Why Your Company Needs a ChatGPT Policy
If your employees are using ChatGPT at work — and surveys show that 60-70% of knowledge workers in Southeast Asia already are — you need a formal policy. Without one, you face:
- Data privacy risks — Employees may input sensitive customer or company data
- Quality risks — Unreviewed AI outputs may contain errors or hallucinations
- Reputational risks — AI-generated content may not align with your brand voice
- Legal risks — AI use in regulated industries may have compliance implications
- Consistency risks — Different teams using AI differently, with varying quality standards
A clear policy sets expectations, reduces risk, and empowers employees to use AI confidently.
ChatGPT Company Policy Template
1. Purpose and Scope
This policy governs the use of generative AI tools (including ChatGPT, Claude, Gemini, Copilot, and similar platforms) by all employees, contractors, and temporary staff of [Company Name].
The purpose of this policy is to:
- Enable productive use of AI tools for business purposes
- Protect company and customer data
- Ensure the quality and accuracy of AI-assisted work
- Maintain compliance with applicable laws and regulations
2. Approved AI Tools
The following AI tools are approved for business use:
| Tool | Approved Plan | Approved For |
|---|
| [ChatGPT] | [Enterprise/Team] | [All departments] |
| [Microsoft Copilot] | [M365 Copilot] | [All M365 users] |
| [Claude] | [Team/Enterprise] | [Specified teams] |
Important: Only approved tools and subscription plans may be used. Free or personal accounts must not be used for work tasks due to data handling differences.
3. Approved Use Cases
AI tools may be used for:
General (All Employees)
- Drafting emails, reports, and presentations
- Summarising documents and meeting notes
- Research and information gathering
- Brainstorming and ideation
- Language translation and proofreading
- Creating first drafts of internal documents
Department-Specific (With Training)
- HR: Job descriptions, interview questions, policy drafts (with anonymised data)
- Sales: Prospect research, proposal drafts, communication templates
- Marketing: Content drafts, campaign ideas, social media copy
- Finance: Report narratives, process documentation, analysis frameworks
- Operations: SOPs, vendor communications, process documentation
4. Prohibited Activities
The following are strictly prohibited:
- Inputting personal data (NRIC, addresses, phone numbers, salary data)
- Inputting confidential customer information
- Inputting trade secrets, proprietary algorithms, or source code
- Using AI for final decision-making on hiring, firing, or promotions
- Submitting AI-generated content externally without human review
- Using AI to generate legal advice, medical advice, or regulatory guidance without professional review
- Claiming AI-generated work as entirely original without appropriate context
- Using personal AI accounts for work purposes
5. Data Handling Requirements
Before using any data with AI tools:
-
Classify the data:
- Public — Can be freely used (published information, general industry data)
- Internal — May be used with approved enterprise AI tools only
- Confidential — Must be anonymised before use; remove names, account numbers, and identifying details
- Restricted — Must NEVER be entered into any AI tool (PII, financial records, medical data, legal privileged information)
-
Anonymise when necessary:
- Replace real names with [Person A], [Person B]
- Replace company names with [Company X]
- Replace specific financial figures with approximate ranges
- Remove dates and locations that could identify individuals
6. Quality Assurance Requirements
All AI-assisted work must undergo human review before use:
| Output Type | Review Level | Reviewer |
|---|
| Internal emails | Self-review | Author |
| Internal reports | Peer review | Colleague |
| External communications | Manager review | Direct manager |
| Customer-facing documents | Department head | Head of department |
| Legal/regulatory documents | Expert review | Legal counsel |
| Financial statements | Double review | Finance manager + auditor |
7. Disclosure Requirements
- Internal use: Disclosure not required for routine tasks (emails, summaries)
- External publications: Must note when AI was used in content creation
- Client deliverables: Disclose AI assistance if contractually required
- Regulatory submissions: Always disclose AI involvement
8. Employee Responsibilities
All employees using AI tools must:
- Complete the company's AI training programme before using AI for work
- Follow this policy and the data classification guidelines
- Review all AI outputs for accuracy before sharing
- Report any incidents (data breaches, significant errors) to IT/compliance
- Stay updated on policy changes and new guidelines
9. Manager Responsibilities
Managers must:
- Ensure team members complete AI training
- Monitor AI use within their teams
- Address misuse promptly and constructively
- Share best practices and successful use cases
- Report concerns to the AI governance committee
10. Incident Reporting
Report the following to [IT Security/Compliance team] immediately:
- Accidental input of restricted data into AI tools
- Discovery of AI-generated errors in published or shared content
- Suspected misuse of AI tools by colleagues
- Any AI-related complaint from customers or external parties
11. Consequences of Non-Compliance
Violations of this policy may result in:
- Verbal or written warning
- Temporary suspension of AI tool access
- Disciplinary action as per the Employee Handbook
- Termination in cases of gross negligence or repeated violations
12. Policy Review
This policy will be reviewed and updated quarterly by the [AI Governance Committee/IT Department/HR].
Last updated: [Date]
Next review: [Date + 3 months]
How to Implement This Policy
- Customise the template for your company (replace bracketed items)
- Review with legal counsel, IT, and HR
- Communicate to all employees via email and town hall
- Train all employees on the policy (include in AI training programme)
- Enforce consistently and update as AI capabilities evolve
Related Reading
