This matrix clarifies where UT users may input university data using AI tools based on UT’s data classification.

Type of Information	Public	Internal to UT	Private	FERPA	PII	PHI/HIPPA	CUI
Free / Public AI Services
UT-Contracted/Managed AI Services
UT-Contracted/Managed AI Services with Web Search Disabled
Locally Installed LLM (Non-Networked/Offline)

Examples and Clarifications

1. Public-facing AI tools may ONLY be used with Public Data
   Examples: ChatGPT Free, Gemini Free, MS Copilot Free, any mobile app
   
   
2. UT-Contracted/Managed AI Platforms
   Examples: UT Verse, Microsoft Copilot for M365
   These must be covered by a formal UT agreement that includes UT-standard security, AI, privacy, and data-handling provisions. A contract addendum may be necessary for changes to existing agreements to add current standardized language.
   
   
3. UT-Contracted/Managed AI Services with Web Search Disabled
   This is a subset of UT-contracted/Managed services configured to prevent web searching and external data sharing
   
   
4. Locally Installed Offline Models
   A fully offline model (no internet access, stored on UT-owned equipment) may technically support higher classifications, but use of the application should be discussed with the local IT department. 
   
   
5. Limited Use
   “Limited” indicates that use requires coordination with the campus IT department and the Governance, Risk, and Compliance (GRC) team to validate security, privacy, and policy compliance before the data set may be used.
   
   
6. Developmental Protocols
   The development, customization, or integration of any AI application, including locally installed or internally developed large language models, is subject to the same University of Tennessee data classification requirements and institutional policies, and does not exempt the application or its users from compliance obligations based on deployment method or hosting location.