. They are the first concern, and the last, and the reason the policy exists at all.

What follows is a summary. If you would like the full guide, write me. There is no work I would rather do with you.

Why This Framework Integrates Many Traditions

Institutional AI policy is a systems-complex problem. Many traditions, many constituencies, many forms of risk, many forms of harm, all braided together. Lawyers see the contract. Ethicists see the dignity. Engineers see the system. Educators see the student. Each is right; none alone is enough. A policy worth signing must hold many traditions in the same hand.

The principles below represent my integration. They draw on, among other inheritances:

Regulatory foundations: NIST AI RMF, EU AI Act, OECD AI Principles, UNESCO Recommendation on the Ethics of AI, GDPR, FERPA, HIPAA
Legal and constitutional foundations: Magna Carta, the U.S. Constitution, due process, fiduciary duty, agency law, administrative law, the human rights tradition
Philosophical foundations: Aristotle on purpose, Confucius on the rectification of names, Roman law on definitions, virtue ethics, care ethics, systems thinking
Theological foundations: Imago Dei, Catholic social teaching on the common good, Jewish teshuvah, Laudato Si', stewardship traditions
Professional and research ethics: medical ethics, the Belmont Report, IRB protocols, academic integrity, legal ethics, engineering ethics, accounting ethics
Safety and reliability traditions: aviation safety, just culture, product safety, incident reporting, post-market surveillance
Security and information governance: zero trust, least privilege, chain of custody, records management, archival stewardship
Governance and assurance: corporate governance, board oversight, internal audit, enterprise risk management, insurance, procurement, vendor management
Educational and formative traditions: the liberal arts, apprenticeship, John Henry Newman, Maryanne Wolf, the formation of judgment
Civic, labour, and inclusion traditions: civil rights, universal design, restorative justice, labour dignity, worker voice, accessibility
Communication and public trust traditions: media literacy, verification, correction, institutional transparency
Ecological traditions: environmental stewardship, sustainability, intergenerational responsibility

I have recently read the leading AI policies from universities, hospitals, federal agencies, and major corporations. They are competent. They are improving. But three weaknesses run through some of them.

They tend to be written from a few disciplines or traditions, which means they miss the human, formational, and ontological gravity of what AI does to a person and an institution. They tend to be written for compliance rather than for flourishing, so they pass audit but do not move the institution toward what it could become. And they tend to be written in haste, without the deeper traditions that could anchor them, so they age the moment the technology changes.

The principles below are an offering of integrated thinking, from many traditions, for institutions that want their AI policy to be more than a compliance document.

Part I. Core Principles

Part I gathers the structural commitments. Each principle is a condition under which an institution can keep loving people into being at scale.

1. AI Must Serve Institutional Purpose. AI should not be adopted merely because it is powerful, fashionable, or efficient in the abstract. It should be adopted only when it advances the institution’s stated mission, strengthens its responsibilities to the people it serves, and remains consistent with its moral, legal, and fiduciary obligations.

Tradition: Aristotelian teleology; the Preamble to the U.S. Constitution; Magna Carta; fiduciary stewardship; Catholic social teaching on the common good; Protestant vocational theology; the university tradition of ordered inquiry.

2. AI Requires Distinct Governance. AI should not be governed as ordinary software. Because AI can generate analysis, recommendations, predictions, and decisions that appear to carry judgment, its use must be overseen by leaders accountable for mission, risk, law, ethics, and the people affected by its outputs.

Tradition: NIST AI Risk Management Framework; OECD AI Principles; UNESCO Recommendation on the Ethics of AI; the EU AI Act; administrative law; academic integrity.

3. The Policy Must Name What It Governs. An AI policy must state what technologies, uses, users, data, systems, vendors, and decisions it governs. Ambiguity creates gaps in accountability, invites inconsistent practice, and allows high-risk uses to proceed without proper review.

Tradition: Confucian rectification of names; Roman law of definitions; common-law statutory drafting; canon-law precision in obligation; information governance.

4. Oversight Must Match Risk. AI use should be governed by the seriousness of its potential consequences. Low-risk uses may require simple guidance, while uses affecting employment, education, healthcare, finance, legal rights, safety, or access to opportunity require heightened review, documentation, and accountability.

Tradition: EU AI Act risk classification; just-war proportionality; the Basel Accords; clinical-trial protocols; administrative-law proportionality; enterprise risk management.

5. Data Use Must Be Governed Before AI Use Is Permitted. AI systems should not be given access to institutional, personal, confidential, proprietary, or regulated data until the institution has determined that the use of the data is lawful, necessary, secure, minimised, and consistent with the purpose for which the data was collected.

Tradition: GDPR data minimisation; FERPA; HIPAA; common-law confidentiality; chain-of-custody doctrine; privacy-by-design; data stewardship.

6. Human Responsibility Cannot Be Delegated to AI. AI may support analysis, drafting, prioritisation, and recommendations, but it must not be treated as the responsible actor. For any consequential use, a clearly identified person or institutional role must retain authority to review the output, exercise judgment, and be answerable for the decision and its effects.

