AI Governance Card: Gemini Workspace

​​​​​​​​​​Revision History:

• Last Revised: 07/22/2025
• Date Issued: 03/30/2025
• Version: 1.1
• ​Author: Solomon Abiola​

This governance card mirrors Maryland’s broader responsible AI policy, which provides guidance for standalone commercial GenAI tools. All Maryland state employees and contractors should review this policy before using Google’s Gemini Workspace.

Gemini Workspace is Google’s GenAI suite. It is capable of producing new text, code, translations, summaries, and images.

This card shares categories and guidelines to help Maryland's State civil service use Gemini responsibly and productively.

Risk Categories for AI Use

​

1. Unacceptable Risk AI (Prohibited):

   • AI that automates decisions impacting individual rights or sensitive investigations, or that handles restricted data, is off limits.

   • Per the State's responsible AI policy, staff must not use Gemini (or any GenAI) to generate decisions involving benefits, credentialing, legal enforcement, and other critical decisions.

2. High Risk AI:

   • If Gemini were used to make sensitive decisions, or handle personal or protected health information, it could enter high-risk territory.
     

   • However, Gemini uses technical controls that disallow processing of PI (i.e., Gemini will either be unresponsive or block PI in responses). This ensures that Gemini will not become high risk.

3. ​Limited Risk AI:

   • Gemini poses limited risks if it is used for typical tasks such as drafting memos, brainstorming, analyzing public data, generating code for non-critical tasks, and generating reports that include protected internal-only data.

   • These actions are allowed with caution, in line with guidelines on fact-checking, bias review, and not including personal/sensitive data in prompts per the State's responsible AI policy.

4. Minimal Risk AI:

   • Routine, low-stakes tasks (grammar fixes, rewording public domain text) with no sensitive data.

   • Agencies should still disclose GenAI usage if significant proportions of content are generated while verifying outputs.

   • Most Gemini Workspace usage falls under Limited or Minimal risk as aligned with the State's responsible AI policy.

Tips to Use Gemini Responsibly

​

1. Do Not Use for Sensitive Decisions

   • Do not use Gemini to decide or evaluate individual benefits, legal enforcement, HR hiring, or any “State activities affecting individual rights/safety.”
   • Keep Gemini usage to Limited or Minimal risk tasks such as drafting, brainstorming, and summarizing data – not automated judgments about individuals.


2. ​Fact-Check & Review
   • GenAI can generate plausible but false content. You are responsible for always validating outputs.
   • For official memos or communications, make final edits manually to ensure correctness. You remain responsible for accuracy, even if Gemini makes a draft.


3. ​Review for Bias
   • GenAI can reproduce harmful stereotypes. Check Gemini-generated text for subtle bias or offensive language, and correct such outputs.
     
   
   

4. Create Transcriptions Only With Consent

   • Gemini-based transcription is approved for meetings. In such instances, one should still follow state guidelines to use all-party consent for recordings.
   • Maryland law prohibits recording conversations without all participants’ informed consent​. At the start of any call or meeting, agencies must announce that the call or meeting will be recorded and/or transcribed by an AI-powered service (if applicable), and allow participants to consent or object. If a participant objects to the recording or transcription, it shall not be used. This applies to both internal meetings and calls with the public. Lack of consent makes the recording illegal in Maryland and thus an unacceptable practice.
   
   

5. Use Work Accounts Only

   • Any usage of Gemini services should be through your @maryland.gov account only and separate from personal usage.
   
   

6. Disclose & Cite GenAI

   • Cite Gemini usage if content is significantly AI-generated. (E.g., “This document was drafted with the assistance of Google Gemini.”)
   • Minimal usage (such as using Gemini to proofread content you've written) does not require citation.

More Tips to Use Gemini

​DoIT’s approval of Gemini for Google Workspace means it can access and use protected internal-only data within Google, such as products like Gmail and Google Drive. However, you remain responsible for managing access to protected internal-only data, especially when sharing information on Google Drive. All Google product rules for personally identifiable information (PII) data apply to Gemini.

​

1. Reinforcing Responsible AI Principles:
   • Learn from the Utah Department of Transportation’s (UDOT's) experience: The YouTube video "Google Gemini at UDOT" provides a real-world example of implementing Gemini responsibly within a public organization.
   • This presentation from UDOT underscores several key principles already outlined, including the importance of human oversight, accuracy verification, data security, and ethical considerations.
   • UDOT frames Gemini as a tool to enhance human work, not replace it, and emphasizes core values like trust, integrity, and caring in its application.
   • Reviewing this video can offer valuable reinforcement of these best practices and practical examples of appropriate Gemini usage.
   
   
2. Privacy & Data Security:
   • Gemini follows the same data loss prevention (DLP) policy as Google Workspace, which restricts Gemini's usage of PII​.
   • Gemini's privacy policy can be found here.
   • Gemini has attained SOC 1/2/3, ISO 9001, ISO/IEC 27001, 27017, 27018, and 42001 certifications.
   • Gemini has FedRAMP High authorization. Additionally, Gemini supports compliance with COPPA and FERPA​.

Writing Prompts in Gemini

Prompt engineering is the art and science of crafting precise, effective instructions (known as prompts) to guide GenAI models toward a desired output.

Precise, effective prompts help AI understand your intent and deliver accurate, relevant, and high-quality results.

Gemini offers several ways for you to write strong prompts that get the information you need. As you explore Gemini's suite of GenAI features, keep these tips in mind to prompt responsibly and productively:

​

1. Dos and Don'ts:

   • Do:
     • Use Gemini in Google Workspace, NotebookLM, and Gemini's chatbot in accordance with this policy on internal data.
   • Don’t:
     • Use AIStudio with internal data. Using Level 2 data with AIStudio is not permitted without billing enabled.
   
   

2. Example Use Cases:

   • Drafting Documents:
     • Let Gemini provide an initial draft for a memo on a public topic.
     • Do carefully edit, but don’t rely on it to produce verified facts.
   • Analyzing Public Data:
     • You can prompt Gemini to suggest insights, but make sure to fact-check these insights thoroughly.
   • Translation:
     • Use Gemini to translate non-sensitive content. Confirm the final text with a native speaker for critical communications.
   • Research:
     • Use NotebookLM to analyze publicly available legal text. Fact-check these insights thoroughly.

For additional resources that can help you use Gemini, please reference this resource and this resource, which are both provided by Google.​