Important: Read first
This local government AI policy resource is a planning and governance framework for Mississippi cities, counties, and other local governments, not a final policy, not legal advice, and not a mandatory model. Adapt it to your jurisdiction’s services, legal environment, data, and risk posture, and review it with your governing body, attorney, IT, and clerk before adoption.
2. What this local government AI policy template covers
3. Introduction: purpose of this local government AI policy framework
4. What this template is, and what it is not
5. Foundational principles a jurisdiction may adopt
6. Governance and adoption
7. Acceptable use and prohibited use
8. Data classification, privacy, and security
9. Public records and open meetings
10. Procurement and vendor review
11. Personnel and employment uses
12. Public safety and law enforcement considerations
13. High-risk decisions and human oversight
14. Resident-facing services and transparency
15. Accessibility and inclusion
16. Training and workforce readiness
17. Risk management and incident response
18. Governance review and continuous improvement
19. Key authoritative resources to monitor
20. Implementation checklist
21. Closing statement a jurisdiction may adapt
A note on the Mississippi ITS policy
The Mississippi Department of Information Technology Services (ITS) AI Acceptable Use Policy governs state executive-branch agencies. It generally does not bind cities and counties, which set their own policy through their council or board. Even so, it is an excellent, well-built baseline, and adopting it as your starting reference will save time. This template helps you turn that reference into a local policy that fits your charter, ordinances, and operations.
- ITS AI Acceptable Use Policy (recommended reference)
- ITS Enterprise Policies (useful security and acceptable-use models)
What this local government AI policy template covers
Each topic follows the same pattern: purpose, key questions, sample guidance language, implementation considerations, common pitfalls, and stakeholders to involve. Sections cover foundational principles, governance and adoption, and acceptable and prohibited use. They also address data and security, public records and open meetings, procurement, and personnel. In addition, they include public safety, high-risk decisions, resident-facing services, accessibility, training, risk management, and ongoing review.
Introduction: purpose of this local government AI policy framework
This document helps a local government develop, review, and maintain its own approach to artificial intelligence and generative AI. A sound local approach does three things at once. First, it enables useful efficiency for a lean staff. Next, it protects residents and public data. Finally, it preserves human judgment wherever legal, financial, or safety stakes are high. Most jurisdictions are best served by a short, plain-language policy plus a few targeted procedures, rather than one long document that tries to cover every scenario.
What this template is, and what it is not
Policy sets mandatory rules adopted by the governing body. Guidance explains how to apply policy in practice. Procedures define operational steps and approvals. Best practices are recommended approaches that change faster than policy. Assign each topic to the right level so the policy your council or board adopts stays stable, while day-to-day guidance can be updated by staff as tools change.
Foundational principles a jurisdiction may adopt
Purpose of this section
Establish the core values that anchor every AI decision the jurisdiction makes.
Key questions
What values anchor AI use, and how will they become real controls?
Sample guidance language
“The City or County grounds its use of AI in human oversight and accountability, lawful and mission-aligned use, privacy and security of public data, transparency to residents, fairness and non-discrimination, accessibility, reliability of outputs, and proportionality, so that controls match the level of risk.”
Implementation Considerations
Tie each principle to a concrete control, for example mapping human oversight to a required review step before AI output is used in any official action.
Common Pitfalls
Principles adopted as slogans, with no owner or measurable control.
Stakeholders to Involve
Mayor or administrator, council or board, attorney, IT, clerk.
Governance and adoption
Purpose of this section
Establish who adopts the policy, who administers it, and who is accountable.
Key questions
Who adopts the policy, who administers it day to day, and who is accountable? How are approved tools and exceptions authorized and recorded?
Sample guidance language
“This policy is adopted by the governing body. The mayor or county administrator designates a staff owner for AI governance, supported by IT, the attorney, the clerk, and department heads. Enterprise decisions, approved tools, and exceptions require designated approval.”
Implementation Considerations
Adopt the policy by ordinance or resolution as appropriate, and keep a simple inventory of approved tools, restricted uses, and incidents. For small jurisdictions, one cross-departmental owner plus the attorney may be enough.
Common Pitfalls
Departments adopting tools independently with no central record.
