Shadow AI at Work: What Happens When Employees Upload Work Documents and Contracts to ChatGPT?
Employees are already uploading contracts, customer data and internal documents to AI tools. The real risk is not AI itself. It is the absence of visibility, rules and a safe workflow.

By Dzhamal Statsenko, lawyer and AI governance consultant based in the Netherlands | Last reviewed: 17 July 2026
An employee receives a 40-page contract from a supplier.
Instead of spending several hours reviewing it, the employee uploads the contract to ChatGPT and asks the tool to summarise the agreement, identify risky clauses and draft an email to the supplier.
👨💼 From the employee’s perspective, this is not a security incident. It is productivity.
🏢 From the company’s perspective, something more important may have happened: confidential information may have been sent to an external AI provider through a personal account, without approval, without a security assessment and without anyone knowing how the document will be stored, processed or deleted. That is shadow AI in its most practical form: ordinary employees using useful AI tools outside the organisation’s visibility and control.
The contract does not automatically become public. But the employee may still have transferred personal, confidential or legally protected information to an external service without authorisation.
The problem is not simply that employees are using ChatGPT. The problem is that companies often have no visibility, no rules and no safe workflow.
🟩 Key Takeaways
▫️ Uploading a company document to ChatGPT does not automatically make it public, but it may still create an unauthorised external data transfer
▫️ Turning off model training does not automatically make the upload authorised, lawful or consistent with an NDA
▫️ Consumer ChatGPT and organisation-managed business products have materially different controls, but neither removes the need for internal approval
▫️ Contracts and work documents may contain personal data, trade secrets, privileged communications, commercial terms and information protected by confidentiality clauses
▫️ A practical AI usage policy should approve four things before company information enters an AI system: the tool | the account | the data | the task
Table of Contents:
▫️ What Is Shadow AI?
▫️ Why Employees Upload Work Documents to ChatGPT
▫️ The Four Approvals Rule
▫️ What Happens to Confidential Information Uploaded to ChatGPT?
▫️ Consumer ChatGPT vs Business Products
▫️ AI Data Security Is Not Just About Model Training
▫️ Contracts, NDAs, Trade Secrets, GDPR and Legal Privilege
▫️ What to Do If an Employee Has Already Uploaded a Contract
▫️ Can Employees Use ChatGPT for Company Data?
▫️ What Companies Should Ban or Restrict
▫️ How to Create an AI Usage Policy for Employees
▫️ AI Literacy Under the EU AI Act
▫️ Practical Shadow AI Checklist for Employers
▫️ Frequently Asked Questions
▫️ Conclusion
🟩 What Is Shadow AI?
Shadow AI is the use of AI systems inside an organisation without formal approval, security review or effective oversight.
It can include an employee using a personal ChatGPT account to analyse a contract, a manager uploading an HR spreadsheet to an AI assistant, a developer copying proprietary source code into a coding model, or a team connecting an AI application to company email or cloud storage without approval.
Shadow AI is similar to shadow IT, but it can be harder to see. A conventional unapproved application may store a file. A generative AI tool may analyse the file, extract information from it, combine it with prompts, produce new content and make the result easy to copy into other systems.
The employee may believe they are only asking a question. The company may actually be creating a new data flow.

SHRM’s 2026 workplace AI research found that 46% of workers believed their organisation’s AI policies prevented them from experimenting with tools that could improve their work, and 30% said they had knowingly violated organisational AI rules. Reported violations included using tools still under review, using unapproved accounts and uploading confidential organisational data to unapproved systems. See SHRM’s 2026 workplace AI research.
This is why shadow AI should not be treated only as employee misconduct. Employees often use unapproved AI because it solves a real problem faster than the official workflow.
🟩 Why Employees Upload Work Documents to ChatGPT
Employees using ChatGPT at work are not necessarily trying to evade security controls. They may be trying to summarise a long document, translate a contract, compare two versions of an agreement, restructure a report, draft a response to a client or understand a difficult clause.
The immediate benefit is visible. The information-security consequence is not.
A seemingly ordinary document may contain customer names, employee information, signatures, bank details, negotiated prices, internal comments, source code, litigation strategy, legal advice, passwords, API credentials or trade secrets.
