DOCUMENT CONTROL AND INDEX

TABLE OF CONTENTS

INTRODUCTION, PURPOSE AND SCOPE

1. INTRODUCTION

Artificial intelligence can strengthen learning, research, administration and public service, but it can also produce inaccurate outputs, bias, privacy loss, security risks and over-reliance. Vel Tech High Tech adopts a human-centred governance model in which AI assists people but does not displace accountable academic or administrative authority. This policy applies to public tools and institution-built systems, including the VEL AI assistant and advisory AI analytics.

2. PURPOSE

To enable safe, ethical, inclusive and educationally meaningful use of artificial intelligence while protecting human agency, academic integrity, privacy, security, fairness, institutional accountability and the rights of students and employees.

3. SCOPE

All AI systems, machine-learning models, generative AI tools, decision-support systems, chatbots, analytics, automation and third-party AI services used, developed, procured or deployed by students, faculty, staff, incubatees, contractors or institutional units.

OBJECTIVES

4. OBJECTIVES

• Promote AI literacy, responsible experimentation and equitable access to beneficial AI tools.
• Classify AI use cases by risk and apply proportionate approval, testing, documentation and monitoring.
• Protect personal, confidential, examination, research and institutional data from unauthorized AI processing.
• Preserve academic integrity while enabling transparent and pedagogically appropriate AI assistance.
• Ensure that high-impact decisions remain subject to competent human review and due process.
• Establish procurement, incident-response, audit and retirement controls for AI systems.

POLICY FRAMEWORK

5. GUIDING PRINCIPLES

1. Human responsibility is non-delegable: an identifiable authorized person remains accountable for every institutional decision supported by AI.
2. AI outputs are probabilistic and shall be verified against authoritative records, professional judgment and applicable rules.
3. Use shall be lawful, necessary, proportionate, transparent, secure, accessible and as fair as reasonably achievable.
4. Data minimisation, purpose limitation and privacy-by-design shall apply throughout the AI life cycle.
5. Affected users shall be informed when they materially interact with AI or when AI materially supports a process.
6. No person shall be disadvantaged solely because an AI system cannot adequately represent their language, disability, background or circumstances.

6. GENERAL POLICY COMMITMENT

The Institution shall implement this policy through approved roles, adequate resources, documented procedures, transparent communication and measurable review. Decisions and exceptions shall be recorded and authorized by the competent authority.

POLICY PROVISIONS

7.1 IMPLEMENTATION REQUIREMENTS

1. The Institution shall maintain an AI Governance Committee with academic, technical, compliance, data-protection, accessibility, student-support and domain representation.
2. Every institutional AI use case shall have a named owner, approved purpose, defined users, data classification, risk category, human-review arrangement and retirement plan.
3. Low-risk uses such as grammar support, brainstorming or non-sensitive drafting may proceed under published guidance; moderate and high-risk uses require documented assessment and approval.
4. High-risk uses include systems affecting admission, academic progression, assessment, attendance, scholarships, placement eligibility, employment, discipline, safety, health, identity or access to significant institutional benefits.
5. Prohibited uses include unlawful surveillance, deceptive impersonation, social scoring, deliberate discrimination, generation of forged records, bypass of security controls and automated decisions without required human review.

POLICY PROVISIONS — CONTINUED

7.2 IMPLEMENTATION REQUIREMENTS

6. AI shall not autonomously confirm Open Elective or Professional Elective choices, allocate faculty, publish timetables, alter attendance or marks, approve class alterations, resolve grievances, impose discipline or make final employment decisions.
7. AI recommendations in the LMS shall be advisory only; an authorized human shall review, accept, modify or reject each operational action through the approved workflow.
8. All institutional AI analyses, recommendations, user decisions and material overrides shall be recorded in dedicated audit or insight tables without changing approved operational records.
9. The canonical LMS AI tables are lms_ai_analysis_runs, lms_ai_department_scorecards, lms_ai_faculty_scorecards, lms_ai_subject_scorecards and lms_ai_recommendations; duplicate operational AI tables shall not be created without architecture approval.
10. AI analytics may read approved data and write only to dedicated AI audit or insight stores; it shall not bypass role permissions or directly edit source attendance, marks, allocation, examination or approval tables.

POLICY PROVISIONS — CONTINUED

7.3 IMPLEMENTATION REQUIREMENTS

11. Students may use AI for learning when permitted by course or assessment instructions and shall disclose material assistance in the format prescribed by the faculty.
12. Submitting AI-generated work as wholly original where disclosure is required, fabricating references, creating false data or using AI during a prohibited assessment constitutes academic misconduct.
13. Faculty shall state permitted, restricted and prohibited AI use for significant assessments and shall design tasks that test reasoning, demonstration, reflection, oral defence, practical work or authentic application.
14. No adverse academic decision shall be based solely on an automated AI-detection score; concerns shall be examined using evidence, student response and due process.
15. AI may support feedback and formative assessment, but final grading of high-stakes work shall remain with authorized faculty or examination processes.

POLICY PROVISIONS — CONTINUED

7.4 IMPLEMENTATION REQUIREMENTS

16. Faculty and researchers shall verify AI-generated facts, calculations, citations, code and interpretations before use and shall not list an AI system as an author.
17. Research use shall comply with ethics approval, informed consent, confidentiality, intellectual property, publication and research-integrity requirements.
18. Personal data, student profiles, attendance, grades, health information, disciplinary records, credentials, unpublished examination material and confidential institutional data shall not be entered into public AI services unless expressly approved and protected.
19. Where an external AI provider is used, prompts shall be minimised and de-identified; institutional identifiers and personal data shall be excluded unless approved processing terms exist.
20. The VEL AI architecture shall keep student profiles, attendance and grades within approved institutional systems and shall route only appropriately filtered general prompts to external language-model services.