Stakeholders to Involve
Governing body, mayor or administrator, attorney, IT, clerk, department heads.
Acceptable use and prohibited use
Purpose of this section
Make clear which AI uses are encouraged, which require review, and which are prohibited.
Key questions
Which uses are encouraged, which require review, and which are prohibited? How will employees know the difference before they act?
Sample guidance language
“Employees may use approved AI tools for authorized public-business purposes. Employees must not enter confidential, regulated, or otherwise restricted public data into AI systems that are not approved for that data category. Human review is required before AI output is used in any decision, public record, communication, or resident service.”
Implementation Considerations
Publish a short, plain-language list of approved, restricted, and prohibited uses, and route new or unusual uses through the staff owner before they spread informally.
Common Pitfalls
Treating all AI as banned or all AI as acceptable, and quietly automating decisions that affect residents.
Stakeholders to Involve
IT, attorney, department heads, clerk.
Local and self-hosted models
“Jurisdiction IT and technical staff may run open-source or self-hosted AI models on city- or county-controlled hardware for evaluation, experimentation, and learning without tool-by-tool approval, as long as the model runs entirely on local hardware and no public data is sent to any external service. This lane applies only while the work is exploratory. Using a locally hosted model to drive real decisions, official records, or resident-facing services, or running it in production, returns to normal governance and review.”
Conditions for this lane
- The environment is offline or configured so that no prompts, data, or outputs leave it, with telemetry, cloud sync, and auto-update features disabled, and it meets the jurisdiction’s security standards (the ITS model is a useful reference).
- Model weights and datasets come from reputable sources and are treated as executable code, since a downloaded model is a supply-chain item, not just a file.
- The user is already authorized to access and use any data involved, and data minimization applies.
- Regulated or restricted data, including personal data, CJIS criminal-justice data, and other confidential public data, follows its own rules regardless of where the model runs.
- Fine-tuning or training on confidential or restricted public data may trigger data-use, records, and security review, so check first.
- Human review is required before any output informs a consequential decision, official record, or resident service, and model and dataset licenses are respected.
Avoid
Assuming a tool is “local” when it still sends telemetry or syncs to the cloud, running unverified downloaded model weights, or moving a local prototype into production without review.
Data classification, privacy, and security
Purpose of this section
Protect public, personal, and regulated data, often with a small IT footprint.
Key questions
What data may be entered into which AI tools, and what must never be? How are privacy, security, and confidentiality protected at each data level?
Sample guidance language
“No employee may input restricted, confidential, or regulated public data into an AI system unless that system is approved for the data category and appropriate controls are in place. The jurisdiction applies data minimization, access control, and review of vendor model-training and data-use terms before approval.”
Implementation Considerations
Use the ITS security model as a reference if you do not have your own. Apply special caution to personal data, utility-billing and payment data, health data, and any law-enforcement data subject to CJIS rules. If your IT is contracted out, put these requirements in the vendor agreement.
Common Pitfalls
Uploading sensitive data to public tools and assuming vendor defaults are safe.
Stakeholders to Involve
IT or IT vendor, attorney, clerk, finance, police or sheriff IT liaison.
Public records and open meetings
Purpose of this section
Keep AI use consistent with the Mississippi Public Records Act, the Open Meetings Act, and local records-retention requirements.
Key questions
How do AI prompts and outputs fit public-records, open-meetings, and retention obligations? What must be captured, retained, or produced on request?
Sample guidance language
“AI prompts, outputs, and related communications may be public records subject to disclosure and to applicable retention schedules. Employees must manage AI-related records under the Mississippi Public Records Act and the jurisdiction’s retention schedule, and must not use AI in ways that circumvent open-government or retention obligations. AI must not be used to conduct or substitute for deliberations that the Open Meetings Act requires to occur in public.”
Implementation Considerations
Coordinate retention with the clerk and the Mississippi Department of Archives and History local-government schedules.
Common Pitfalls
Using AI in ways that bypass open-meetings deliberation or records capture.
Stakeholders to Involve
Clerk, attorney, IT.
Procurement and vendor review
Purpose of this section
Ensure AI tools are contractually and technically suitable and properly acquired.