🔺The employee sees a document
🔺The security team sees a data transfer
🔺The privacy team sees a new processing activity
🔺The lawyer sees confidentiality, privilege and contractual obligations
That difference in perspective is the centre of the shadow AI problem.
🟩 The Four Approvals Rule
Before an employee uploads company information to an AI system, the organisation should be able to confirm four things.
1️⃣ Approved Tool
The company has reviewed the AI provider, contractual terms, security measures, retention practices, subprocessors and relevant privacy controls.
Practical question: Has this specific AI tool been approved for this category of company information?
2️⃣ Approved Account
The employee is using the correct organisation-managed account rather than a personal account, where company policy requires one.
Practical question: Is the employee using an account controlled by the organisation, with the right administrative settings and auditability?
3️⃣ Approved Data
The information falls within a category that the company permits the AI system to process. Restricted information has been removed, anonymised or moved to a specially approved environment.
Practical question: Does the document contain personal data, confidential terms, privileged material, trade secrets or information restricted by an NDA?
4️⃣ Approved Task
The purpose is permitted, proportionate and subject to appropriate human review. The employee is not delegating an important legal, financial, employment or customer decision to an AI system without oversight.
Practical question: Is the AI being used for a permitted support task, or is it being asked to make or replace a decision that requires professional responsibility?
Approved tool. Approved account. Approved data. Approved task.
If one answer is “no” or “unknown”, stop and escalate the proposed use before company information is uploaded.

The value of this rule is that it works for non-lawyers. Employees do not need to analyse every clause of the GDPR or every vendor term. They need a simple checkpoint that tells them when to pause and ask Legal, Privacy, Security or management before using AI.
🟩 What Happens to Confidential Information Uploaded to ChatGPT?
A document uploaded to ChatGPT does not automatically become public. It is also inaccurate to claim that every uploaded document is automatically incorporated into a model and shown to other users.
The correct answer depends on the product, account type, data controls, retention settings, whether Temporary Chat is used, whether memory is active, whether apps or GPTs are involved and whether the conversation or project is shared.
OpenAI states that content submitted through consumer services may be used to improve its models depending on the user’s settings. Users can switch off the relevant training control, after which new conversations will not be used to improve the models. See OpenAI’s consumer data usage guidance.
Normal chats may remain saved in the account until the user deletes them. Deleted chats and associated files are generally scheduled for deletion from OpenAI systems within 30 days, subject to exceptions such as legal, security or prior de-identification requirements. See OpenAI’s chat and file retention policy.
Temporary Chats do not appear in chat history and are not used to improve OpenAI’s models. OpenAI may nevertheless retain a copy for a limited safety period. See OpenAI’s Temporary Chat guidance.
These settings matter, but they do not resolve the whole legal question
Turning off training does not amend an NDA
Temporary Chat does not give an employee authority to disclose a trade secret
Deleting a conversation does not retroactively approve the original transfer
A personal paid account does not automatically become a company-controlled environment
🟩 Consumer ChatGPT vs Business Products
One of the most important ChatGPT data privacy distinctions is the difference between consumer services and organisation-managed business products.
OpenAI states that it does not use inputs and outputs from ChatGPT Business, ChatGPT Enterprise, ChatGPT Edu and the API to train its models by default. See OpenAI’s business data privacy commitments.
That makes an organisation-managed workspace materially different from an employee independently using a personal account.
However, a safer account is not the same as an approved use case.
Even in a business environment, an organisation must still decide which employees may use the system, which documents may be uploaded, whether personal data is permitted, when Legal, Privacy or Security approval is required, and which outputs require human review.
🟩 AI Data Security Is Not Just About Model Training
Discussions about ChatGPT data privacy often focus on one question: will the provider train a model on this document?
That is important, but it is only one part of AI data security.
A complete assessment should also ask where the document is stored, for how long, who controls the account, whether the conversation can be shared, whether administrators can access or delete it, whether external apps are enabled, whether the company can obtain audit information and what happens when the employee leaves.
The legal and security risks include unauthorised disclosure, excessive retention, insufficient vendor due diligence, insecure integrations, weak access controls, loss of an audit trail and unclear responsibility.
