← Back to AI Acceptable Use Policy Template
Free preview: AI Acceptable Use Policy
These are the genuine opening sections of one document from the AI Acceptable Use Policy Template (1 documents total). The amber [placeholders] are what you customize — everything else is ready to use.
AI Acceptable Use Policy
Purpose. This policy gives every member of the [Company Name] workforce clear, practical rules for using AI tools at work. It defines which tools may be used, what information must never be entered into an AI tool, how AI outputs must be verified before they are relied on, when AI involvement must be disclosed, and how to report unapproved (shadow) AI use. Following these rules protects customers, colleagues, and the organization from data leakage, inaccurate work products, and regulatory exposure, and supports the workforce AI literacy expectations of EU AI Act Article 4.
General Rules
AI tools can draft, summarize, translate, analyze, and suggest, but they can also be confidently wrong, leak whatever you type into them, and reproduce bias. The rules below exist so that AI speeds up your work without putting [Company Name], its customers, or your colleagues at risk. This policy implements the AI Governance Policy at the individual-user level; if you are unsure whether something is allowed, ask the [Role, e.g. AI Governance Lead] before doing it.
- You must use only AI tools listed as approved on the approved tools register described in this policy, and only for the purposes and data categories stated in the register.
- You remain personally responsible for any work product you submit, send, or publish, regardless of whether AI helped create it.
- You must complete the AI literacy training required by the AI Governance Policy before using AI tools for business purposes, and at least annually thereafter.
- You must never use AI tools to make a final decision about a person (for example hiring, discipline, credit, or eligibility); such uses require the safeguards in the Human Oversight and Accountability Standard and specific approval under the AI Governance Policy.
Approved Tools and the Tools Register
The [Role, e.g. AI Governance Lead] maintains the approved tools register at [location, e.g. intranet page or shared drive path] and must update it within [5] business days of any approval decision made under the AI Governance Policy. Every tool on the register carries one of the statuses below. A tool that does not appear on the register is not approved.
Prohibited Inputs
Treat anything you type, paste, upload, or dictate into an AI tool as potentially leaving the organization's control. Unless the approved tools register explicitly permits a data category for a specific tool, you must never enter the following into any AI tool:
- Personal data about customers, employees, or any identifiable person, including names combined with contact details, identification numbers, photos, or voice recordings; see the AI Data Governance and Privacy Policy for the full data category definitions.
- Authentication material of any kind: passwords, API keys, access tokens, MFA codes, or security question answers.
- Confidential business information, including unreleased financials, pricing strategy, M&A plans, customer lists, and anything received from a customer or partner under a nondisclosure agreement.
- Payment card data, bank account details, and government-issued identifiers such as Social Security numbers.
- Health information about any identifiable person.
- Proprietary source code, system configurations, or network details, unless the register entry for the tool explicitly permits code and the repository owner has approved.
Verifying AI Outputs
AI tools generate plausible text, numbers, citations, and code that can be wrong. Before relying on or distributing AI output, you must complete the following verification steps. For decision-affecting outputs, the review depth and reviewer qualifications in the Human Oversight and Accountability Standard apply in addition to this section.
— Preview ends. The full document continues with 0 more documents in the toolkit. —
More free previews
See real opening sections from our other compliance toolkits before you buy:
- AI Governance Policy Pack — free preview
- ISO 27001 + SOC 2 Dual Toolkit — free preview
- GDPR Compliance Pack for Small Business — free preview
- HIPAA Compliance Toolkit — Dental Practices — free preview
- HIPAA Compliance Toolkit — Medical Practices — free preview
- HIPAA Compliance Toolkit — Mental Health Practices — free preview
- ISO 27001 Policy Pack — Core — free preview
- ISO 27001 Toolkit for E-commerce — free preview
- ISO 27001 Complete Toolkit — free preview
- ISO 27001 Toolkit for Law Firms — free preview
- ISO 27001 Toolkit for MSPs — free preview
- ISO 27001 Toolkit for SaaS Companies — free preview
- ISO 42001 AI Management System Toolkit — free preview
- NIST CSF 2.0 Complete Toolkit — free preview
- SOC 2 Policy Pack — Core — free preview
- SOC 2 Complete Toolkit — free preview
- Startup Trust Pack — SOC 2 Core + AI Governance — free preview
- WISP Toolkit for Tax Professionals — free preview
- Access Control Policy Template — free preview
- Acceptable Use Policy Template — free preview
- GDPR Privacy Notice Template — free preview
- HIPAA Privacy Policy Template — free preview
- Incident Response Plan Template — free preview
- Information Security Policy Template — free preview
