Use of AI at Work – Recommendations of the Information Commissioner of the Republic of Slovenia

Final responsibility must always rest with the human. AI can be a support tool, but not a substitute for professional judgment and accountability. Responsible use of artificial intelligence is not just a technical issue, but a matter of a culture of legal, ethical, and transparent operation.

These are the key highlights of the recommendations for the safe and responsible use of artificial intelligence at work, published in February 2026 by the Office of the Information Commissioner of the Republic of Slovenia. They are primarily intended for public servants, but are equally relevant in terms of content for all organizations that use sensitive data in their work and operate in a regulated environment.

In short, the key guidelines regarding the use of AI in organizations are as follows:

• the use of AI should be consistent with internal acts,
• personal data may only be processed if all data protection requirements are met,
• apparent anonymization of data is often not enough,
• every AI result requires human supervision and substantive judgment,
• final responsibility for the decision remains with the human, an employee of the organization.

Read more about the recommendations below or on the Information Commissioner’s website.

Checking internal rules is the first step

Before using any AI tool, it is necessary to check whether the use of such tools is even permitted by the organization’s internal acts and under what conditions. If the use of AI is not explicitly regulated, the recommendations warn that superiors must be informed and the use appropriately regulated before starting.

Input of personal and confidential data – better not

One of the key guidelines of the recommendations is clear: do not enter personal, confidential, or other protected data into AI tools, except when explicitly permitted and legally appropriately regulated for the specific tool and method of use.

The Information Commissioner specifically warns that many commercial AI tools are problematic from the perspective of ensuring individual rights. If it is not clear how the tool handles data, or if it lacks an appropriate legal basis and security mechanisms, the input of personal data must not be carried out.

Data minimization principle

If the use of AI is permitted, the recommendations emphasize the principle of data minimization: only as much information as is strictly necessary to achieve the purpose should be entered into the tool. The input of entire documents, full texts, files, or photographs of individuals is specifically discouraged.

Anonymization is not the same as deleting names

In the recommendations, the Information Commissioner specifically warns of a common misconception: removing a name, address, or other obvious identifier does not yet constitute anonymization. If an individual can still be identified—directly or indirectly—it is still considered personal data.

This is particularly important when using AI, as such systems are very effective at linking different data and can form new information about individuals from them. Superficial or “quick” attempts at anonymization are therefore generally not appropriate.

Always check results and maintain human judgment

The recommendations clearly emphasize that AI responses are not always correct, complete, or unbiased. Results must be critically assessed and verified, especially when used for content that affects individuals or decision-making processes.

By following internal rules, limiting data input, ensuring personal data protection, and maintaining human judgment, organizations can leverage the benefits of AI while reducing legal, ethical, and security risks.