Template — adapt before use
Acceptable use of AI tools
[Company name] · Version 1.0 · Owner: [name/role] · Next review: [date]
1. Why this policy exists
AI tools are useful and we encourage sensible use of them. This policy exists so that using them never puts client data, colleague data or the company at risk. It applies to everyone, on any device, wherever you're working.
2. Approved tools
Use the AI tools the company has approved and signed into — currently: [list your approved tools here, e.g. Microsoft 365 Copilot under the company account]. If a tool isn't on the list, ask before using it for work — the answer will often be yes once it's been checked.
3. What must never go into an AI tool
Never paste or upload: client names or client data; personal data about colleagues (HR, payroll, health); passwords or security details; financial records; anything covered by an NDA; anything you'd be uncomfortable seeing outside the company. If in doubt, treat it as confidential.
4. Free accounts and personal logins
Free, personal-account AI tools may use whatever you type to train their models. That's why work content only goes into company-approved tools on company accounts. Signing up for a new AI tool with your work email counts as using it for work — check first.
5. Check the output
AI output can be confidently wrong. Anything that leaves the company — quotes, advice, reports, code, contract text — gets checked by a person who understands it before it goes out. The sender remains responsible for what's sent, however it was drafted.
6. Personal data and UK GDPR
If a task involves personal data, the normal data protection rules apply exactly as they would without AI. If you're unsure whether something counts as personal data, ask [named person/role] before proceeding.
7. Questions and new ideas
Found a tool or use case that would genuinely help? Tell [named person/role] — the point of this policy is safe adoption, not prohibition. This policy is reviewed every [6/12] months, or sooner when the tools change materially.