The AI Ethics Checklist Every Nonprofit Should Use Before Deploying New Tools
The gap between adopting AI and deploying it responsibly has never been wider. This checklist gives nonprofit leaders a practical framework for evaluating any AI tool before it touches your mission, your beneficiaries, or your data.
A staff member at a food bank starts using an AI scheduling tool to allocate volunteers. Within weeks, it becomes apparent that the algorithm is systematically routing volunteers of certain backgrounds to specific tasks in ways that reflect biases baked into its training data. No one intended this. No one noticed until it had been running for months. The tool had passed every internal "does it work?" test because it automated scheduling efficiently. No one had asked whether it was allocating fairly.
This kind of scenario, mundane in its origin and significant in its impact, is what makes AI ethics more than a philosophical concern for nonprofits. Organizations in the social sector handle some of the most sensitive data imaginable: immigration status, mental health records, abuse histories, financial hardship details, and client service records. They serve communities that have historically been harmed by poorly designed technological systems. And they operate under a public trust imperative that commercial companies simply don't face in the same way. When a nonprofit's AI tool fails, the consequences can be measured in harm to vulnerable people, not just lost revenue.
The 2026 reality is that the vast majority of nonprofits are using AI in some capacity, but very few have formal governance frameworks to guide responsible deployment. A significant share of nonprofits still lack written AI policies, and staff are making tool adoption decisions every day without consistent ethical guidance. The World Economic Forum noted in early 2026 that society is shifting "from broad ethical principles to the more challenging work of putting them into practice." This article is about the practical work.
What follows is a comprehensive checklist for evaluating any AI tool before your organization deploys it. It draws on frameworks from NetHope's AI Ethics Toolkit, NTEN's responsible AI resources, Vera Solutions' nine principles of responsible AI for nonprofits, and the Fundraising.AI responsible AI framework, adapted for the practical realities of organizations operating with limited staff and resources.
Why Ethical AI Matters More for Nonprofits
Before diving into the checklist itself, it is worth naming why ethical AI considerations carry particular weight in the nonprofit sector, beyond the general arguments that apply to all organizations.
Nonprofits frequently serve populations that have been disproportionately harmed by algorithmic systems. AI tools trained on historical data encode historical patterns, and historical patterns in social services, criminal justice, healthcare, and housing often reflect systemic inequities. An AI system that predicts service need, screens applications, or allocates resources in a child welfare or housing context isn't just potentially inaccurate. It can replicate and amplify the exact disparities your organization exists to correct.
The stakes of documented AI ethics failures illustrate this concretely. The Netherlands' SyRI fraud-detection algorithm wrongly flagged more than 30,000 families, disproportionately from immigrant and low-income backgrounds, for benefit termination and forced repayments. The consequences included bankruptcy, mental health crises, and family separation. The COMPAS recidivism algorithm used in US criminal justice flagged Black defendants as higher risk at roughly twice the rate of white defendants with similar profiles. Amazon's AI recruiting tool, now deprecated, systematically downgraded resumes from women. These are not hypothetical risks. They are documented consequences of AI systems deployed without adequate ethical review.
Nonprofits also face a unique trust dynamic. Donors, grantmakers, and the communities you serve all extend trust based on an assumption of values alignment. When AI tools produce harmful outputs or violate privacy expectations, the reputational consequence extends beyond the immediate incident. The credibility of your mission is at stake in a way that commercial organizations simply don't experience in the same way.
Vulnerable Populations
Communities served by nonprofits are often those most likely to be harmed by biased AI systems and least likely to have recourse when harm occurs.
Sensitive Data
Health records, immigration status, financial hardship, and mental health data require stricter handling than most commercial contexts.
Mission Trust
Nonprofits operate under a public trust that extends organizational accountability beyond legal compliance to values alignment.
Checklist Section 1: Mission and Purpose Alignment
The first question is not "does this AI tool work?" but "should we use AI here at all?"
Many AI adoption failures begin not with bad technology but with a poorly framed problem. An organization adopts an AI tool because it is available, because a peer organization mentioned it, or because it promises efficiency gains. What gets skipped is the foundational question: does using AI in this particular function advance or undermine our mission? For nonprofits serving vulnerable populations, this is not a rhetorical question. It requires genuine deliberation.
NetHope's AI Suitability Toolkit offers a structured approach to this question, walking organizations through an assessment of whether AI is genuinely the right tool for a given use case before any technology evaluation begins. The principle it embodies, borrowed from human rights frameworks, is proportionality: AI should be used only where it is genuinely necessary and appropriate to the task, not deployed by default because it is available.
