Clear rules for AI use. Before problems arise.
A practical AI acceptable use policy tells your staff exactly which tools they can use, what data they can share, and when they need a human to review the output. We write policies that staff actually follow.
Every aspect of acceptable AI use, documented.
A complete acceptable use policy covers approved tools, data restrictions, output review requirements, prohibited uses, and individual accountability.
Approved AI Tool Register
A curated list of AI tools your organisation has assessed and approved for use, with clear guidance on which teams can use each tool and for what purposes.
Data Input Restrictions
Clear rules on what categories of data staff may and may not input into AI tools, including personal data, client information, commercially sensitive content, and regulated data.
Output Review Requirements
Defined standards for when AI-generated outputs must be reviewed by a human before use, including client-facing content, legal documents, and financial calculations.
Prohibited Use Cases
Explicit list of use cases where AI tools must not be used, including automated decision-making affecting individuals, processing of special category data, and regulated advice.
Individual Accountability
Clear statement of individual responsibility for AI tool use, including the obligation to verify outputs, maintain professional standards, and report concerns or incidents.
Policy Review and Update Process
A defined schedule and process for reviewing the acceptable use policy as new AI tools emerge, regulations change, and your organisation's AI usage evolves.
From tool inventory to approved policy.
AI Tool Inventory
We catalogue every AI tool in use across your organisation, including free consumer tools, browser extensions, and AI features embedded in existing software.
Risk Classification
Each tool and use case is assessed for data exposure risk, regulatory implications, and the potential for harm if outputs are used without adequate review.
Policy Drafting
We draft the acceptable use policy in plain language, structured so staff can find the guidance they need quickly without reading the entire document.
Stakeholder Review
The draft policy is reviewed with HR, legal, and senior leadership. We incorporate feedback and resolve any conflicts with existing policies.
Approval and Sign-Off
The finalised policy is presented for board or senior leadership approval, with a clear record of who approved it and when.
Communication and Rollout
We support the rollout with a staff communication plan, manager briefing pack, and a summary version staff can reference in day-to-day work.
AI policies protecting UK businesses.
Regional Law Firm
A 60-person law firm had solicitors using ChatGPT for research and drafting with no policy in place. The SRA had begun issuing guidance on AI use in legal practice.
Acceptable use policy drafted and approved within two weeks. Clear rules on client data, draft review requirements, and prohibited uses. SRA compliance maintained with documented governance.
Local Authority
A local authority needed a policy covering AI tool use by 800 staff across multiple departments, each with different data handling requirements and regulatory obligations.
Tiered acceptable use policy produced with department-specific annexes. Approved by legal and HR. Rolled out to all staff with a plain-language summary and manager briefing pack.
FCA-Regulated Firm
A financial services firm needed to demonstrate to the FCA that AI tools used in client-facing processes had appropriate governance and that staff understood the boundaries of acceptable use.
Policy produced with specific guidance for regulated activities. FCA audit passed. Firm now has a documented process for assessing and approving new AI tools before staff adoption.
Ready to put an AI policy in place?
Book a free AI governance review. We will assess your current AI tool usage, identify the highest-risk gaps, and give you a clear picture of what your acceptable use policy needs to cover.