A generative AI data leakage strategy must therefore cover the entire data lifecycle, not only model training.
For many organisations, the weak point is not the AI provider itself. It is the missing internal ownership: nobody knows who approved the tool, who reviews new use cases, who checks integrations, who trains employees and who investigates mistakes
🟩 Contracts, NDAs, Trade Secrets, GDPR and Legal Privilege
Using ChatGPT for contracts can be useful. An AI tool may help an employee summarise obligations, compare drafts, extract deadlines, prepare questions for a lawyer or rewrite a clause in clearer language.
But the legal risk may begin before the system produces its first answer.

🟢 Contractual Confidentiality and NDAs
A company may have promised that certain information will be disclosed only to employees, professional advisers or authorised service providers. Uploading that information to an unapproved AI service may fall outside the permitted categories.
Whether the disclosure breaches a particular contract depends on the wording of the confidentiality clause, the nature of the information, the AI provider’s contractual role, the account configuration and the safeguards in place.
An employee cannot assume that a disclosure is permitted merely because the recipient is software rather than a human being
🟢 Trade Secrets
Under the EU trade-secret framework, information generally qualifies as a trade secret where it is secret, has commercial value because it is secret and has been subject to reasonable steps to keep it secret. See the EU Trade Secrets Directive.
One accidental upload does not automatically destroy trade-secret protection.
However, a pattern of uncontrolled disclosure could make it more difficult for a company to demonstrate that it consistently took reasonable steps to preserve secrecy
🟢 GDPR and Personal Data
In Europe, uploading a company document to an AI service may involve the processing of personal data. Personal data can appear in employment contracts, invoices, customer complaints, internal investigations, CVs, signed documents, emails and spreadsheets.
The GDPR requires personal data to be processed lawfully, fairly and transparently, limited to what is necessary and protected through appropriate technical and organisational measures. It also establishes requirements concerning processors, security and high-risk processing. See the General Data Protection Regulation.
An unauthorised upload may constitute a personal data breach depending on the facts
Reportability requires a separate risk assessment, including what data was uploaded, who could access it, what safeguards applied and what consequences may follow for individuals.
🟢 Legal Privilege and Professional Confidentiality
The position becomes particularly sensitive when employees upload legal advice, correspondence with lawyers, litigation documents, investigation reports, settlement strategy or materials prepared in anticipation of proceedings.
Disclosure to an external AI system may create an argument that confidentiality or privilege has been compromised. It would be too broad, however, to say that every use of AI automatically waives privilege
Recent US federal decisions have reached different conclusions concerning privilege and generative AI. The American Bar Association describes this as a developing and fact-specific area. See the American Bar Association analysis of AI and privilege.
ABA Formal Opinion 512 also emphasises that lawyers using generative AI remain responsible for competence, confidentiality, communication and supervision. See ABA Formal Opinion 512.
The privilege discussion above primarily concerns the United States. Legal professional privilege and professional secrecy differ across European jurisdictions.
🟩 What to Do If an Employee Has Already Uploaded a Contract
Do not begin by assuming that the contract is now public. Do not delete every record before understanding what happened. Start with a structured assessment.

Step 1: Establish the Facts
Identify which AI service was used, whether the account was personal or company-managed, what document or text was uploaded, which prompts were entered, whether the conversation was shared, whether outputs were copied and whether external apps or connectors were enabled.
Step 2: Classify the Information
Check whether the material contained personal data, customer information, privileged communications, trade secrets, credentials, confidential pricing, intellectual property, NDA-restricted information or regulated financial, medical or employment information.
Step 3: Preserve Relevant Evidence
Before deleting the conversation, preserve the information necessary to investigate the incident, where legally and operationally appropriate. This may include screenshots, timestamps, prompts, outputs, account information, file names, sharing settings and relevant logs.
Step 4: Contain the Incident
Depending on the circumstances, the company may need to delete the conversation or file, revoke a shared link, disconnect an integration, reset exposed credentials, restrict the account, contact the provider or suspend the affected workflow.
