AI Acceptable Use Policy for Employees — Template & Guide

What is an AI Acceptable Use Policy?

An AI Acceptable Use Policy (AUP) is a practical, employee-facing document that tells your team exactly what they can and cannot do with AI tools at work. Unlike a comprehensive AI governance framework (which is designed for leadership and compliance teams), an AUP is written in plain language for everyday employees.

Think of it as the difference between a full employment law manual and a simple employee handbook. The AUP is the handbook — clear, actionable, and designed to be read in 10 minutes.

Why a Separate AUP Matters

Many companies make the mistake of embedding AI rules into their broader IT policy or data privacy policy. The problem is that employees rarely read those documents, and even when they do, the AI-specific guidance gets lost in dozens of pages of general IT rules.

A standalone AI AUP:

• Can be distributed as a one-page or two-page reference
• Is easy to update as tools and rules change
• Serves as a training handout during AI workshops
• Creates clear accountability — employees cannot claim ignorance

AI Acceptable Use Policy Template

---

[COMPANY NAME] — AI Acceptable Use Policy

Effective date: [DATE] Applies to: All employees, contractors, and temporary staff Policy owner: [CTO / CISO / Head of Digital]

---

What This Policy Covers

This policy applies to your use of any artificial intelligence tool for work purposes, including but not limited to:

• ChatGPT, Claude, Gemini, Copilot, and other generative AI chatbots
• AI features built into Microsoft 365, Google Workspace, or other work applications
• AI-powered writing, design, coding, or analysis tools
• AI features in department-specific software (CRM, ERP, HRIS, etc.)

Approved AI Tools

You may only use AI tools that have been approved by [COMPANY]. Currently approved tools are:

Tool	What It Can Be Used For
[Tool 1]	[Approved use cases]
[Tool 2]	[Approved use cases]
[Tool 3]	[Approved use cases]

Important: Free or personal versions of AI tools (e.g. the free version of ChatGPT) are not approved for work use. Always use the enterprise/company account.

To request a new AI tool, contact [designated person/team].

What You CAN Do with AI

• Draft emails, reports, presentations, and other business documents
• Summarise meeting notes, articles, and internal documents
• Brainstorm ideas and create outlines
• Analyse data and create charts (using non-confidential data)
• Generate first drafts that you will review and edit
• Research publicly available information
• Translate documents between languages
• Debug and write code (using approved coding AI tools)

What You MUST NOT Do with AI

Data rules — never input these into any AI tool:

• Names, IC/NRIC numbers, passport numbers, or other personal identifiers
• Client names, account numbers, or contract details
• Salary, compensation, or financial data
• Medical or health information
• Passwords, access codes, or API keys
• Board papers, legal documents, or privileged communications
• Unreleased product information or trade secrets

Usage rules:

• Do not use AI to make final decisions about hiring, firing, promotions, or disciplinary actions without human review
• Do not present AI-generated content as your own original work in academic or professional certification contexts
• Do not use AI to generate content that is misleading, discriminatory, or harmful
• Do not use AI to access, process, or generate content that violates any law or company policy
• Do not bypass company-approved tools by using personal devices or accounts

Quality Check Requirements

Before using any AI output in your work:

1. Read it completely — Do not blindly copy and paste
2. Check facts — Verify any specific claims, statistics, or references against primary sources
3. Review for bias — Look for assumptions, stereotypes, or one-sided perspectives
4. Check for hallucinations — AI can fabricate names, dates, legal citations, and URLs that do not exist
5. Edit for tone and accuracy — Ensure the output matches your company's voice and is appropriate for the audience
6. Apply professional judgment — If the output does not feel right, it probably is not

When to Disclose AI Use

Situation	Disclosure Required?
Internal emails and notes	No
Internal reports and presentations	No, but recommended for transparency
Client deliverables	Yes — inform the client or follow client-specific AI policies
Regulatory filings or submissions	Yes — must be reviewed by compliance team
Published content (blog, social media)	Follow [COMPANY]'s content policy
Recruitment and HR decisions	Yes — document AI involvement

What to Do If Something Goes Wrong

If you accidentally input restricted data, encounter a concerning AI output, or are unsure about an AI use case:

1. Stop — Do not continue using the output
2. Report — Contact [designated person/email] immediately
3. Document — Note what happened, which tool was used, and what data was involved
4. Do not delete — Preserve the conversation/output for review

Reporting incidents promptly is essential and will not result in disciplinary action for good-faith mistakes.

Your Responsibilities

By using AI tools at [COMPANY], you agree to:

• Follow this policy in all AI-related activities
• Complete required AI training sessions
• Report incidents and concerns promptly
• Stay informed about policy updates
• Use professional judgment at all times

---

How to Roll Out This AUP

Step 1: Customise for Your Company

Fill in the approved tools table, designate the policy owner and incident contact, and adjust the disclosure requirements to match your business context.

Step 2: Keep It Short

The AUP should be no more than 2-3 pages. If it is longer, employees will not read it. Move detailed technical and legal content to a separate governance document.

Step 3: Make It Accessible

Post the AUP on your intranet, include it in onboarding materials, and distribute printed copies during AI training sessions.

Step 4: Train, Don't Just Distribute

An email attachment is not sufficient. Walk employees through the policy in a 30-minute session, with real examples of do's and don'ts.

Step 5: Enforce Consistently

The policy only works if it is enforced. Address violations promptly and consistently, while encouraging good-faith incident reporting.

Differences Between an AI Policy and an AI AUP

AI Policy (Governance Document)	AI AUP (Employee Document)
Comprehensive, 10-20+ pages	Concise, 2-3 pages
Covers strategy, risk, compliance	Covers daily dos and don'ts
Audience: leadership, legal, compliance	Audience: all employees
Updated quarterly	Updated as tools/rules change
References regulations in detail	References regulations simply

Most companies need both. The AI policy is the governance foundation; the AI AUP is the practical employee guide derived from it.

Related Reading

• AI Policy Template — Comprehensive AI governance policy for your organisation
• ChatGPT Data Leakage Prevention — Technical controls to complement your usage policy
• AI Vendor Approval Checklist — Evaluate and approve AI tools before employees use them