Most small nonprofits are being asked the AI question before they have a way to answer it. A board member forwards an article. A funder mentions it on a call. A staffer is already using ChatGPT for thank-you letters. The question underneath all of it is the same. How do we use this without compromising what we stand for?

Virtuous and Fundraising.AI’s 2026 Nonprofit AI Adoption Report found that 47% of nonprofits using AI have no governance policy in place, while 92% report some form of AI use across the organisation. That gap is where misalignment grows.

There is a way through that does not require a policy committee or a six-month review. Align AI by treating each use case as a values decision before it becomes a tool decision. Start with the tool, and the tool sets the terms. Start with the use case and your values, and you decide whether the tool fits.

Why mission first, not tools first?

Leading with mission lets you decide which AI uses are worth pursuing before you start comparing tools.

Most “AI for nonprofits” content opens with five tools and asks you to choose one. By the time you are reading the comparison, you are already assuming that adopting one of them is the right move. The values question your board is actually asking has been quietly skipped, and you end up justifying the tool to the mission instead of the other way round.

Tool-first thinking rewards activity over judgement. A grant-writing assistant that saves four hours a week is a clear win until you notice it is subtly misrepresenting your programme outcomes in language the funder finds persuasive. The hours saved feel real. The drift in how your organisation describes itself is harder to see.

Mission first lets you name the use case before you name the product, and say no to a use case without saying no to AI in general. That is the conversation most boards want to have.

What alignment actually tests for

Alignment runs on a small set of named tests applied to each specific AI use case.

There are three. Each is a single question you can ask of any proposed use of AI, from drafting a thank-you note to summarising case records. They are designed to be runnable in a meeting.

  • Beneficiary impact test. Does this AI use change the experience of the people we serve, and if so, in a direction we can defend? Drafting a board paper does not touch beneficiaries. Auto-replying to a crisis-line enquiry does, and the answer to whether that change is defensible is almost certainly no.
  • Trust test. Would our donors, funders, or beneficiaries be surprised or uncomfortable to learn we use AI this way? An AI tool that helps draft donor thank-you letters does not raise the same question as pasting a list of donor names and giving histories into a free-tier ChatGPT prompt. The second is a data exposure your treasurer will care about.
  • Reversibility test. If this turns out to be the wrong call, can we walk it back without breaking something we cannot rebuild? A tool you can stop paying for next month is reversible. A workflow change that has quietly replaced a staff judgement with a model output, over six months, often is not.

Three questions, applied per use case. The next move is turning them into something you can run on a Tuesday afternoon.

Running a values audit

A values audit is a 90-minute meeting that produces a one-page document, and it is what turns the three tests into a decision your board can sign off on.

The audit earns its keep. Once you have run it, you have a written reference for what you decided and why. NTEN’s AI Resource Hub sets out the same logic in its AI Framework for an Equitable World: assessment first, then intervention.

You need three people in the room. Whoever holds programme judgement. Whoever holds the money. Whoever will actually be using the AI tools day to day. For a six-staff charity that is often the ED, the board treasurer, and one programme lead. The meeting takes 90 minutes and produces a single page that goes to the board.

Step 1. Pull out your mission and values

Put your mission and values statements on the table and read them aloud. If they are stale, which they often are for charities that wrote them a decade ago, use them as the starting point anyway and flag a refresh as a separate task. The audit does not wait.

You are looking for the two or three commitments that any AI decision will need to be checked against. Common ones: confidentiality of the people you serve, voice and authenticity in how you communicate, careful stewardship of donor relationships. Write those down as a short list. They become the reference for the tests.

Step 2. List the AI use cases you are considering

Write down the three to five use cases you are actually weighing, in plain language. Not “AI for fundraising.” More like “drafting first versions of fundraising appeal emails,” “summarising long board papers,” “auto-replying to overnight volunteer enquiries,” “producing case-record summaries for the next caseworker.”

A use case described in vendor language (“AI-powered donor engagement”) cannot be tested. One described in plain language (“send AI-generated thank-you emails to first-time donors under $50”) can. If you cannot describe it in one sentence that names who is doing what to whom, you do not yet know what you are deciding about.

Step 3. Apply the three tests

Run each use case through the three tests in order: beneficiary impact, trust, reversibility. Each answer falls into one of three categories:

  • Passes. The use case can proceed with normal review.
  • Raises a question. The use case proceeds only after the question is answered. The audit page records what would need to be true.
  • Fails. The use case is a no for now. The page records why and what would have to change for the answer to flip.

