Type 1: University-owned AI systems
These systems are operated entirely within the infrastructure of the University of Stuttgart. They offer the highest level of protection (up to C4), as data is not passed on to third parties.
- Use permitted for information classified as C1 - C4 (C3 and C4 only with documented approval).
- No data leakage; complete control over hosting, access, and logging.
Approved:
- We do not yet offer any university-owned AI systems.
Type 2: University of Stuttgart systems that access models operated by a scientific partner, such as GWDG
These systems use an interface operated by the University of Stuttgart and access AI models from trusted scientific partners (e.g., GWDG) that are operated in the partners' own data centers.
- Use permitted for information classified as C1, C2, and C3 (C3 only with documented approval).
- No storage or use of inputs for training purposes.
Approved:
- RAI with GWDG models (users are responsible for selecting the models)
Type 3: Systems operated by the University of Stuttgart with access to a model from a commercial provider (e.g., Azure OpenAI)
These tools use external commercial models (e.g., OpenAI models via Azure) with an interface operated by the University of Stuttgart.
- Use permitted for information classified as confidentiality levels C1 and C2.
- Contractually protected, hosted within the EU; no use of inputs for training; and no account-level linking of entries by commercial providers.
Approved:
- RAI with OpenAI models via Azure (EU cloud), Input data is stored by Microsoft for 30 days
Type 4: External services with privacy-friendly settings and enterprise contracts (e.g., ChatGPT Team)
These tools are provided through university contracts and, when used with your university account, offer centrally verified data protection conditions (EU server, no training). The chat interface and AI models are not operated by the University of Stuttgart, but externally.
- Use permitted for information classified as confidentiality levels C1 and C2.
- No use for information classified as C3 and C4.
- Log in with your university account, not with a private email address. Otherwise, the negotiated data protection conditions do not apply!
- Logging in with your university account to an external application allows that application to link your entries and prompts to you as a person. Do not enter any confidential information about yourself, others, or the university into these tools.
Approved:
- DeepL Pro EDU with university account.
- OpenAI ChatGPT Teams, account assignment possible through OpenAI – Input data can be assigned to your university account and is stored by OpenAI for 30 days.
Type 5: Non-audited public AI systems (e.g., ChatGPT Free, Grammarly Free)
These freely available tools are not subject to any organizational protection mechanisms by the University of Stuttgart. They often store entries indefinitely and use the entries and metadata for training and analysis purposes.
- Use ONLY for information classified as C1 (public).
- Do not enter any internal, personal, or confidential information.
- Use is as a private individual; no institutional control.
- Registration requires personal data (e.g., email, phone number) that can be linked to entries.
- If possible, deactivate the use of your data for training purposes and avoid long-term storage of your entries (select opt-out).
Examples:
- ChatGPT Free / Plus
- Grammarly Free
- ai (no costs involved)
Please email any comments or questions about the whitelist to the Vice Rectorate for IT. For inquiries related to the use of AI systems with C3 information, please contact your supervisor. If you plan to process C4 data in an AI system, please reach out to the Data Protection and Information Security Office.