RESO 25-127 - Adopting Artificial Intelligence (AI) PolicyRESOLUTION NO. 25-127
RESOLUTION ADOPTING THE CITY OF GOLDEN VALLEY ARTIFICIAL
INTELLIGENCE (AI) POLICY
WHEREAS, the City of Golden Valley is committed to responsible, transparent,
and ethical use of Artificial Intelligence (AI) technologies to enhance service delivery,
operational efficiency, and public engagement; and
WHEREAS, the rapid growth of AI-enhanced services requires clear governance
structures that ensure legal compliance, data protection, and adherence to state and
federal requirements; and
WHEREAS, the City’s Administrative Services Department, in coordination with
the Information Technology (IT) Division and the Legal Department developed policies
and procedures to ensure that all AI-enhanced services are used safely, responsibly,
and in a manner that protects public trust and sensitive information; and
WHEREAS, the proposed Artificial Intelligence Policy establishes standards for
the approval, use, monitoring, data protection, and transparency of AI-enhanced
services used by City employees, volunteers, contractors, and third parties; and
WHEREAS, the City Council finds that adopting this policy is in the best interest
of the City and its residents, ensures operational consistency, and prepares the City for
responsible long-term use of emerging technologies;
NOW, THEREFORE, BE IT RESOLVED that the City Council of the City of
Golden Valley hereby adopts the Artificial Intelligence Policy, attached hereto as:
•Exhibit A – Artificial Intelligence Policy
Adopted by the City Council of Golden Valley, Minnesota this 16th day of December
2025.
______________________________
Gillian Rosenquist, Mayor Pro Tempore
ATTEST:
______________________________
Theresa Schyma, City Clerk
Docusign Envelope ID: 0091429B-3F80-4023-95AC-5376109D23BA
Resolution No. 25-127 (Exhibit A) -2- December 16, 2025
O FFICIAL C ITY P OLICY
C ITY OF G OLDEN V ALLEY
General Information
Policy Title: Artificial Intelligence Policy Department: Administrative Services
Policy Owner (job title): Deputy City Manager Policy ID: TBD
Council Approval Date: 12-16-2025 Resolution Number: 25-127
Effective Date: 01-01-2026 ☒New ☐ Updated
Policy Overview
Policy Description:
Policy governing the use of Artificial Intelligence applications within the City’s operations.
Purpose & Scope:
The purpose of this policy is to establish a framework for the responsible use of Artificial Intelligence (AI) in public
service applications within the City of Golden Valley, Minnesota. This policy aims to guide city employees, volunteers,
contractors, and third-parties in utilizing AI technologies in a manner that:
• Adheres to legal and regulatory requirements;
• Balances innovation with ethical considerations;
• Delivers value and benefits to the residents of Golden Valley;
• Secures protected information and data; and
• Minimizes environmental impacts
This policy applies to all city employees, volunteers, contractors, and third parties who develop, deploy, or utilize AI-
enhanced services and applications within the City of Golden Valley's operations and public service delivery. It covers
the use of AI in various public service applications, including but not limited to, data analysis, decision-making
processes, and public engagement tools.
General Definitions:
• Artificial Intelligence (AI): The simulation of human intelligence processes by computer systems, capable of
performing tasks that typically require human intelligence, such as understanding natural language, recognizing
patterns, and making decisions. AI includes Generative AI.
• AI-Enhanced Services: Services and software that incorporate AI technologies to enhance productivity and
service delivery.
• Approved AI-Enhanced Services: AI-Enhanced Services that have been approved for use within the City’s
operations and public service delivery by the City’s IT and legal departments and are included on the City’s
public registry of approved AI tools.
• Data Classification/Protection Definitions:
The following terms related to data classification shall have the meanings when used in this Policy:
o Low Risk Data: Data that is defined by Minnesota Statutes Chapter 13 as “public” and is intended to be
available to the public.
o Moderate Risk Data: Data that does not meet the definition of Low or High Risk Data. This includes but is
not limited to system security information, names, addresses, emails, phone numbers, and IP addresses
that are not public.
