AI Acceptable Use Policy

AI use in workplaces has outpaced the policy infrastructure. Most employees now use consumer AI tools (for drafting, summarising, research, and code generation), and most employers do not have a clear written position on what is permitted, what is prohibited, and what is done with the output.

What an acceptable use policy needs to cover

An acceptable use policy fills that gap. The policy needs to address: which tools are permitted (and which are not, often because of data protection or confidentiality concerns); what data can be entered into them (almost never personal data, frequently never confidential business data); what the human review obligation is on output; and how AI use should be disclosed (to clients, to regulators, internally).

Done well, the policy lets employees use AI confidently within sensible limits. When done badly, it either prohibits the most useful tools or fails to address the real risks.

This is a fast-moving area, but the basics are stable enough to draft now and revisit periodically.

Example: a typical scope and fixed fee

For a UK business with employees using AI tools at work, the typical scope looks like this.

What's included

• A consultation to understand your business, AI tool usage, and concerns
• Drafting of an AI acceptable use policy covering approved tools, prohibited uses, confidential and personal data handling, output review, intellectual property, and disclosure
• One round of revisions based on your feedback
• Final version ready to issue to employees

What's outside this scope

• AI governance frameworks or AI risk assessments (see AI Governance Starter Kit and AI Risk Workshop)
• EU AI Act compliance assessment (see EU AI Act Readiness Triage)
• Tax advice

Fixed fee: £495, no VAT.

How I will approach your matter

Once you have instructed me, I will arrange a consultation to understand your business, AI tool usage, and concerns before drafting a practical policy that lets employees use AI confidently within sensible limits.