Many nonprofits are embracing AI in 2025 – whether it be for efficiency, fundraising, outreach, or program delivery. But while adoption is growing fast, governance – which are the rules, policies, oversight needed to use AI responsibly – isn’t keeping up with tool adoption and is frankly lagging far behind. Governance for nonprofits is essential for maintaining trust, avoiding legal or ethical missteps, and ensuring that technology aligns with mission.
Adoption vs. Governance
- According to BDO’s 2024 Nonprofit Standards Benchmarking Survey, 82% of U.S. nonprofits are using AI tools. These are being applied most often to internal operations such as budgeting, payment automation (44%), program optimization, impact assessment (36%).
- Yet fewer than 10% of nonprofits have a formal policy governing AI use.
- A TechSoup / Tapp Network survey of over 1,300 nonprofit professionals found that while ~85.6% are exploring or using AI tools, only 24% have a formal AI strategy, showing a major gap between interest and structured planning.
- Many nonprofits also face capacity challenges, as 43% rely on only 1‑2 staff members to make decisions about AI or IT. That puts a lot of burden on very few people.
Why the Gap Matters
- Privacy and data risk: Donor information and client records require clear rules for use, storage, and sharing.
- Bias and mistakes: Off-the-shelf tools can amplify bias or produce decisions that conflict with values and mission.
- Reputation and ethics: Donors, communities, and regulators watch not only whether AI is used, but how it is used.
- Compliance and grants: Data protection laws and funder conditions increasingly expect transparency and control.
- Operational waste: Without policies, tools are duplicated, staff get mixed messages, and benefits are left on the table.
What Good Governance Looks Like
- Inventory: Know where AI is used, what data it touches, and who has access.
- Policy: Set acceptable use, human review, prohibited inputs, and retention rules.
- Access: Enforce MFA, least privilege, and fast off-boarding.
- Data protections: Minimize collection, encrypt sensitive data, and redact before uploading.
- Vendors: Do due diligence and include contract clauses on security and model training.
- Training: Teach safe prompts, bias awareness, and incident reporting.
- Monitoring: Keep logs, review quarterly, and run tabletop exercises.
How MSPs Can Support Nonprofits with Governance
There are many ways that a mission-aligned MSP such as CTS operationalizes governance. CTS will:
- Help nonprofits draft formal AI usage policies or integrate AI‑governance sections into existing acceptable use / data policies.
- Help run sessions with nonprofit leadership on ethical AI use, bias risks, oversight, plus what regulatory or funder expectations might be.
- Perform technical and process assessments: what AI tools are being used? How does data flow? Where are policies missing? Where are the highest risks?
- Implement approved AI tools with built in safeguards and human-in-the-loop checks.
- Train staff and leaders with reusable modules.
- Establish a quarterly review, incident tracking, and board-ready reporting.
AI can help nonprofits stretch scarce resources and amplify impact. Governance ensures that benefits arrive with trust, transparency, and alignment to mission.
If you are getting started or want to strengthen what you have, CTS can lead a 60-minute Governance Starter Session to set priorities and provide a practical checklist you can put to work immediately. Please contact us or book a meeting so we can discuss your goals in further detail.
*This guidance is for general information and is not legal advice.
