Artificial intelligence (AI) and information security
Universities community has a positive attitude towards the use of AI-based applications and language models (LLMs). Only specifically approved AI applications are used within the community, and these are listed on the page AI-assisted applications. Always observe the community’s information security requirements and data classification model before implementation.
The use of AI is permitted for data classified as public (5W), internal (4G), and confidential (3Y). AI tools must not be used if the data is classified as restricted confidential (2A) or secret (1R).
Staff: Registering for services with a TUNI-email address is allowed within the limits of performing work duties. In this case, however, do not use the same password as in the TUNI-services.
Students: Under no circumstances can students be required to log in to those platforms that have not been acquired for teaching by the Universities community. The use of such services cannot be a prerequisite for completion of class but must be based on voluntariness in such a way that it is possible to perform without such a service. If students' information is exported to the services without appropriate consent, this results in a personal data protection violation. In the case of students, a personal TUNI-email address is mainly intended for communication. For study purposes, the @tuni.fi address may be used when registering for the service, but it should not cause harm, and the user is responsible for the ID and the use of the service. In this case, however, do not use the same password as in the TUNI-services.
The recommended AI application at TUNI is Microsoft Copilot.
- Use Copilot by logging in with your TUNI credentials, ensuring that the AI is not trained with the data entered there. All data and data processing remain within the EU.
- The aforementioned security features are a significant difference compared to free conversational AI applications (e.g., ChatGPT, Copilot's consumer version, and Google Gemini). In this case, as with social media, it is worth asking yourself, if you are not paying for the service with money, then with what (your own data).
- For external services, the responsibility for complying with information security and data protection regulations lies with the user.
AI-applications will also change the methods of cybercrime. In the future, various phishing messages and other scams will be even better implemented. In addition, criminals have made authentic-looking copies of AI-websites (for example ChatGPT), which are aimed at either phishing for people's credentials or spreading malware. Attention is therefore important!
- Approach AI-generated content critically, just as you would with other online content.
- Verify facts from original sources!
When registering for the services, please also note the University community's Terms of Use of IT Services and E-mail Terms of Use.
- Terms of Use of IT Systems, section 4.1 and 4.4: IT Services of the University (f.ex. email) are designed as a tool for work related to the user’s studies, teaching, research or other tasks at the University. Small-scale private use is allowed. Small-scale private use refers to such actions as private e-mail conversations and online service use. However, it is prohibited for private use that disrupts other use of the service, or is in conflict with the Terms of Use and the guidelines provided.
- E-mail Terms of Use, section 2: A personal address can be used for work and study purposes and personal communications of other kind.
IT Helpdesk
0294 520 500
it-helpdesk [at] tuni.fi (it-helpdesk[at]tuni[dot]fi)
helpdesk.tuni.fi