POLICY PROVISIONS — CONTINUED

7.5 IMPLEMENTATION REQUIREMENTS

21. AI procurement shall assess data location, retention, secondary use, model training, security, accessibility, bias, explainability, continuity, intellectual property, audit rights and exit arrangements.
22. Vendors shall not use institutional data to train general models unless explicitly authorized through a lawful, documented agreement.
23. Before high-risk deployment, the owner shall conduct an AI impact assessment covering affected persons, benefits, failure modes, bias, security, privacy, accessibility, oversight and appeal.
24. Systems shall be tested with representative scenarios, edge cases and users with different languages, abilities and backgrounds before release and after material updates.
25. Users shall receive clear notices about capability, limitations, data handling, appropriate use and routes to obtain human assistance or challenge an outcome.

POLICY PROVISIONS — CONTINUED

7.6 IMPLEMENTATION REQUIREMENTS

26. AI-generated public communication shall be reviewed for accuracy, copyright, confidentiality, tone and institutional authorization before publication.
27. Synthetic images, audio or video representing real persons shall not be created or published without appropriate authorization and clear labelling where confusion is reasonably possible.
28. Security testing shall address prompt injection, data leakage, malicious uploads, model abuse, unauthorized tool use, excessive permissions and dependency vulnerabilities.
29. Suspected AI incidents, harmful outputs, privacy breaches, discriminatory results or security weaknesses shall be reported immediately, preserved for investigation and handled under incident response.
30. The Institution shall maintain an approved AI inventory, decision log, model/vendor register, impact assessments, test results, incidents, complaints, corrective actions and retirement records.

POLICY PROVISIONS — CONTINUED

7.7 IMPLEMENTATION REQUIREMENTS

31. AI literacy programmes shall cover prompt hygiene, verification, bias, privacy, copyright, academic integrity, accessibility, environmental impact and responsible human oversight.
32. AI performance shall be monitored for accuracy, relevance, bias, drift, security and user impact; systems that no longer meet requirements shall be restricted, replaced or retired.
33. The Institution may suspend any AI tool or integration immediately where continued use presents an unacceptable legal, academic, security, safety or reputational risk.

ROLES AND RESPONSIBILITIES

8. ROLES AND RESPONSIBILITIES

• The Governing Council/Management approves institutional risk appetite and major high-impact deployments.
• The Principal authorizes the AI governance structure and ensures accountable human ownership.
• The AI Governance Committee classifies use cases, reviews high-risk assessments and monitors compliance.
• The IT Cell implements security, access, integration, logging, backup and vendor-management controls.
• IQAC verifies educational quality, evidence and improvement actions.
• Data owners approve lawful access and ensure data quality; the privacy/data-protection function reviews personal-data processing.
• Faculty, students, staff, researchers and vendors follow declared use conditions and report incidents.
• Authorized role holders retain final responsibility for all academic, administrative and employment decisions.

IMPLEMENTATION PROCEDURE

9. IMPLEMENTATION PROCEDURE

1. Register the proposed AI use case and assign an accountable owner.
2. Classify data and risk; complete an impact assessment where required.
3. Obtain academic, technical, privacy, security, financial and competent-authority approvals.
4. Pilot with representative users, document tests and implement human-review and appeal paths.
5. Deploy with notices, role-based access, logging, monitoring and user training.
6. Review performance and incidents periodically and close or retire the system safely.

RECORDS AND COMPLIANCE

10. RECORDS AND EVIDENCE

• AI system and vendor inventory
• AI use-case registrations and impact assessments
• Data-flow diagrams, approvals, contracts and security reviews
• Testing, validation, bias, accessibility and performance reports
• User notices, disclosure records, complaints and appeals
• AI recommendation, acceptance, rejection and override logs
• Incident, corrective-action and retirement records

11. MONITORING INDICATORS

• Percentage of AI systems with approved owner, risk class and review date
• High-risk deployments with completed impact assessment and human-appeal mechanism
• Accuracy, relevance, bias and accessibility test results
• AI incidents, complaints, repeat failures and closure time
• Academic AI disclosure and integrity trends
• AI literacy participation and competency outcomes
• Percentage of AI recommendations reviewed by authorized humans

12. CONFIDENTIALITY, RETENTION AND ACCESS

Records shall be accurate, retrievable and protected against unauthorized alteration, disclosure or destruction. Access shall be role-based and limited to legitimate institutional need. Retention and disposal shall follow the approved schedule and applicable requirements.

13. NON-COMPLIANCE

Non-compliance may result in corrective action, withdrawal of access or benefit, recovery of loss, disciplinary action, referral to a statutory body or other proportionate action after due process.

REVIEW AND APPROVAL

14. REVIEW AND AMENDMENT

The policy owner shall review this document at the stated cycle or earlier due to changes in law, regulation, institutional structure, technology, risk, audit findings or stakeholder requirements. Amendments shall take effect only after approval and version control.

15. REFERENCES

• UNESCO Guidance for Generative AI in Education and Research
• NITI Aayog Principles for Responsible AI and operationalisation guidance
• Digital Personal Data Protection Act, 2023 and applicable rules
• Institutional Academic Integrity, Data Protection, IT, Research Integrity and LMS Policies

16. APPROVAL AND SIGNATURES

This is a controlled institutional document. Printed copies are uncontrolled unless specifically stamped and issued by the authorized office.