Institutional rules
Why this matters
Universities and research institutions increasingly provide guidance on the use of LLMs. These rules are designed to:
- protect sensitive data
- ensure compliance with privacy and legal requirements
- manage risks related to external AI providers
- support responsible and reproducible research
Because policies differ across institutions, you should always check local guidance before using LLMs in your work.
What institutions typically regulate
Data usage
Most institutions restrict how you can use LLMs with:
- personal data
- sensitive or confidential information
- restricted datasets (e.g., administrative or contractual data)
In many cases:
- public LLM tools are not allowed for sensitive data
- institutional tools or secure environments are required
Use of external services
Public LLM providers (e.g., chat tools and APIs) may:
- process data outside your institution
- store or log interactions
- operate under different legal frameworks
Institutions may:
- discourage or prohibit their use for certain data
- require approved alternatives
Approved tools
Some institutions provide or recommend:
- institutional chat interfaces
- approved API access
- controlled compute environments (VMs, VREs, HPC)
These are typically:
- safer
- better aligned with institutional policies
- preferred for research use
Logging and monitoring
Institutional systems may:
- log usage
- track access
- enforce quotas or limits
This supports:
- accountability
- security
- cost management
Research practices
Some institutions provide guidance on:
- documenting LLM usage in research
- disclosing tools in publications
- ensuring reproducibility
- avoiding over-reliance on generated outputs
What you should do in practice
Before using an LLM
- Check your institution's AI or data policy
- Determine whether your data is sensitive
- Identify approved tools or services
During use
- Use institutional tools when available
- Avoid sharing sensitive data with public tools
- Follow recommended workflows and environments
After use
- Document which tools and models were used
- Record prompts or workflows where relevant
- Validate outputs against source material
Where to find guidance
Universities
Below is a curated list of Dutch universities and institutions with publicly available AI / LLM-related guidance on research and/or education. Availability and level of detail vary, and pages may change frequently.
- University of Amsterdam (UvA)
- Utrecht University
- Leiden University
- TU Delft
- Vrije Universiteit Amsterdam
- Eindhoven University of Technology
- University of Groningen
- Wageningen University
- Radboud University
- Tilburg University
National / sector organisations
When university-specific guidance on AI and/or data is missing, consult sector and national policies.
- Autoriteit Persoonsgegevens: AI and algorithms: Dutch Data Protection Authority guidance on AI and privacy
- GDPR preconditions for generative AI: Practical conditions for using generative AI systems
- Npuls / EduGenAI — sector-wide initiative for responsible AI use in education
- SURF AI and data guidance
European Union
When in doubt, consult EU-level policies:
- EU AI Act — Overview of the EU's regulatory framework for artificial intelligence
- GDPR overview (European Commission) — Core data protection framework governing personal data use
Important note
Institutional policies evolve quickly. Always consult the latest official guidance from your university or research organization.
Summary
- Institutional rules vary, but focus on data protection, tool usage, and responsible research
- Public LLM tools are often restricted for sensitive data
- Institutional tools and infrastructure are usually preferred
- When in doubt, check local guidance or ask for support