Docusign Envelope ID: 0091429B-3F80-4023-95AC-5376109D23BA
Resolution No. 25-127 (Exhibit A) -3- December 16, 2025
o High Risk Data: Data that is highly sensitive and/or protected by law or regulation. This includes but is not
limited to Protected Health Information (PHI), Social Security Administration (SSA) Data, Criminal Justice
Information (CJI), Government-issued ID Numbers (e.g., social security numbers, driver’s license
numbers/state ID card numbers, passport numbers), federal tax information (FTI), account data, birth dates,
and bank account numbers.
• Subject Matter Expert (SME): A Subject Matter Expert is an individual who possesses authoritative knowledge,
specialized experience, and demonstrable expertise in a specific area relevant to the subject matter under
consideration. SMEs provide informed analysis, technical guidance, and professional judgment. Their role is to
ensure that content, procedures, and recommendations are accurate, compliant with applicable laws and
regulations, and aligned with best practices within the relevant field.
Related Documents, Materials & Resources:
• Approved Usage of AI-Enhanced Services Flow Chart
• AI Impact Assessment Form
o Vendor Security Risk and Compliance Process
o Security Risk Compliance Questionnaire
• AI Incident Response Plan
• City of Golden Valley Public Registry of AI Tools
• SOP – IT – Seeking Approval of a New AI Tool
Policy
A. Usage Standard
1. Allowed AI Services and Tools
a. Low Risk Data: Employees may use Approved AI-Enhanced Services with Low Risk Data.
b. Moderate and High Risk Data: Employees may not use any software or service where a third-party AI-
Enhanced Service has access to City of Golden Valley data defined as Moderate Risk or High Risk, unless the
software or service has been approved for the specific use by the IT division and legal department.
c. All services must be reviewed and approved by the IT division and legal department through a process that
includes understanding the AI's training, ownership of data, and level of security before being used.
d. The IT division shall maintain a register of approved AI-Enhanced Services.
e. If employees are uncertain whether a service or tool incorporates AI-Enhanced Services or whether
employees are allowed to use the service, they should contact the IT division and legal department for
guidance.
2. Prohibited Uses:
Employees may not:
a. Use AI-Enhanced Services that are not on the City’s register of approved systems.
b. Use AI-Enhanced Services with moderate or high-risk data, unless the AI-enhanced service has been
approved for the particular use by the IT division and legal department.
c. Use publicly available AI-Enhanced Services in situations that can pose significant risks to the health, safety,
or fundamental rights of persons.
d. Enter any Moderate or High Risk Data into publicly available AI-Enhanced Services. When using publicly
available AI-Enhanced Services, employees should treat all entered information as if it were being posted on
a public site.
e. Use AI-Enhanced Services without a subject matter expert reviewing all outputs. AI outputs may only be used
as a starting point and must be thoroughly reviewed to avoid legal, ethical, or reputational risks.
3. Examples
Docusign Envelope ID: 0091429B-3F80-4023-95AC-5376109D23BA
Resolution No. 25-127 (Exhibit A) -4- December 16, 2025
a. Examples of acceptable uses include:
o Summarizing long documents that only contain public information.
o Researching public topics where the resulting content can be verified by a SME.
o Generating draft documents that deal with only public information.
o Editing and proof-reading documents that deal only with public information.
o Tracking trends across the organization over time using only public data.
b. Examples of unacceptable uses include:
o Automatically responding to email messages without first reviewing content for accuracy and
appropriateness.
o Making decisions where outcomes have not been verified by a SME. For instance, using AI-enhanced
services to generate a list of possible hiring criteria for a new position, but not asking a human
resources SME to review those criteria before posting the job.
o Drafting a report that includes Moderate or High Risk Data.
B. Security Standards
1. Data Protection: AI-Enhanced Services may be used with data classified as Low Risk Data. AI-Enhanced Services
must not be used with Moderate or High Risk Data unless the software or service has been approved for the
specific use by the IT division and legal department.
2. Security Measures: City employees, volunteers, contractors, and third parties must ensure adequate security
measures to protect Moderate and High Risk Data from unauthorized access, breaches, or misuse, including
encryption, access controls, and regular security audits.