Key questions
How are AI tools and vendors reviewed before purchase or deployment? What data, security, and contractual terms must a vendor meet?
Sample guidance language
“AI-enabled products and services follow applicable municipal or county purchasing laws and undergo review for privacy, security, accessibility, data ownership, retention, and model-training rights before acquisition or deployment.”
Implementation Considerations
Add a few AI-specific questions to purchasing: Is our data used to train vendor models? Can that be turned off by contract? Where is data stored, and what audit logs exist? Watch for AI features quietly added to existing software.
Common Pitfalls
Accepting broad vendor rights to retain and reuse public data.
Stakeholders to Involve
Purchasing, IT, attorney, finance.
Personnel and employment uses
Purpose of this section
Guide AI use in personnel and employment processes with heightened caution.
Key questions
Where may AI support hiring, evaluation, or workplace decisions, and where is human judgment required? How are fairness, notice, and employee rights protected?
Sample guidance language
“The jurisdiction exercises heightened caution where AI may influence hiring, screening, evaluation, discipline, or workplace monitoring. Such uses require human review, legal review, and bias evaluation before deployment.”
Implementation Considerations
Require human review, legal review, and documented bias evaluation before any AI use in employment processes, and give applicants and employees appropriate notice.
Common Pitfalls
Using AI in hiring or evaluation without validation, notice, or review for bias.
Stakeholders to Involve
HR or personnel, attorney, IT.
Public safety and law enforcement considerations
Purpose of this section
Address the elevated legal and civil-rights stakes of AI in policing and public safety.
Key questions
Where can AI support public safety without becoming the sole basis for an enforcement action? What authorization, documentation, and oversight are required?
Sample guidance language
“Law-enforcement use of AI must comply with CJIS security requirements, evidence and chain-of-custody rules, and applicable constitutional and civil-rights protections. AI must not be the sole basis for an enforcement action, identification, or detention. Uses such as facial recognition, automated analysis of evidence, or predictive tools require specific authorization, documentation, and human decision-making.”
Implementation Considerations
Involve the police chief or sheriff, the prosecutor, and the attorney early, and keep criminal-justice data out of unapproved tools.
Common Pitfalls
Adopting surveillance or identification tools without policy, notice, or oversight.
Stakeholders to Involve
Police or sheriff, prosecutor, attorney, IT.
High-risk decisions and human oversight
Purpose of this section
Keep human judgment and accountability in decisions with significant legal, financial, or safety stakes.
Key questions
Which decisions are consequential enough to require human control? What review, documentation, and fallback apply before AI informs an outcome?
Sample guidance language
“AI must not make final decisions affecting permits, code enforcement, benefits, utility billing or shutoffs, employment, public safety, or legal rights. Such decisions require authorized human review, documented controls, and a manual fallback process.”
Implementation Considerations
Classify uses into low, moderate, and high risk, and require enhanced review plus a documented manual fallback for anything in the high tier.
Common Pitfalls
Letting AI quietly drive consequential outcomes without review, documentation, or a manual fallback.
Stakeholders to Involve
Department heads, attorney, administrator.
Resident-facing services and transparency
Purpose of this section
Be clear with residents about where AI shapes information or services, and keep a person reachable.
Key questions
When and how should the jurisdiction disclose AI use to residents? How can a resident reach a person for questions or review?
Sample guidance language
“Where AI materially shapes information or services provided to residents, such as a chatbot or automated response, the jurisdiction provides appropriate disclosure and ensures residents can reach a person for questions or review.”
Implementation Considerations
Disclose AI use on resident-facing channels such as chatbots, keep public-facing AI accurate and reviewable, and maintain a clear path to a staff member for questions or review.
Common Pitfalls
Presenting unverified AI output as official guidance, or offering residents no human point of contact.
Stakeholders to Involve
Communications or clerk, department heads, attorney.
Accessibility and inclusion
Purpose of this section
Ensure AI tools, content, and services are accessible to all residents and employees.
Key questions
How will AI-related tools and content meet ADA Title II and web-accessibility expectations? Who validates accessibility before deployment?
Sample guidance language
“AI-related technologies, content, and services must meet the jurisdiction’s accessibility obligations, including ADA Title II and applicable web-accessibility expectations. Accessibility review is part of AI procurement and content workflows.”