Step 5: Assess Legal Obligations
Legal, Privacy and Security teams should assess whether company policy was breached, whether an NDA or contract was violated, whether privilege may have been affected, whether trade-secret remediation is necessary and whether the event qualifies as a personal data breach.
Step 6: Fix the Workflow
The final question should be: why did the employee need to use an unapproved tool?
Perhaps there was no approved AI environment. Perhaps the policy was too vague. Perhaps the authorised tool did not perform the task. Perhaps employees were never trained.
Disciplining one employee will not solve a structural problem if the workflow remains broken.
A useful post-incident review should therefore ask whether the employee had a safe alternative. If the official process takes two weeks and the unapproved tool gives a useful first draft in one minute, the organisation should expect repeated policy breaches unless it fixes the workflow.
🟩 Can Employees Use ChatGPT for Company Data?
Yes, in appropriate circumstances.
The answer should not be a universal ban or unrestricted permission. Employees should use ChatGPT for company data only where the Four Approvals Rule is satisfied.

Low-risk examples may include summarising public information, rewriting approved marketing content, brainstorming with synthetic data, translating non-confidential text or restructuring a public job advertisement.
Higher-risk examples may require a business environment and additional approval: internal policies, commercial contracts, customer correspondence, operational reports and internal presentations.
For many teams, the practical compromise is a redaction workflow. Before a document is uploaded, employees remove names, signatures, pricing, unique identifiers, privileged comments and other details that are not necessary for the task.
Redaction is not a magic solution, but it can reduce risk where the organisation has approved the tool and the use case
🟩 What Companies Should Ban or Restrict
A useful AI usage policy for employees should not simply say: “Do not share confidential information.” That is too vague.
A practical policy should classify data.
✅ Green: Generally Permitted in Approved Tools
Public information, approved marketing materials, synthetic data, public job advertisements and non-confidential templates.
⚠️ Amber: Restricted to Approved Business Environments
Internal procedures, draft presentations, routine commercial correspondence, low-risk operational reports and contracts that have been reviewed and appropriately redacted.
🚨 Red: Prohibited Without Specific Authorisation
Passwords, credentials, API keys, health data, special-category personal data, privileged legal advice, litigation materials, M&A documents, unreleased financial results, trade secrets, protected source code, customer databases, security architecture and information restricted by an NDA.
🟩 How to Create an AI Usage Policy for Employees
An effective AI usage policy should make safe behaviour easier. It should not exist only to punish mistakes after they occur.

At minimum, it should define the AI systems covered, list approved tools and accounts, explain data classifications, describe permitted and prohibited uses, set rules for personal data, require human verification, address records and retention, control integrations and define incident-reporting steps.
The policy should also explain how employees can request approval for a new AI use case. Without a realistic approval route, people may treat the policy as a wall rather than a governance system.
Human oversight is especially important where AI supports legal conclusions, financial analysis, employee decisions, customer communication or public-facing content. This connects directly with broader questions of human oversight and autonomous AI governance.
For nonprofit organisations, the same logic applies in a more resource-constrained setting: policies should be practical, role-specific and proportionate. I discuss this separately in AI compliance for NGOs.
🟩 AI Literacy Under the EU AI Act
Article 4 of the EU AI Act has applied since 2 February 2025. The European Commission explains that AI literacy measures should be appropriate to the context and take account of employees’ technical knowledge, experience, education and training, the use context and the affected persons. See European Commission guidance on AI literacy.
This does not mean that every employee must complete the same generic course
A receptionist using an AI chatbot, an HR manager reviewing AI-assisted CV summaries, a lawyer using ChatGPT for contract triage and a developer using a coding assistant need different training.
For shadow AI prevention, AI literacy should explain what may not be uploaded, how approved tools must be used, when to escalate, why model training is not the only risk and why human responsibility remains necessary.
Training should use examples from the organisation’s own work: contracts, HR files, customer support messages, fundraising documents, policy drafts, board papers or technical documentation. Generic warnings rarely change behaviour unless employees recognise the documents they actually handle.
For broader company readiness, this connects with the EU AI Act 2026 compliance checklist.