Mission Alignment Questions
- Does using AI in this function directly serve our beneficiaries, or does it primarily serve operational convenience at their potential expense?
- Have we consulted with the communities who will be affected by this AI deployment? Do they have input into whether it is used?
- Is AI genuinely the best solution here, or are we defaulting to technology when better alternatives exist?
- Could this AI system be used for social scoring, surveillance, or monitoring of beneficiaries? If so, can we ensure it will not be?
- What is our plan if this AI tool produces harmful outcomes? Do we have a way to identify harm and a process to respond?
Checklist Section 2: Data Privacy and Confidentiality
This is where most nonprofit AI ethics failures actually happen.
The most common and consequential AI ethics failure in nonprofits is not a sophisticated algorithmic bias problem. It is a staff member pasting client case notes, beneficiary identifiers, or health information into a general-purpose AI writing tool to draft a summary or report. This kind of "shadow AI" use, where staff adopt unapproved tools independently, can violate HIPAA, donor confidentiality agreements, grant restrictions, and state privacy laws simultaneously, without any malicious intent.
The data privacy section of your ethics checklist needs to cover both formal tool deployments and informal staff use patterns. Most major AI platforms, including general-purpose tools like ChatGPT and Claude, have enterprise privacy agreements available that prevent your inputs from being used to train future models. But these protections only work if staff understand what tools are approved for what data types, which requires organizational AI policy, not just vendor agreements. This is why building a clear AI governance policy is the prerequisite to responsible deployment.
Data Privacy Questions
- What categories of data will this AI tool process? Does it touch personally identifiable information (PII), protected health information, or other sensitive data categories?
- Where is data processed and stored? What jurisdictions and laws apply (HIPAA, GDPR, CCPA, state-specific laws)?
- Does the vendor contractually commit that our data will not be used to train or improve their AI models? Can we obtain this commitment in writing?
- What is the vendor's data retention policy? How is our data deleted when we end the contract?
- Have we told beneficiaries and donors how AI tools are used in our operations? Do we have appropriate consent frameworks?
- Do staff have clear guidance on what data types are permitted in this AI tool? Is this documented in an accessible AI use policy?
Checklist Section 3: Bias and Fairness
Algorithmic bias is not hypothetical. It is the default state of AI systems trained on historical data.
AI systems learn patterns from historical data, and historical data in most social contexts reflects systemic inequities. A hiring tool trained on past hiring decisions will encode past biases. A case management tool trained on historical service records may systematically under-serve communities that were previously under-served. A risk assessment tool used in child welfare will reflect historical disparities in family surveillance and intervention rates.
The five primary technical sources of bias in AI systems, identified by NetHope's AI Ethics Toolkit, are: data deficiencies (training data that underrepresents certain populations), demographic homogeneity in training data, spurious correlations (the system learning irrelevant proxies for protected characteristics), improper comparator groups, and cognitive biases embedded in model design choices by developers. Understanding these sources helps you ask the right questions of vendors and audit your own systems effectively.
Critically, bias must be evaluated across all stages of an AI project, not just at initial deployment. NetHope's fairness framework covers problem definition, data collection, model creation, implementation, and ongoing maintenance. An AI tool that performs equitably across demographic groups at launch may drift as populations, language, and context change over time. Ongoing monitoring is not optional; it is how responsible organizations catch emerging bias before it causes harm.
Bias and Fairness Questions
- What protected attributes has the vendor tested for bias? (race, gender, age, disability status, language, socioeconomic status, national origin)
- Has this system been validated on populations similar to the communities we serve? Does the vendor have data on performance for our specific demographic context?
- Has the system been independently audited for bias? Can the vendor share audit methodology and results, not just a claim that the system is fair?
- How frequently is bias testing performed post-deployment? What is the process when bias is detected after the tool is in use?
- Do we have a plan to periodically review AI outputs for demographic disparities within our own population? Who is responsible for this review?
Checklist Section 4: Transparency and Explainability
If you can't explain how the AI works, you can't trust it with consequential decisions.
Transparency in AI means two related but distinct things: transparency about how the system works internally (explainability), and transparency with stakeholders about how you are using AI (disclosure). Both matter for nonprofits, and both are increasingly expected by regulators, funders, and the communities you serve.
The explainability question is particularly important for high-stakes decisions. If your AI tool recommends denying a service application, declining to match a foster family, or prioritizing one community over another for resources, your staff need to be able to understand and articulate why. "The algorithm said so" is not an adequate explanation to a beneficiary, a regulator, or a funder investigating a complaint. Black-box AI should not be used in contexts where decisions affecting people's access to services require human accountability.
