LLM Company Policies and Policy Implications in Software Organizations
Ranim Khojah, Mazen Mohamad, Linda Erlenhov, Francisco Gomes de Oliveira Neto, Philipp Leitner
TL;DR
The paper investigates how 11 software organizations formulate and enforce policies for LLM chatbot use to mitigate data leakage, IP risk, and reliability concerns. Using semi-structured interviews and thematic analysis, it identifies policy drivers (regulatory, data, IP), policy formats, enforcement practices, and contextual differences across licensing and hosting models. It highlights gaps in accountability and copyright handling and discusses organizational changes and evolving governance roles in AI-enabled software engineering. The findings offer practical guidance for managers to tailor context-specific LLM policies that balance safety, compliance, and innovation.
Abstract
The risks associated with adopting large language model (LLM) chatbots in software organizations highlight the need for clear policies. We examine how 11 companies create these policies and the factors that influence them, aiming to help managers safely integrate chatbots into development workflows.