Implementation Considerations
Make accessibility review part of AI procurement and content workflows, and verify rather than assume that AI-generated captions, alt text, and translations are sufficient.
Common Pitfalls
Assuming AI-generated captions, alt text, or translations are automatically sufficient.
Stakeholders to Involve
IT, communications, attorney, ADA coordinator.
Training and workforce readiness
Purpose of this section
Build the AI literacy and role-based skills employees need to use approved tools responsibly.
Key questions
What training does each role need to use AI responsibly and recognize risk? How will training stay current as tools change?
Sample guidance language
“The jurisdiction provides practical, role-based AI training so employees can use approved tools responsibly, protect public data, and recognize the limits of AI output.”
Implementation Considerations
Use the Mississippi Artificial Intelligence Network (MAIN) free AI training to build AI literacy and responsible-use skills, including for staff who are new to these tools, and refresh training as tools and policy evolve.
Common Pitfalls
One-time training that is never refreshed as tools and risks change.
Stakeholders to Involve
HR or personnel, IT, department heads.
Risk management and incident response
Purpose of this section
Manage AI risk in proportion to impact, data sensitivity, and system autonomy, and respond to incidents.
Key questions
How are AI risks identified, monitored, and escalated? What happens when an AI tool fails or causes an incident?
Sample guidance language
“The jurisdiction manages AI risk using a documented, risk-based approach proportionate to impact, data sensitivity, and system autonomy. AI-related incidents are reported and handled through the jurisdiction’s existing incident-response process.”
Implementation Considerations
Route AI-related incidents through the jurisdiction’s existing incident-response process, and revisit risk classifications as tools change.
Common Pitfalls
Treating risk as optional and not revisiting classifications as tools change.
Stakeholders to Involve
IT, attorney, finance, department heads.
Governance review and continuous improvement
Purpose of this section
Keep the policy current as law, technology, and practice evolve.
Key questions
How often is the policy reviewed, and what triggers an earlier update?
Sample guidance language
“The jurisdiction reviews this policy and related procedures at least annually, and sooner after significant legal, technological, or operational changes, or after an incident.”
Implementation Considerations
Keep the adopted policy stable, and update staff guidance more often. Watch for updates to the ITS reference policy and to state law.
Common Pitfalls
Letting the policy go stale while tools, law, and the ITS reference move on.
Stakeholders to Involve
Governing body, administrator, attorney, IT, clerk.
Key authoritative resources to monitor
- Mississippi ITS AI Acceptable Use Policy (reference baseline)
- NIST AI Risk Management Framework and the NIST Generative AI Profile
- Mississippi Public Records Act, Open Meetings Act, and Department of Archives and History local-government retention schedules
- CJIS Security Policy resources for any law-enforcement use
Implementation checklist
- ✓Have we used the ITS policy as our starting reference?
- ✓Will the governing body formally adopt the policy?
- ✓Have we named a staff owner and involved the attorney?
- ✓Have we defined approved, restricted, and prohibited uses?
- ✓Have we protected confidential and CJIS data from unapproved tools?
- ✓Have we addressed public records, open meetings, and retention?
- ✓Have we built AI questions into purchasing?
- ✓Have we set special rules for public safety and other high-risk uses?
- ✓Have we addressed accessibility, resident transparency, and human oversight?
- ✓Have we provided training and set a review cycle?
Closing statement a jurisdiction may adapt
“This policy supports responsible, effective, and human-centered use of AI in local government. Because AI, law, and practice continue to evolve, the City or County treats it as a living resource and adapts it in consultation with its attorney, IT, and department leaders.”
Sources and references
This template is MAIN’s own synthesis, informed by the following authoritative sources. It is a planning resource, not legal advice.
- Mississippi ITS AI Acceptable Use Policy (recommended reference baseline) and ITS Enterprise Policies
- NIST AI Risk Management Framework and the NIST Generative AI Profile
- Mississippi Public Records Act, Mississippi Open Meetings Act, and Mississippi Department of Archives and History local-government retention schedules
- FBI Criminal Justice Information Services (CJIS) Security Policy, for any law-enforcement use