Model cards, structured documents that summarize how an AI system was built, trained, and evaluated, are becoming the baseline expectation for transparent AI deployment. Leading organizations now require model cards from vendors as part of procurement, and regulators in the EU and several US states are moving toward requiring them for high-risk AI applications. For nonprofits, model cards provide a tangible artifact that governance committees and boards can review.
Transparency Questions
- Can the vendor explain in plain language how the AI arrives at its outputs? Can our staff explain this to beneficiaries and stakeholders?
- Does the vendor provide a model card documenting training data sources, known limitations, evaluation results, and intended use cases?
- What information is logged about AI decisions or recommendations? Can we access those logs for review or audit purposes?
- Have we disclosed our AI use to relevant stakeholders (donors, beneficiaries, funders, board)? Is our disclosure appropriate for the stakes involved?
- Does the vendor publicly disclose what data was used to train the system, and are there any significant gaps or caveats?
Checklist Section 5: Accountability and Human Oversight
AI tools should inform decisions. Humans must make them, especially when they affect people's lives.
The principle most consistently emphasized across responsible AI frameworks for nonprofits is simple and non-negotiable: AI tools should not make consequential decisions about people. They can surface information, generate recommendations, and automate routine tasks. But decisions that affect service eligibility, case management, resource allocation, or any other determination with meaningful impact on beneficiaries must involve human review and accountability.
This principle becomes especially important as AI capabilities expand. Agentic AI systems that take autonomous actions, sending communications, submitting applications, scheduling services, require a new level of governance because the human review point occurs before the action rather than after an output is generated. Organizations exploring agentic AI for operations, intake workflows, or donor communications need specific governance frameworks for these systems that go beyond the checklists designed for advisory AI.
Accountability also means naming who is responsible when AI produces a harmful output. This is often overlooked in AI adoption, where enthusiasm for capabilities outpaces clarity about governance. Before any AI tool is deployed at scale, your organization should be able to answer: who reviews AI outputs before they influence decisions affecting beneficiaries? Who receives complaints about AI-influenced decisions? Who is authorized to suspend an AI tool if harmful patterns are identified? The absence of answers to these questions is itself an ethics risk.
Accountability Questions
- Who is responsible for reviewing AI outputs before they influence decisions affecting beneficiaries? Is this documented in a policy or job description?
- What is our process when a beneficiary disputes or raises concerns about an AI-influenced decision? Do we have a mechanism for recourse?
- Who is authorized to suspend or discontinue this AI tool if harmful patterns are identified? How will harmful patterns be detected?
- Does the vendor have a documented incident response process for AI failures or harmful outputs? What is their notification timeline?
- For agentic AI systems that take autonomous actions: what human approval is required before the system acts, and what actions are outside its permitted scope?
How to Evaluate Vendor AI Ethics Claims
Almost every AI vendor markets their product as ethical, responsible, and unbiased. Almost none of them provide unsolicited evidence for those claims. Evaluating AI vendor ethics in practice requires moving beyond marketing language to specific, documented, verifiable commitments.
ISACA's 2025 guidance on third-party AI compliance emphasizes maturity-based questioning over yes/no checklists. Rather than asking "is your AI fair?" (which will always get a yes), ask "describe your methodology for detecting and mitigating algorithmic bias, and how frequently these tests are performed." Rather than "do you have an AI ethics policy?" ask "can you share your model card and your most recent independent bias audit report?" The specificity of vendor responses is itself informative.
Ethical commitments also belong in contracts, not just in sales conversations. Vendor questionnaires establish expectations, but legal obligations require contractual language. Before signing any agreement for an AI tool that will touch sensitive data or influence decisions affecting beneficiaries, work with legal counsel to embed specific privacy protections, data handling requirements, audit rights, and incident notification timelines directly in the contract.
Red Flags in Vendor Responses
- Vague claims ("our AI is fair and unbiased") without documented methodology
- Refusal to allow independent auditing or client data review
- No model card or training data documentation available
- Data retention terms that allow training on your inputs
- No documented incident response process for AI failures
What to Require from Vendors
- Model cards with training data sources, limitations, and evaluation results
- Independent bias audit reports with methodology disclosed
- Written contractual commitment that your data won't train future models
- Documented data handling, retention, and deletion policies
- Audit rights: the ability to review AI outputs and flag concerns
From Checklist to Ongoing Governance
An ethics checklist applied at deployment time is better than no ethics review, but the 2026 best practice is continuous monitoring, not one-time audits. AI systems can drift over time, and new biases can emerge as populations, language, and organizational context change. The leading frameworks from NetHope and Vera Solutions both emphasize continuous evaluation as a principle, not periodic review.
