On July 13, 2026, the Town of Oliver council in British Columbia quietly amended its artificial intelligence policy—without any discussion—to permit Laserfiche’s AI functions for internal staff use. The move adds a second approved AI assistant alongside Microsoft Copilot, reinforcing a platform-specific approach to AI governance that many organizations, especially those on Windows-based systems, are now adopting.
What exactly did Oliver approve?
Oliver’s existing policy already allowed Microsoft Copilot on town-owned devices but barred all other external AI services. The new amendment carves out a narrow exception for Laserfiche AI, a feature set within the Laserfiche document-management platform the municipality already uses for historical records management.
Deputy Corporate Officer Brieanne Mader recommended the change so that staff could use Laserfiche’s AI capabilities to review, summarize, and analyze documents stored in the system—tasks that directly support records management. The council approved the recommendation with no debate, as first reported by the Times Chronicle.
Critically, the amendment does not open the door to general-purpose consumer AI tools. Laserfiche AI is treated similarly to Copilot: both are presented as internally managed services available through the Town’s existing systems. This distinction is deliberate. Municipal records can contain operational, legal, financial, and personal data, making an approved-platform approach more defensible than letting employees paste sensitive material into whatever chatbot is convenient.
What it means for you—by audience
For municipal staff in Oliver
Staff now gain a productivity boost when working with historical records. Routine tasks like summarizing lengthy documents, identifying relevant sections, and pulling together information for reports can be accelerated. However, the policy imposes strict guardrails:
- AI output is never authoritative. Employees must verify everything before using it.
- Confidential or personal information must not be entered into any AI system.
- AI-assisted content must be attributed when included in presentations or official materials.
These rules directly address the most common pitfalls of workplace AI: hallucinated facts, inadvertent data leaks, and a lack of transparency about how content was generated.
For IT administrators and decision-makers
Oliver’s approach signals a practical governance model that many Windows-centric organizations can emulate. Rather than attempting to govern “AI” as a single, monolithic category, the policy authorizes specific, named AI functions within approved enterprise platforms while keeping unsanctioned web services out of business workflows.
The parallel with Microsoft Copilot is instructive. Just because Copilot is permitted in Office apps doesn’t mean every embedded AI feature in a line-of-business application (CRM, document management, help desk) is automatically safe. Each service requires its own review covering data handling, retention, access controls, and compliance.
For admins managing Windows desktops, this translates to a tiered approach:
- Allow Copilot for Microsoft 365 under existing enterprise agreements.
- Evaluate add-on AI capabilities in other LoB software (like Laserfiche) on a case-by-base basis.
- Block all unapproved AI websites and consumer tools via AppLocker, Microsoft Defender Application Guard, or web filtering.
- Enforce human-in-the-loop review policies through user training and periodic audits.
For residents
While the change won’t be directly visible, it could lead to faster responses to information requests and more efficiently managed public records. Perhaps more importantly, the explicit confidentiality and verification rules provide a safeguard against misuse. Residents can take some comfort in knowing that personal data won’t be fed into an AI system and that any AI-assisted staff work is subject to human review before it becomes official.
How we got here
Oliver’s journey is emblematic of a broader public-sector shift from blanket AI restrictions to controlled, product-specific approvals. Initially, the town permitted only Microsoft Copilot—likely a natural choice given its existing Microsoft 365 footprint. When Laserfiche introduced AI capabilities within its document management platform, the town faced a choice: treat it like any other prohibited external AI or recognize it as an extension of an already-vetted system.
The amendment shows a pragmatic decision: Laserfiche is already trusted with sensitive records; adding AI to that same platform, subject to the same governance policies, is a logical step.
This pattern mirrors what many enterprises have done in 2025 and 2026. Rather than issuing a blanket “AI ban,” they’ve started auditing existing software for embedded AI features and approving them individually. It’s an efficient path that avoids the paralysis of trying to write rules for every possible AI tool while still maintaining security.
What to do now: lessons for your organization
If you’re responsible for technology policy in a Windows environment, consider these steps inspired by Oliver’s move:
-
Inventory your stack – Identify all business applications (document management, CRM, ERP, etc.) that have recently added AI features. Many vendors are embedding AI summarization, search, and drafting capabilities; you need to know what’s already sitting in your environment.
-
Assess each individually – For each AI-enabled tool, review: where does it process data (cloud vs. on-prem)? Does it send data to a third-party model? Can it be restricted to internal use? What data classification does it handle?
-
Create an approved list – Instead of a blanket ban with exceptions, maintain a formal register of sanctioned AI services. Publish it so employees know what’s allowed.
-
Mandate human review – Like Oliver, require that all AI-generated output be verified by a human before it’s used in decision-making or external communication. Consider attribution policies so that AI assistance is transparent.
-
Reinforce confidentiality – Add explicit rules barring confidential or personal data from being entered into any AI tool, even approved ones. Implement technical controls (e.g., DLP policies, sensitivity labels) where possible.
-
Train and audit – Educate staff on the policy’s “why” and “how.” Spot-check compliance through random audits of AI usage logs (if available) or document reviews.
For Oliver specifically, the immediate next step is ensuring that staff actually follow the verification and confidentiality rules consistently. The policy is only as good as its execution.
Outlook: a harbinger for municipal AI adoption
Oliver’s quiet policy amendment may be a small-town move, but it reflects a larger trend: public-sector AI governance is maturing. Expect more municipalities, school boards, and local agencies to shift from outright bans to curated lists of approved AI capabilities within the platforms they already license—especially those running on Windows and Microsoft 365.
However, challenges remain. AI accuracy is still uneven, and the risk of over-reliance on unverified outputs is real. The true test will come when an AI error slips through the review process. How an organization responds—with transparency and corrective action—will determine whether this calibrated approach builds trust or erodes it.
For now, Oliver has drawn a practical line: use AI where it meaningfully assists internal administrative work, keep humans firmly in charge, and don’t open the floodgates. It’s a blueprint worth watching—and for many Windows admins, worth following.