Ready to customize and distribute — designed for Arizona SMBs
Unlock full access
ARTIFICIAL INTELLIGENCE ACCEPTABLE USE POLICY
Company: [COMPANY NAME]
Effective Date: [DATE]
Last Reviewed: [DATE]
Policy Owner: [IT DIRECTOR / OPERATIONS MANAGER / CEO]
1. Purpose
This policy establishes guidelines for the use of artificial intelligence (AI) tools by employees of [COMPANY NAME] in the conduct of company business. The purpose of this policy is to enable productive AI use while protecting company data, client information, and compliance obligations.
[COMPANY NAME] recognizes that AI tools can deliver significant productivity benefits and supports their appropriate use. This policy is not intended to restrict AI use — it is intended to ensure that AI is used in ways that protect our clients, our employees, and our business.
2. Scope
This policy applies to all employees, contractors, consultants, and temporary workers of [COMPANY NAME] who use AI tools in the performance of company business, on company equipment or personal devices when performing company work.
3. Approved AI Tools
The following AI tools are approved for business use at [COMPANY NAME]:
Tool Name | Approved Use Cases | Data Restrictions | BAA / DPA in Place? |
[e.g., Microsoft 365 Copilot] | [e.g., Document drafting, email summarization, data analysis] | [e.g., No client names without review] | [YES / NO / N/A] |
[e.g., ChatGPT Enterprise] | [e.g., Writing assistance, research, brainstorming] | [e.g., Green and Yellow data only] | [YES / NO / N/A] |
[e.g., Otter.ai Business] | [e.g., Internal meeting transcription] | [e.g., No client meetings without consent] | [YES / NO / N/A] |
[ADD TOOL] | [USE CASES] | [RESTRICTIONS] | [YES / NO / N/A] |
Use of AI tools not listed above for any business purpose is prohibited without prior written approval from [IT MANAGER / POLICY OWNER]. Submit requests to [EMAIL / TICKETING SYSTEM].
4. Data Classification Rules
All company data is classified into three tiers. These tiers determine what may and may not be submitted to AI tools.
Tier | Examples | AI Tool Permitted? |
GREEN — Public / General | Publicly available information, generic industry content, anonymized data, general process documentation | Approved tools: YES |
YELLOW — Internal | Internal memos, non-client business data, strategy documents, operational procedures | Approved enterprise tools only, with judgment |
RED — Restricted | Client names and data, patient/health information, financial account details, personnel records, legal materials, SSNs, credentials, proprietary code or formulas | NO AI tools without explicit IT + [LEGAL/COMPLIANCE] review |
When in doubt, treat data as RED. Ask before submitting, not after.
5. Output Verification Requirements
AI tools produce plausible output that may be incorrect. Employees must verify AI-generated content appropriate to the stakes of the use case.
Risk Level | Examples | Verification Required |
LOW | Internal drafts, formatting, scheduling, general research | Review for obvious errors before use |
MEDIUM | Client communications, proposals, marketing content, social media | Human review; verify any specific facts or figures before sending |
HIGH | Legal documents, financial advice, medical documentation, regulatory filings, contracts | Treat as draft only; independently verify all factual claims; document verification |
AUTOMATED DECISIONS | AI making decisions without human review (hiring screens, credit decisions, etc.) | Requires IT + [LEGAL] review before deployment; prohibited without approval |
6. Prohibited Uses
The following uses of AI are prohibited regardless of tool or context:
1. Submitting RED-tier data to any AI tool without explicit approval.
2. Using consumer AI tools (non-enterprise versions) for any task involving client, patient, or employee data.
3. Generating content that impersonates a real, named individual without explicit disclosure.
4. Using AI to make or substantially influence employment decisions (hiring, termination, performance) without human review and [HR / Legal] involvement.
5. Using AI to generate legal advice, medical advice, or financial advice delivered to clients as authoritative.
6. Submitting another company’s confidential information to any AI tool.
7. Attempting to circumvent AI tool safety measures or data protections.
8. Using personal AI accounts for business tasks that involve company data.
7. How to Request Approval for a New AI Tool
Employees who wish to use an AI tool not on the approved list must submit a request before use. Requests should include:
• Tool name and vendor
• Proposed use case(s)
• Link to the tool’s privacy policy and data handling documentation
• Whether an enterprise/business version is available
Submit requests to: [EMAIL / TICKETING SYSTEM]. Requests will be reviewed within [5] business days. Approval, denial, or conditional approval will be communicated in writing.
8. Security Requirements
When using approved AI tools, employees must:
□ ☐ Use only company accounts or accounts created with company email for AI tools.
□ ☐ Enable multi-factor authentication on all AI tool accounts where available.
□ ☐ Log out of AI tools on shared or non-company devices when finished.
□ ☐ Report any suspected data incident involving an AI tool to [IT CONTACT] immediately.
□ ☐ Not share AI tool credentials with other employees — each user maintains their own account.
9. AI-Generated Content Disclosure
[COMPANY NAME]’s policy on disclosure of AI use in client work products: [SELECT ONE AND DELETE OTHERS]
• Option A: We do not use AI to generate client deliverables without disclosure. Employees must disclose AI assistance in all client-facing work products.
• Option B: AI may be used as a productivity tool without specific disclosure, provided that all AI-generated content is reviewed and verified by a qualified human professional before delivery to clients.
• Option C: Disclosure requirements vary by client engagement. Follow the disclosure terms in each engagement agreement.
10. Violations
Violations of this policy may result in disciplinary action up to and including termination of employment, and may create legal liability for the company. Employees who discover a potential policy violation should report it to [IT / HR / MANAGER] promptly.
11. Policy Review
This policy will be reviewed and updated at minimum annually, and more frequently as the AI landscape evolves. The most current version will be maintained at [LOCATION / INTRANET / POLICY PORTAL].
Questions about this policy: [CONTACT NAME / EMAIL]
Employee Acknowledgment
I have read, understood, and agree to comply with [COMPANY NAME]’s Artificial Intelligence Acceptable Use Policy.
Employee Name |
|
Employee Signature |
|
Job Title |
|
Date |
|
Manager Name |
|
This template is provided by AEGITz as a starting point. Review with qualified legal counsel before distribution, particularly if your business operates in a regulated industry (healthcare, legal, financial services). AEGITz can assist with AI governance implementation through our FLOW service. aegitz.com
