Institutional AI policies and governance structures are the rules, roles, review routes, and decision thresholds that let an organisation use AI without losing control of quality, accountability, or trust. The key question is not whether AI is permitted in principle, but whether staff can tell what is allowed, who approves it, and what evidence is needed before it is used in teaching, assessment, or administration. Crowdsourced policy repositories and official education guidance both suggest that institutions are moving towards more explicit governance, but the stronger open question is how much detail a policy needs before it becomes operationally useful.

This topic covers the institutional structures that turn AI principles into day-to-day decisions: policy scope, approval routes, role ownership, evidence thresholds, review points, and escalation paths. In assessment settings, the issue is whether these structures are strong enough to protect validity, fairness, accessibility, and accountability when AI is used in content creation, marking, learner support, or administration.

The main governance risk is that AI gets adopted through fragments of practice: a helpful tool here, a pilot there, a vendor feature inside a wider platform, and no single decision-maker who can say how the system is controlled. That creates ambiguity around who approves use, what counts as acceptable evidence, and what happens when the tool changes. The crowdsourced policy initiative is useful because it signals that institutions are actively looking for patterns, but it is the official guidance that matters most when turning those patterns into policy.

- **Policy scope**: which AI uses are covered, such as item generation, marking, feedback, proctoring, learner support, or administration. - **Approval route**: who can authorise use, and at what level of risk. - **Evidence threshold**: what must be shown before a tool can be used live. - **Accountability**: who remains answerable if the system makes an error or changes performance. - **Review cycle**: how often the policy is revisited when tools, cohorts, or regulations change. - **Operational usefulness**: whether the policy helps staff make decisions in real situations, not just describe values.

The strongest sources converge on a practical point: AI governance has to be explicit, not implied. The European Commission guidance emphasises ethical use, practical advice, and emerging competencies, while the U.S. Department of Education developer guide stresses safety, security, trust, and educational purpose. The crowdsourced repository shows that institutions want reusable policy examples, but examples still need local adaptation to assessment risk, legal context, and organisational roles. There is also broad agreement that governance should not be a statement of intent alone. A usable policy should tell staff how to classify risk, how to escalate questions, and what evidence is needed before approval. That matters in assessment because the boundary between learning support, assessment support, and decision-making can be easy to blur.

The open question is how much detail a policy should contain. A short principles-based document may be easier to communicate, but it can leave staff uncertain when they need to act. A more detailed policy may be clearer, but it can become hard to maintain as tools and use cases evolve. The source set does not settle that trade-off; it suggests that institutions need both a visible policy and practical working guidance. Another unresolved issue is whether generic institutional AI policy is enough for assessment organisations. Scoring, item development, proctoring, and learner support all carry different risks, so the same rule set may not be suitable for every use case.

- AI is used before a decision threshold has been set. - Staff rely on vendor claims rather than internal approval. - Policies are too vague to guide procurement or incident handling. - Different teams use different rules for similar assessment functions. - Governance becomes symbolic rather than operational. - Accountability is unclear when AI is embedded inside a larger platform.

1. Define the AI use cases covered by the policy. 2. Assign approval responsibility by risk level and function. 3. Set evidence thresholds for pilot, limited use, and live use. 4. Require review routes for bias, accessibility, and data handling. 5. Specify how the policy will be updated when tools or regulations change. 6. Provide examples so staff can apply the policy consistently. That sequence helps turn broad principles into workable institutional control. It also makes it easier to explain to learners, staff, regulators, and suppliers what the organisation will and will not permit.

| Option | What it means | Main benefit | Main limitation | |---|---|---|---| | Principles-first policy | Short policy built around ethics and broad values | Easy to communicate | Can be too vague for live decisions | | Use-case policy | Different rules for marking, item generation, support, and administration | Better fit for assessment risk | More work to maintain | | Governance framework plus guidance | Policy, approval routes, examples, and escalation all together | Most operationally useful | Needs more coordination and review | The evidence points towards the third option for higher-risk assessment settings, because it makes accountability and decision-making visible rather than assumed.

A college has a broad AI policy that says staff should act responsibly, but it does not say who approves AI use in marking or feedback. When a team proposes a new grading tool, no one can say what evidence is needed or who signs off the pilot. A use-case policy would remove that ambiguity by setting approval routes, evidence thresholds, and review points before the tool reaches students.

- Crowdsourced institutional AI policy repository. - European Commission ethical guidelines on AI and data in teaching and learning. - U.S. Department of Education Office of Educational Technology guide for developers.

Vendor and consultancy material often presents AI policy as a matter of readiness, adoption, or strategic alignment. That is useful as a market signal, but it does not replace institutional governance. The more important question is whether the organisation has a policy that staff can actually use when deciding on real assessment tools and workflows.

### What is an institutional AI policy in assessment? It is the set of rules and review steps that tells staff where AI can be used, who approves it, and what evidence is needed before use. ### Why does governance matter so much for assessment? Because AI can affect validity, fairness, privacy, accessibility, and accountability, so the organisation needs clear control points, not just a statement of principles. ### Is a general institution-wide AI policy enough? Sometimes for low-risk use, but not usually for marking, item generation, proctoring, or certification-related decisions. ### What should staff look for in a good AI policy? They should look for approval routes, evidence thresholds, accountability, review cycles, and plain-language examples.

Tim Burnett (Admin)

Test Community Network. "Institutional AI policies and governance structures." TCN AI & Assessment Wiki. Last reviewed 2026-05-03. https://www.testcommunity.network/wiki/institutional-ai-policies-and-governance-structures.html

- Crowdsourced institutional AI policy and governance structures spreadsheet. - European Commission ethical guidelines for educators on AI and data. - U.S. Department of Education Office of Educational Technology guide for developers.