Tradition: Imago Dei; Kantian dignity and the kingdom of ends; care ethics (Gilligan, Noddings); the Universal Declaration of Human Rights; natural justice; due process; the FAA pilot-in-command doctrine.

7. AI Outputs Must Be Treated as Claims Requiring Verification. AI-generated content, analysis, citations, summaries, recommendations, and data must be treated as unverified until reviewed against reliable sources, institutional records, or professional judgment. Fluency, confidence, or apparent specificity should never be treated as evidence of accuracy.

Tradition: The scientific method; common-law evidentiary standards; academic citation; reasoned decision-making; retrieval-augmented generation; peer review.

8. Material AI Involvement Must Be Disclosed. When AI substantially contributes to work that is submitted, published, relied upon, or attributed to the institution, that involvement should be disclosed in a manner appropriate to the context. Disclosure should clarify the role AI played without obscuring the human responsibility that remains.

Tradition: Academic integrity; truth-in-advertising; informed consent; GDPR transparency principles; the Rome Call for AI Ethics; fiduciary candour; professional responsibility.

9. Vendor Use Does Not Transfer Institutional Responsibility. Institutions may rely on third-party AI tools, but they remain responsible for how those tools are selected, approved, configured, used, monitored, and governed. Procurement, contracting, security review, data protection, performance expectations, and remedy obligations must align with the risks posed by the vendor’s system.

Tradition: Product-liability doctrine; supply-chain ethics; OCC and EBA outsourcing guidance; third-party risk management; fiduciary duty; contract law.

10. AI Literacy Is an Institutional Duty. An institution cannot govern AI well if its people do not understand the tools they are permitted to use. Employees, leaders, faculty, clinicians, students, and other relevant users should receive role-appropriate training on AI capabilities, limits, risks, verification duties, data rules, disclosure expectations, and escalation paths.

Tradition: Civic education; professional formation; the apprenticeship tradition; UNESCO capacity-building; EU AI Act AI-literacy obligations; organisational learning theory.

11. AI Systems Require Continuing Oversight. AI systems must be monitored after approval because models, data, vendors, integrations, risks, and usage patterns can change over time. Institutions should require periodic reviews of performance, accuracy, bias, security, user behaviour, and ongoing fit with the mission and approved purpose.

Tradition: Cybernetics; aviation incident reporting; clinical post-market surveillance; internal audit; the Deming cycle; complex-systems theory.

12. AI Harm Requires Containment, Correction, and Repair. When AI causes or contributes to harm, the institution should act promptly to contain the risk, correct the error, notify appropriate parties, preserve relevant records, and repair the harm where possible. Incident response should treat AI failures as governance events, not merely technical defects.

Tradition: Restorative justice; Jewish teshuvah; Christian reconciliation; product recall doctrine; medical error disclosure; due process; cybersecurity breach response.

13. AI Policy Must Be Periodically Reauthorised. AI policy should have a defined review and reauthorization cycle to ensure it remains aligned with evolving technology, law, institutional practices, and public expectations. A policy that is not deliberately renewed will eventually govern yesterday’s risks rather than today’s reality.

Tradition: Legislative sunset clauses; Roman legal review; the Benedictine chapter review; corporate governance audit cycles; regulatory reauthorization.

14. Every AI Principle Must Become an Institutional Practice. Every principle should be translated into procedures, roles, controls, training, approval paths, documentation, and review mechanisms. A policy has practical authority only when people know what to do, who decides, what records are required, and how compliance will be monitored.

Tradition: The Roman maxim that law without sanction is empty; compliance-by-design; internal controls; Deming quality systems; fiduciary accountability.

Part II. Specialized Principles

Part II turns to the particular places where this love is most easily lost: in memory, in voice, in authorship, in access, in the records of consequential decisions. Each principle stands guard at one of those doors.

15. AI Must Strengthen, Not Weaken, Human Formation. AI should be used in ways that deepen learning, judgment, creativity, professionalism, and responsibility. It should not be allowed to bypass the formative practices through which people learn to think, decide, write, lead, care, or become trustworthy members of an institution.

Tradition: Aristotelian virtue formation; the liberal arts; Maryanne Wolf on deep reading; Hannah Arendt on thinking and responsibility; John Henry Newman's idea of the university.

16. Augmentation Must Be Distinguished from Substitution. AI that assists human work is different from AI that replaces human judgment, skill, presence, or employment. Institutions should be clear about when AI is used to support people, when it is used to substitute for them, and what obligations arise in either case.

Tradition: Labour dignity and worker-voice traditions; medical physician-extender doctrine; the extended mind thesis; Erik Brynjolfsson on the Turing Trap; Catholic social teaching on work; human-centred design.

17. Agentic AI Requires Heightened Governance. AI systems that can initiate actions, use tools, access systems, communicate externally, spend money, modify records, or trigger workflows require stricter authorisation, access limits, monitoring, and human control. The more an AI system can do, the more carefully its authority must be bounded.

Tradition: Agency law; the doctrine of delegated authority; cybersecurity least-privilege; power-of-attorney limitations; zero-trust architecture.