3. Monitoring & Incident Response: All departments using AI must designate an AI monitoring lead, who shall be
responsible for keeping a complete list of the department’s use of AI, identifying abnormal AI output, and reporting
AI misuse. Any incidents must be reported to the IT division and Data Practices Compliance Official within 24
hours pursuant to the protocols in the City’s Incident Response Plan.
C. Compliance & Legal Considerations
1. Legal and Regulatory Compliance: AI usage must comply with applicable laws, regulations, and industry
standards. Staff must consult the City’s legal and IT teams prior to adopting any new AI-enhanced services to
ensure adherence to privacy, security, and other relevant regulations.
2. Responsible Use: All output from AI-enhanced services must be checked for accuracy, legality, and other
responsible use concerns by a SME. AI should enhance human performance, not replace it. Staff should not use
AI-enhanced services as a substitute for human creativity, judgment, critical thinking, decision making, or
expertise.
D. Training and Awareness
The Data Practices Compliance Official and IT Manager shall conduct regular training programs and awareness
initiatives to educate City employees, volunteers, contractors and third parties about AI, its capabilities, limitations,
and responsible use considerations. Concerns related to AI usage should be reported to the Data Practices
Compliance Official and IT Manager pursuant to the City’s Incident Response Plan.
E. Roles and Responsibilities
The departments and people listed below shall have the following roles and responsibilities with respect to use of AI-
Enhanced Services:
1. Administrative Services Department:
Docusign Envelope ID: 0091429B-3F80-4023-95AC-5376109D23BA
Resolution No. 25-127 (Exhibit A) -5- December 16, 2025
o Maintain and periodically review this policy and ensure alignment with state and federal standards
o Draft and maintain Incident Response Plan
o Draft and periodically update Risk Assessment and Impact Analysis
o Review requests for new AI-Enhanced Services from other City departments and stakeholders
o Maintain public registry of approved AI tools and their approved uses
o Draft and maintain standard operating procedures regarding the use of AI and requesting approval of new
AI tools
2. City Legal Department:
o Assist the IT division in ensuring alignment with state and federal rules and standards
o Ensure compliance with state Data Practices laws
o Periodically review and approve Risk Assessment and Impact Analysis tools
3. City Employees, Volunteers, Contractors and Third Parties:
o Align usage of AI-Enhanced Services with this policy
o Assign at least one AI monitoring lead per department
o Report any issues or concerns with AI-Enhanced Services to the IT division and Data Practices
Compliance Official
o Prior to adopting any new tool that uses AI or has AI capabilities (including but not limited to technology,
software, hardware, program, system) submit complete Risk Assessment and Impact Analysis to IT
division for approval
F. Public Transparency
The City will maintain a public registry of approved AI tools and their uses. The registry must include:
• A description of the AI that is in use
• The approved uses of all AI that is in use
• The Department responsible for monitoring the use of the AI
G. Environmental Impact
When using AI-Enhanced Services within City operations, City employees shall consider the environmental impacts
associated with computing, storage, and data processing. Preference shall be given to AI products, solutions and
vendors that demonstrate energy efficiency, renewable energy sourcing, and sustainable operational practices.
H. Contacts
For questions or further information regarding this policy, contact the administrative services and legal departments.
Docusign Envelope ID: 0091429B-3F80-4023-95AC-5376109D23BA
Resolution No. 25-127 (Exhibit A) -6- December 16, 2025
Approved Usage of AI-Enhanced Services Flow Chart
Start
Acceptable to
use AI service
Contact IT
Has the AI Service
been approved for
use by IT and
legal?
Do you have
expertise to verify
the data output is
highly accurate?
Does it matter if the
data output is highly
accurate?
Cannot use AI service,
contact IT or department
AI monitoring lead
Is the data Low Risk
Data or has the data
been approved for
use in an AI
service?
Yes
No
No
No
Unknown
Yes
No Yes
Yes
Docusign Envelope ID: 0091429B-3F80-4023-95AC-5376109D23BA