Building AI ethics into your organizational governance means creating a regular review cadence for AI tools in active use, not just a pre-deployment checklist. This might be quarterly reviews for high-stakes AI applications, annual reviews for lower-risk tools, and an always-on process for flagging and investigating concerns raised by staff or beneficiaries. It also means assigning clear ownership, someone in your organization whose role includes maintaining visibility into which AI tools are in use and whether ethical standards are being met.
The AI champions framework that many organizations are building can serve as a natural home for this responsibility, distributing ethical oversight across departments rather than concentrating it in a central function that most nonprofits can't resource. Champions in each program area can be responsible for monitoring AI tool outputs for their contexts, surfacing concerns, and escalating to leadership when patterns of bias or harm emerge.
It is also worth building AI ethics review into your organizational AI strategy, not just individual tool decisions. If your organization is working through a strategic AI adoption process, as discussed in detail in the article on integrating AI into your nonprofit's strategic plan, ethics governance should be a named workstream with defined owners, milestones, and accountability, not a checkbox on a vendor evaluation form.
Governance Infrastructure to Build
These elements transform a one-time checklist into an ongoing ethics posture
- AI inventory: A maintained list of every AI tool in active use across the organization, including who owns it, what data it accesses, and when it was last reviewed
- AI use policy: Clear written guidance on what tools are approved for what data types, what is off-limits, and how staff should report concerns
- Review cadence: Scheduled ethics reviews for AI tools in active use, with frequency calibrated to the stakes of the application
- Complaints process: A clear, accessible way for staff and beneficiaries to raise concerns about AI-influenced decisions, with a defined response protocol
- Board visibility: Regular reporting to leadership and the board on AI use, ethics reviews completed, and any concerns identified and resolved
Where to Start If You're Starting from Scratch
If your organization is among the many that have adopted AI tools without a formal ethics framework, the starting point is an audit, not a pause. You don't need to stop using AI tools. You need to know which tools are in use, what data they touch, what decisions they influence, and whether any of those tools are in contexts that require immediate governance attention.
NTEN offers a free AI Readiness Checklist and an AI policy template developed by ANB Advisory that provide accessible starting points for organizations building governance infrastructure. NetHope's AI Ethics Toolkit, developed with MIT D-Lab and USAID, offers more comprehensive resources for organizations serving humanitarian contexts. These frameworks are worth consulting alongside this checklist as you build your organizational approach.
The tools currently generating the most ethical risk for most nonprofits are not the sophisticated AI systems. They are the everyday tools: the writing assistants staff use to draft reports, the scheduling tools that manage volunteer or client flows, the communications platforms with AI personalization features. These tools often fly under the governance radar because they feel mundane. Bringing them into your ethics review process, applying the checklist questions even to low-stakes tools, builds the organizational habit of ethical evaluation before it is urgently needed for higher-stakes applications.
The goal is not to achieve a perfect ethics posture before using any AI. It is to build the organizational capacity to evaluate tools thoughtfully, identify risks proportionate to stakes, implement appropriate safeguards, and maintain ongoing visibility into the AI systems that are shaping your work. That capacity, more than any specific checklist, is what responsible AI adoption looks like in practice.
Conclusion
The shift from ethical principles to ethical practice is the defining challenge of AI adoption in 2026. Nonprofits are not exempt from this challenge, and in many respects they face a higher standard than commercial organizations, because the populations they serve are often those most at risk of being harmed by algorithmic bias and data misuse.
The checklist in this article is a starting point, not a complete solution. It will not catch every ethical risk, and applying it thoughtfully requires organizational judgment that no document can fully provide. What it can do is create a consistent habit of asking the right questions before deployment, rather than responding to harm after it has occurred. That shift, from reactive to proactive ethics, is the most important change most nonprofits can make in how they approach AI.
The organizations that will earn the most trust from their communities, their funders, and their beneficiaries in the AI era are those that demonstrate not just that their AI tools work, but that they have thought carefully about whether they work fairly, for whom, and at what cost. That demonstration begins with a checklist and deepens into a culture.
Build Responsible AI Into Your Nonprofit's Strategy
One Hundred Nights helps nonprofits develop AI governance frameworks, ethics policies, and responsible deployment strategies that protect your mission and the communities you serve.