A ready-to-edit acceptable use policy that governs how employees use generative AI tools at work. Covers approved tools, prohibited data, human review, disclosure, and IP ownership.
Who needs this
Any small business whose employees have started using ChatGPT, Microsoft Copilot, Google Gemini, or similar tools — with or without permission. If you don't have a written policy, your team is already making up their own rules, and confidential data may be going into public models right now.
What's inside
- Scope and definitions (what counts as an AI tool)
- A list of approved vs. prohibited tools you fill in
- Rules for what data may never be entered into AI tools
- Mandatory human-review and accuracy-verification duties
- Client and public disclosure requirements
- Intellectual property and confidentiality terms
- An employee acknowledgment and signature block
Preview
Artificial Intelligence Acceptable Use Policy
Effective date: [DATE] · Version 1.0 · Owner: [POLICY OWNER / ROLE]
1. Scope and Definitions
"AI Tool" means any software that generates text, code, images, audio, or other output from a prompt, including but not limited to ChatGPT, Microsoft Copilot, Google Gemini, Claude, and any tool built on top of a large language model.
"Confidential Information" means any non-public information belonging to the Company, its clients, or its employees, including financial records, client lists, contracts, personal data, credentials, source code, and trade secrets.
This Policy applies whether the AI Tool is accessed on a Company device or a personal device, and whether or not the Company pays for the tool.
2. Approved and Prohibited Tools
Employees may only use AI Tools that appear on the Approved Tools list below. Using any AI Tool not on this list for Company work requires written approval from the Policy Owner.
Approved Tools (complete for your business):
| Tool | Approved uses | Account type required |
|---|---|---|
| [e.g. ChatGPT Team] | [e.g. drafting, research, summarizing non-confidential text] | [e.g. Company-paid business account] |
| [e.g. Microsoft Copilot] | [e.g. document drafting inside Microsoft 365] | [e.g. Company license] |
The full template continues with 8 sections. Grab the editable Word file using the form, then customize the bracketed [PLACEHOLDERS] for your business.
How to use it
- Download the editable Word file and add your company name and effective date.
- Fill in the Approved Tools and Prohibited Tools tables for your business.
- Adjust the prohibited-data list to match your industry (add PHI for healthcare, cardholder data for retail, etc.).
- Circulate to your team, collect signed acknowledgments, and review every 6–12 months.
Frequently asked questions
- If anyone on your team uses ChatGPT, Copilot, or a similar tool, yes. Without a written policy, employees decide for themselves what data is safe to paste into a public model — and confidential client information is the most common thing that ends up there. A one-page policy is the cheapest risk control you can put in place.
- It becomes an enforceable internal policy once you adapt it to your business, adopt it formally, and have employees acknowledge it in writing. Because employment and data-protection law varies by location, have counsel review it before you roll it out. This template is a starting point, not legal advice.
- This acceptable use policy covers all AI tools and focuses on the rules of use — approved tools, banned data, review duties. Our separate generative AI policy template goes deeper on content generation specifically (image, code, and customer-facing text). Many businesses adopt both.
- Review it at least once a year, and any time you approve a new AI tool or your industry's regulations change. The approved-tools list in particular tends to need updating every few months as the market moves.
This template is provided by Layer3 Labs for general informational purposes only and does not constitute legal advice. Laws and regulations vary by jurisdiction and industry. Have this policy reviewed by qualified legal counsel before adopting it.