AI Acceptable Use Policy

[Company Name] supports the use of AI tools for work where it helps people do their job better. But unmanaged AI use creates real risk: confidential data leaking into third-party models, AI-generated answers used without checking, and AI tools quietly becoming business-critical with no oversight.

• Use the approved AI tools listed below.
• Use them for brainstorming, drafting, summarising, learning, debugging your own thinking.
• Use them to draft customer-facing material — but always review and edit before sending.

• Paste customer data, payroll, contract data, source code, passwords, or anything you wouldn't email a competitor into any AI tool not on the approved list.
• Use AI to write code that touches production data unless a named person reviews it before deployment.
• Use AI-generated answers as final without checking them.
• Sign up to a new AI tool with your work email without asking — even a free one.
• Use personal-account AI tools for work.

• [Tool 1, e.g. Microsoft Copilot] — for general drafting and summarising.
• [Tool 2, e.g. Claude Teams] — for [use case].

These have a contractual commitment not to train models on our inputs.

• Free / consumer-tier AI tools where training-on-input is the default.
• AI tools without a UK or EU data-processing agreement.
• Anything you signed up to with a personal email.

AI tools that can take actions on your behalf (read your inbox, send emails, transact, run code) are treated as privileged accounts. They must be approved by [Named Manager] and added to the tools register. Treat them like a junior employee with no probation.

Tell [Named Manager]. We're building a list so we know what AI is and isn't safely doing in this business.

Reviewed every 6 months — AI moves quickly. Last reviewed: [date].