← Back to AI Governance Policy Pack
Free preview: AI Governance Policy
These are the genuine opening sections of one document from the AI Governance Policy Pack (10 documents total). The amber [placeholders] are what you customize — everything else is ready to use.
AI Governance Policy
Purpose. This policy establishes the governance framework under which [Company Name] adopts, approves, and oversees artificial intelligence (AI) tools and services. It defines accountable roles, a mandatory approval workflow for new AI uses, an organization-wide AI inventory requirement, and a recurring review cadence so that AI delivers business value without creating unmanaged legal, security, privacy, or reputational risk. The policy aligns the organization's practices with the deployer obligations of the EU AI Act, including the AI literacy requirement in Article 4, and with the GOVERN function of the NIST AI Risk Management Framework.
Policy Statement
[Company Name] permits the use of AI tools and AI-enabled features only when the specific use has been approved through the workflow defined in this policy, recorded in the AI system inventory, and assessed for risk in accordance with the AI Risk Assessment Procedure. AI must support, not replace, accountable human judgment: a named individual remains responsible for every business decision and every work product, regardless of whether AI contributed to it.
This policy is the parent document of the organization's AI governance documentation set. Day-to-day rules for individual users are defined in the AI Acceptable Use Policy; technical and procedural detail is delegated to the procedures and standards listed in the Related Documents section. Where this policy conflicts with a subordinate document, this policy prevails.
Governance Principles
All AI adoption decisions at [Company Name] must be made consistent with the following principles. Approvers must be able to demonstrate, in writing, how a proposed AI use satisfies each principle.
Roles and Responsibilities
The following roles are mandatory. One person may hold more than one role in a small organization, except that the [Role, e.g. Owner or Managing Partner] may not also act as the [Role, e.g. AI Governance Lead] for the same approval decision. Role assignments must be documented by name and reviewed at least annually by the [Role, e.g. Owner or Managing Partner].
Approval Workflow for New AI Uses
No new AI tool, AI-enabled feature, or materially new use of an already-approved tool may be placed into business use before completing the following workflow. A 'materially new use' includes a new data category, a new user population, a new decision the tool influences, or use of a previously disabled AI feature in existing software.
— Preview ends. The full document continues with 9 more documents in the toolkit. —
More free previews
See real opening sections from our other compliance toolkits before you buy:
- ISO 27001 + SOC 2 Dual Toolkit — free preview
- GDPR Compliance Pack for Small Business — free preview
- HIPAA Compliance Toolkit — Dental Practices — free preview
- HIPAA Compliance Toolkit — Medical Practices — free preview
- HIPAA Compliance Toolkit — Mental Health Practices — free preview
- ISO 27001 Policy Pack — Core — free preview
- ISO 27001 Toolkit for E-commerce — free preview
- ISO 27001 Complete Toolkit — free preview
- ISO 27001 Toolkit for Law Firms — free preview
- ISO 27001 Toolkit for MSPs — free preview
- ISO 27001 Toolkit for SaaS Companies — free preview
- ISO 42001 AI Management System Toolkit — free preview
- NIST CSF 2.0 Complete Toolkit — free preview
- SOC 2 Policy Pack — Core — free preview
- SOC 2 Complete Toolkit — free preview
- Startup Trust Pack — SOC 2 + AI Governance — free preview
- WISP Toolkit for Tax Professionals — free preview