Published by Narrative Industries | Updated May 2026
In December 2025, the Fundraising Regulator published its first Guidance for using artificial intelligence in fundraising to go along with the Code of Fundraising Practice
Many charities haven’t read either. This post tells you what they say and what chairities are now expected to do.
Two documents. Both matter.
The updated Code of Fundraising Practice (effective 1 November 2025) is the rulebook for all fundraising in England, Wales and Northern Ireland. It applies whether or not your charity is registered with the Regulator.
The Code doesn’t contain a dedicated AI section. It was deliberately rewritten as a principles-based document: legal, open, honest, respectful. Those principles apply to everything, including AI.
The Guidance for using artificial intelligence in fundraising (published 8 December 2025) is where the Regulator makes the AI implications explicit. It’s supplementary to the Code, but it carries the same weight: if the Regulator investigates a complaint about your fundraising, this guidance is what they’ll use to assess whether you acted appropriately or not.
The Regulator is neutral on whether charities should use AI. What they’re not neutral about is how you use it.
What the guidance requires
The guidance follows a lifecycle: exploring AI, preparing to use it, and using it. The obligations apply at every stage.
Trustees are accountable.
Your board of trustees is responsible for your charity’s AI use in fundraising. That accountability is the very first thing the guidance establishes, and it is in line with section 1 & section 2 of the code. Boards must be involved in strategic decisions about AI and must maintain ongoing oversight.
The guidance also flags a specific risk: AI knowledge concentrated in one or two people. If only your digital manager understands what your AI tools actually do, that’s a governance problem.
You need an AI policy before you start
The guidance is direct: develop and agree an AI policy before using any AI tools for fundraising. It recommends publishing that policy on your website, so donors know when and how you use AI.
As of the Charity Digital Skills Report 2025 (before the Fundraising Regulator published its AI guidance), only 16% of charities had an AI policy in place. Nearly half (48%) were developing one. The majority had nothing.
A published AI policy isn’t bureaucracy. It’s the evidence that you took this seriously.
Risk assessment comes before deployment
Don’t use an AI tool until you’ve conducted a risk assessment that is proportionate to your intended use of it. The guidance is explicit about this.
AI can be very powerful but, like any powerful tool, can be dangerous when used without due care.
AI tools can produce content that sounds plausible but can be factually incorrect. They can embed bias you haven’t anticipated. They can interact with your existing systems in ways you haven’t tested. There are multiple stories of people not using AI without due care, failing to specify details or giving full access to master files, and then discover the AI has erased or overwritten those files.
The guidance flags this, so not knowing about them in advance is not a defence.
Human oversight is mandatory
A person must check the accuracy, fairness, and legality of any AI-generated content before it’s used for fundraising. Where AI runs without direct oversight (e.g. donor data analysis, chatbots, automated personalisation) you need monitoring and audit processes in place.
The guidance is clear: you remain accountable for every output your AI produces, even if the AI produced it without your direct involvement.
Do not feed donor data into public AI tools
The guidance specifically advises against putting information not already in the public domain into open-access AI tools.
If your team is copying donor names, giving histories, or CRM data into ChatGPT to personalise appeals, that’s a problem. It raises data protection issues under UK GDPR and potentially breaches your duty to protect personal data under the Code.
A practical example of the risk for charities:
Someone on the fundraising team uses a free AI tool to analyse a donor segment export. They think they’re just doing uploading data as context, & getting analysis back. But the vendor’s terms allow that data to feed training pipelines. Donor names, giving histories, and wealth indicators could potentially enter a model that serves millions of other users.
That’s a UK GDPR breach. It’s also a direct violation of the Fundraising Regulator’s guidance on not feeding non-public data into open-access AI.
Paid & Enterprise level AI tools, or Embedded CRM tools (Salesforce Einstein, Blackbaud AI features, Microsoft Copilot within a Microsoft 365 tenancy) tend to keep your data private to you, but it varies from vendor to vendor, and this needs to be confirmed, as part of your diligence. This also needs to reviewed regularly because vendors change their rules.
Third-party accountability runs upstream
Even if your charity doesn’t use AI itself, you’re still responsible for how your fundraising agencies, platforms, partners, etc use it on your behalf. If a third-party fundraiser uses AI in a way that breaches the Code, accountability sits with you.
The guidance is also clear that charities need to consider how bad actors might misuse AI. For example, by using AI to generate a deepfake video of your CEO to deceive donors, a celebrity associated with your brand, or AI-generated appeals mimicking your brand, voice and imagery. The fundraising Regulator mentions embedding secure authentication data into digital content (also known as content credentials) as a proportionate protective measure.
A practical suggestion: AI is evolving rapidly. Any AI policy (and especially one for fundraising) should specify a review schedule (annually at minimum, or triggered by a significant change in tools, regulation, or usage), and any AI strategy should treat that schedule as a governance commitment, not an aspirational “nice-to-have”.
Transparency scales with risk
Not every AI use needs a label. The guidance doesn’t require charities to disclose every instance of AI use. But the rule is clear: the greater the risk of misleading donors, the more transparent you must be.
Specific examples where disclosure is expected: AI-generated images or video that could be mistaken for real people or situations, chatbots used for fundraising conversations, and personalised appeals built on donor data.
The governance gap is a compliance & a digital skills issue
The Charity Digital Skills Report 2025 found that 44% of charities rate their board’s AI skills as poor. Only 3% say their board is excellent at AI. Meanwhile, 77% of UK charities were using AI in some form in 2025, up from 61% the previous year.
Blackbaud’s Status of UK Fundraising 2025 report found AI usage jumped from 57% to 77% in a single year. The top concerns among fundraisers: inaccurate output (75%), misinformation (73%), data security (69%). Only 2% reported no concerns at all. The same report found 36% of charities rate their CEO’s AI skills as poor, and 44% say the same of their board, meaning the there’s a digital skills/knowledge problem that policy documents alone won’t fix.
The picture is consistent: charities are adopting AI faster than they’re governing it. The Fundraising Regulator’s December 2025 guidance closes that gap by making governance a requirement rather than a recommendation.
What this means in practice
If your charity uses AI for any fundraising activity – drafting appeals, personalising communications, prospecting, wealth screening, chatbots, note-taking tools – the following now applies:
- Your board needs to understand and oversee your AI use
- You need a documented AI policy, ideally published on your website
- You need a risk assessment before deploying any AI tool for fundraising
- You need human review of AI outputs before they reach donors
- You need clear data handling rules that cover what information enters AI tools
- Your contracts with third-party fundraisers need to address AI use
None of this requires your charity to become tech geniuses. It simply requires your leadership to take a clear & informed position, document it, and act on it.
Where Narrative can help
We work with charities, CICs and third sector organisations on AI policy development, AI strategy, and digital governance. We help leadership teams and boards get to grips with what they’re actually responsible for and put practical frameworks in place that stand up to scrutiny.
If you’d like to talk through where your charity stands, get in touch.
Sources: Fundraising Regulator, Guidance for using artificial intelligence in fundraising (December 2025); Code of Fundraising Practice (November 2025); Charity Digital Skills Report 2025; Status of UK Fundraising 2025, Blackbaud.