🟩 Practical Shadow AI Checklist for Employers
▫️ Inventory where employees already use AI tools
▫️ Identify personal accounts used for work tasks
▫️ Classify documents by sensitivity before AI use
▫️ Approve specific AI tools and accounts
▫️ Define green, amber and red data categories
▫️ Restrict uploads of privileged, confidential and regulated information
▫️ Review vendor terms, retention, security and administrative controls
▫️ Train employees by role, not with one generic slide deck
▫️ Create a clear reporting route for accidental uploads
▫️ Keep evidence of decisions, approvals and remediation
▫️ Revisit the policy when new AI features, connectors or business workflows are introduced
▫️ Test whether employees understand the policy by asking them to classify real examples from their daily work
💬 Frequently Asked Questions
❔Can employees upload contracts to ChatGPT
Only if the tool, account, data and task have been approved. A contract may contain confidential terms, personal data, trade secrets or privileged material. A personal ChatGPT account is usually not the right environment for unredacted company contracts unless the organisation has expressly authorised that use.
❔Is it safe to upload company documents to ChatGPT
It depends on the product, account, settings, contract, data category and use case. The safer question is not “is ChatGPT safe?” but “has this specific workflow been approved for this specific information?”
❔Does ChatGPT use company data for training
OpenAI says consumer-service content may be used to improve models depending on user settings, while ChatGPT Business, Enterprise, Edu and API inputs and outputs are not used for model training by default. Training is only one issue; storage, retention, disclosure and authorisation still matter.
❔Does turning off training make an upload safe
Not necessarily. Turning off training addresses one use of the data. It does not amend an NDA, approve an external transfer, resolve GDPR questions, control retention or create internal corporate authority.
❔Can deleting the chat remove the legal risk
Deletion may reduce continuing exposure, but it does not erase the fact that a potentially unauthorised transfer occurred. The company may still need to assess confidentiality, privacy, security, privilege and contractual consequences.
❔Should companies ban ChatGPT completely
A total ban may be appropriate for some environments or data categories. But broad bans can push AI use into personal accounts and invisible workflows. A stronger long-term approach is usually approved tools, clear restrictions, training, monitoring and realistic incident response.
🟩 Conclusion
The debate about employees using ChatGPT is often framed incorrectly.
The question is not whether AI is good or bad. It is not whether every uploaded contract will become public. It is not whether companies can prevent every employee from experimenting with AI.
The real question is whether the organisation knows which AI systems are being used, what information is entering them, which accounts are involved, which purposes are permitted and who remains responsible
Employees will continue using AI because it solves real problems.
Companies that respond only with prohibition may push that activity into personal accounts, private devices and invisible workflows.
The real risk is not that employees use AI. The real risk is that companies have no visibility, no rules and no safe workflow.
🟩 Does Your Organisation Know What Employees Are Uploading?
I help European businesses and NGOs identify shadow AI use, assess confidential-data risks and build practical AI governance systems.
This may include a Shadow AI Risk Review, an AI usage policy, a review of existing ChatGPT workflows, employee AI literacy training, or a practical workshop for management, Legal, HR or Compliance teams.
The goal is not to stop employees from using AI. The goal is to make sure they can use it without turning productivity into an avoidable legal incident.
Request a Shadow AI Risk Review
Related Reading:
▫️ EU AI Act 2026: What Companies Need To Do Before August
▫️ AI Compliance for NGOs: How the EU AI Act Changes Nonprofit Work
▫️ EU AI Act transparency and AI labelling obligations
▫️ Autonomous AI and World Models: Who Will Control the Matrix?
Scope, Methodology and Legal Disclaimer
This article primarily focuses on EU data protection, confidentiality and AI governance. The privilege discussion includes recent US developments and should not be applied automatically to other jurisdictions.
Legal professional privilege and professional secrecy differ by jurisdiction. Companies should obtain jurisdiction-specific advice before drawing conclusions about privilege, confidentiality or reporting duties.
The analysis is based on official OpenAI documentation, EU legislation, European Commission guidance, American Bar Association materials and workplace research. It is intended as a practical governance guide, not as academic peer review.
This article provides general information and does not constitute legal advice.
I will continue writing about this in plain language
See you in the next piece
Cheers,