18. Institutional Memory Must Be Protected and Properly Grounded. AI systems that represent institutional knowledge should be grounded in accurate, authorised, current, and traceable sources. The institution must protect its memory from fabrication, distortion, outdated materials, improper access, and the false authority of language that sounds institutional but is not.

Tradition: Archival stewardship; academic citation; common-law precedent; records management; chain-of-custody; founder tradition and organisational identity.

19. Synthetic Media and Impersonation Must Be Strictly Governed. AI-generated images, voices, video, signatures, likenesses, or communications that imitate real people or institutional representatives should require explicit authorisation and clear safeguards. The policy should prohibit deceptive impersonation, unauthorised use of identity, and synthetic media that could mislead, exploit, defame, or harm.

Tradition: Right of publicity; defamation law; informed consent; anti-fraud doctrine; human dignity; the image-bearing theological tradition; media ethics.

20. External AI Communications Require Institutional Control. AI-assisted communications made on behalf of the institution should be reviewed according to their audience, risk, and authority. Public statements, donor communications, legal or financial representations, admissions or employment messages, and other external communications must remain accurate, authorised, consistent with institutional commitments, and accountable to human owners.

Tradition: Truth-in-advertising; public-relations ethics; fiduciary candour; contract law; securities disclosure; donor stewardship; institutional voice.

21. Intellectual Property and Authorship Must Be Protected. AI use should not compromise the institution’s intellectual property, confidential knowledge, scholarly integrity, trade secrets, or authorship standards. Policies should clarify when AI may be used, how sources and contributions must be documented, and how employees protect both institutional assets and the rights of others.

Tradition: Copyright law; trade-secret doctrine; academic authorship norms; moral rights; work-made-for-hire doctrine; research integrity.

22. AI Use Must Account for Environmental and Resource Stewardship. AI systems consume institutional resources, financial resources, energy, water, compute, and human attention. Institutions should consider whether a proposed AI use is proportionate to its mission value, whether lower-cost alternatives would suffice, and whether deployment aligns with responsible stewardship across generations.

Tradition: Environmental stewardship; Laudato Si'; sustainability governance; fiduciary stewardship; intergenerational responsibility; responsible innovation.

23. AI Adoption Must Preserve Access, Fairness, and Inclusion. AI should be evaluated for its effects on different groups, especially people who may be disadvantaged by biased data, inaccessible design, language barriers, disability, economic inequality, or limited technical access. Institutions should ensure AI does not quietly narrow participation, opportunity, or service.

Tradition: Disability rights; universal design; civil rights law; the Belmont Report's justice principle; Catholic social teaching on solidarity; inclusive design.

24. AI Governance Must Have Clear Roles and Decision Rights. AI governance should identify who may approve, use, review, suspend, audit, and retire AI systems. Clear ownership prevents gaps in accountability and ensures that mission, legal, technical, operational, and ethical responsibilities are assigned before problems arise.

Tradition: Corporate governance; separation of powers; RACI models; internal controls; university shared governance; board duty of care.

25. AI Use Requires an Intake and Approval Process. Institutions should maintain a clear process for proposing, reviewing, approving, documenting, and monitoring AI uses. Intake should capture purpose, users, data, vendor status, affected people, risk level, safeguards, human oversight, and conditions for approval.

Tradition: Administrative procedure; procurement governance; clinical trial protocols; regulatory sandboxing; compliance-by-design.

26. AI-Assisted Decisions Must Leave a Record. When AI materially informs a consequential decision, the institution should preserve an appropriate record of the tool used, the data or sources relied upon, the human reviewer, the rationale for the final decision, and any available safeguards or appeals.

Tradition: The administrative record doctrine; common-law evidentiary practice; audit trails; chain-of-custody; reasoned decision-making.

27. Shadow AI Must Be Managed, Not Ignored. Institutions should assume that employees and students will use AI unless given safe, useful, and approved alternatives. The policy should identify unauthorised uses, provide practical pathways for compliant use, and foster a culture in which people can disclose needs and risks without fear of automatic punishment.

Tradition: Shadow IT remediation; BYOD governance; just culture in aviation and medicine; safety culture; institutional ethics of permission and provision.

28. Affected Persons Have a Right to Human Review. When AI materially affects a person’s rights, opportunities, access, safety, reputation, or standing with the institution, that person should have access to meaningful human review. Human review should be real, timely, informed, and empowered to correct errors or reconsider outcomes.

Tradition: Due process; natural justice; audi alteram partem; GDPR automated-decision protections; restorative justice; human dignity.

Conclusion

Read the list slowly, and a pattern emerges. The newest technology is being asked to answer the oldest questions. What is the purpose of an institution? Whom do we owe? What does it mean to love someone into being inside a system built for scale?

The traditions are still here, still generous, still ready. We are at the beginning of this work, not the middle. We are laying foundations; our successors will build the rooms. What matters is that the foundations are anchored in something older than the technology they govern and oriented toward the people that technology was meant to serve.

This is shared work. Write me if you would like the full guide, or a thinking partner as you draft your own. The best AI policies of the next decade will not come from any single mind; they will come from leaders willing to write together, learn from one another, and anchor their work in the traditions that came before. I would be honoured to think this through with you.