Answer — AI Governance
Can staff enter citizens’ personal information into ChatGPT?
Law 25 names no tool: it governs the use of personal information through any channel. Entering citizens’ information into a consumer AI tool is a use like any other — subject to the same rules of purpose, necessity, and safeguards, and it must be demonstrable after the fact.
What Law 25 requires — AI tool or not
Law 25 binds municipalities directly: governance rules, protection policies, system-design requirements, and privacy impact assessments have been mandatory since September 2023, under the CAI’s oversight. None of those duties depend on the tool. Pasting a citizen’s file into a conversational agent is communicating personal information to a third party — the service provider — and that communication answers the same questions as any other: for what purpose, is it necessary, under what safeguards, and who authorized it?
The honest answer to the question is therefore neither “yes” nor “never”: it is “under what conditions — and can you demonstrate they were met?”
Why the real risk is invisible use
The case that worries the CAI, the auditor, and the council is not the assessed, supervised use: it is the well-intentioned employee pasting a file into a tool nobody evaluated. IBM’s Cost of a Data Breach Report 2025 puts numbers on it: 20% of breached organizations were breached via shadow AI, at an average of US$670K in added cost — and 97% of AI-breached organizations had no AI access controls.
Banning without seeing settles nothing: the use continues, out of sight. The useful question is “which AI tools are actually being used here, by whom, and on what?”
What can a careful organization demonstrate?
Three things, each a matter of record: which AI tools touch its business environment, which have been assessed and supervised, and how detected gaps were addressed. A gap found, fixed, and logged is a strength before the CAI — it is blindness that costs.
Agentica keeps that record: continuous mapping of every AI agent in your business environment — metadata and signals only, never the contents of your files — recorded in a tamper-proof history the council, the auditor, and the CAI can receive as-is.