Is this legal advice?

No. This builder produces a structured starting template, not legal advice. Every organisation's obligations differ by jurisdiction and industry, so have your legal or compliance team review and adapt the output before adopting it.

What does the policy cover?

It assembles sections on purpose and scope, approved tools, permitted and prohibited uses, data handling and confidentiality, human review and accountability, security requirements, and consequences of misuse — adjusted to the inputs you provide.

Why does data sensitivity change the output?

Higher data sensitivity (health, financial, or personal data) tightens the rules — for example prohibiting pasting customer data into third-party tools and requiring approved enterprise endpoints with data-processing agreements. A low-sensitivity profile gets a lighter-touch policy.

Is anything I enter stored?

No. The policy is generated entirely in your browser from your inputs. Nothing about your company, data, or tools is uploaded or saved on a server.

AI Usage Policy Template Builder

AI usage policy template builder

Employees are already using AI at work whether or not there is a policy — the only question is whether the rules are written down. This builder turns a few facts about your organisation into a structured acceptable-use policy that names what is allowed, what is forbidden, how to handle data, and who is accountable. It is a starting template you adapt, not a finished legal document.

How it works

You provide your industry, company size, the types of data employees handle, and your approved tools and overall posture (open, guarded, or restricted). The builder selects and tailors policy sections accordingly: a health or financial organisation handling sensitive personal data gets stricter data-handling clauses and a requirement for enterprise endpoints with data processing agreements, while a low-sensitivity profile gets a lighter framework. The output is plain editable text with bracketed placeholders for your specifics, which you copy and refine.

Tips and notes

Treat the output as a first draft for your legal and compliance teams, not a publish-ready document — obligations vary by jurisdiction (GDPR, CCPA, sector rules) and the template cannot know yours. The most important clauses to get right are data handling (never paste regulated data into consumer tools without a DPA), human review (a person owns every AI-assisted decision), and disclosure (when AI output ships to customers). Pair the policy with the AI risk assessment tool to identify the specific risks your deployments introduce, and revisit the policy whenever you approve a new tool or enter a new market.