Most use cases will not pass cleanly on the first pass. That is the audit working. Candid’s responsible AI policy guidance names cases where the answer is usually no for small organisations: high-stakes decisions, crisis communications, sensitive case notes, HR monitoring, anything that speaks for the community in their absence.

Step 4. Produce the one-page output

Write up the result as a single page with four columns:

  • Use case. One sentence in plain language.
  • Tests passed or failed. Beneficiary impact, trust, reversibility.
  • Decision. Proceed, proceed with conditions, or not yet.
  • Re-evaluation trigger. For any “not yet” decisions, expressed as a condition rather than a date.

Here is one row, filled in:

Use caseTestsDecisionRe-evaluation trigger
Drafting first versions of fundraising appeal emails to existing donors, rewritten by the comms lead before sending.Beneficiary impact: passes, no beneficiary contact. Trust: raises a question, donors expect our voice rather than a model’s. Reversibility: passes, the workflow change is small and visible.Proceed with conditions. Existing donors only. Comms lead rewrites every draft. No donor names or giving history pasted into the prompt.Re-run if we extend to acquisition appeals, if comms lead capacity drops, or if a donor flags the voice as off.

A real org would have three to five rows like this. The one-page format is doing real work. It forces compression, which forces clarity. And when the same use case comes up again in nine months, raised by a new staff member or a new board chair, the page is the answer to “what did we decide and why?” AI for Community publishes its own AI use policy as a real example of what that output looks like written down.

Taking the result to the board

The audit page gives you a structure for a focused board conversation about what you have decided to do, what you have decided not to do, and why.

Open with the line that does the heaviest lifting: “Here is how AI fits our mission, and here is what we have decided we will not do.” That tells the board you have considered the question seriously and that the answer includes a list of nos as well as yeses. Boards trust nos. They are tired of yes-to-everything technology pitches.

When the risk question comes up, name three specific risks rather than gesturing at AI risk in general. Donor data, beneficiary impact, reputational risk. For each one, say what your audit decided and what is being done. “We are not pasting donor records into free-tier tools. We are not using AI for any beneficiary-facing communication. Staff review every AI-generated draft before it goes out.”

If a board member pushes for faster adoption, the audit gives you a calm answer that is not a refusal. “Our values audit returned a question on this use case. We want to revisit it once we have changed X.” That keeps the conversation about the work.

What if the answer is “not yet”?

Writing down a clear no, alongside the condition that would change it, gives your team a decision they can act on now and revisit when something actually shifts.

Some use cases will not survive the audit. For small charities the recurring ones are crisis-line interactions, beneficiary intake notes, case-record summarisation, and advocacy work where the words have to be your community’s. Those are nos for good reasons, and the audit is where you record them.

Write the no with a re-evaluation trigger that is a condition, not a date. “Once our case-management system has on-premises AI options certified for sensitive data” is a condition. “Q3 2027” is a date pretending to be a decision. Conditions force you to revisit when something has actually changed.

Candid’s guidance found that fear-based policies tend to drive AI use underground, with staff using unapproved tools in private. A clear written no with a clear condition does the opposite. It tells your team what is in scope, what is out, and what would have to change for the line to move. Run the audit on three to five use cases, produce the single page, and the tool decisions become the easy part.

Frequently asked questions

Do we have to tell our donors that we use AI?

There is no legal requirement for most UK and US nonprofits, but the trust test usually says yes for any donor-facing use. A short note on your website, with examples of what AI does and does not do, is enough. Surprise is the risk you are managing.

What if our board approves AI use and our beneficiaries are uncomfortable?

Treat the discomfort as new information and rerun the audit on the affected use case. Boards expect to revise decisions when the people you serve raise a concern.

What if my board has already approved AI tools without an audit?

Run the audit on the tools already in use and frame it as housekeeping rather than reversal. If it surfaces a problem, bring it back to the board with the one-page output and a specific recommendation.

Do we need a written AI policy before we start?

No. The audit page is a working document that becomes a policy over time, as you accumulate decisions. Run two or three audits first, then write the policy from what you actually decided.

Is it safe to paste donor data into ChatGPT?

On the free tier, no. Inputs can be used to train future models, and donor lists with giving histories are a meaningful exposure. Paid business tiers with data-use opt-outs need explicit review before you assume the protection is in place.