Key facts

  • Format: editable DOCX, ready to brand and adapt.
  • Covers approved tools, prohibited data and uses, oversight and consequences.
  • Written to be signed off by leadership and acknowledged by staff.
  • Designed to sit alongside a broader AI governance framework, not replace it.
  • Free to download — pairs with the AI policies guide.

What is the AI acceptable use policy template?

It is a ready-to-edit Word document setting out the rules for how staff may and may not use AI tools at work: which tools are approved, what data must never be entered into a public AI tool, what oversight applies, and what happens if the policy is breached. Most organisations need this before they need anything more sophisticated.

📥 Download the Editable AI Acceptable Use Policy (DOCX)

Who is it for?

Any organisation that doesn't yet have a written AI policy, or whose existing IT/security policy hasn't been updated to cover AI-specific risks such as data provenance and human oversight.

What the template covers

Scope and approved tools. Which AI tools are sanctioned for use, and how staff request new ones.

Prohibited data and uses. Personal, confidential, regulated or IP-sensitive data that must never be entered into a public AI tool.

Oversight. Who reviews AI-assisted work, and where human sign-off is required.

IP and disclosure. Ownership of AI-assisted output and when AI use must be disclosed.

Enforcement. Consequences for breach, and how the policy is acknowledged and reviewed.

How to use it

Adapt the bracketed sections to your organisation, get executive or board sign-off, and have every employee formally acknowledge it — a recorded acknowledgement matters for enforcement and for evidencing governance. Review at least annually and whenever your approved-tools list changes. This policy pairs well with the broader AI governance framework and your AI literacy programme.

Frequently asked questions

What is an AI acceptable use policy (AUP)?

Rules for how staff may and may not use AI tools, including approved tools and data limits.

How do you write an AI acceptable use policy?

Define scope, approved tools, prohibited uses, data rules, oversight, and review and enforcement — this template gives you a starting structure for each.

Who should sign off the AI policy?

Executive or board endorsement, with input from legal, security and HR.

How often should AI policies be reviewed?

At least annually, and whenever tools, risks or regulations change.

Should employees acknowledge the AI policy?

Yes — a recorded acknowledgement supports enforcement and evidences governance.

What data should never be entered into public AI tools?

Personal, confidential, regulated or IP-sensitive data, unless an approved, contracted tool is being used.

Should the AI policy name approved tools?

Yes — an approved-tools list reduces shadow AI and makes clear what staff are and aren't allowed to use.

Related pages

Sources

Last updated 19 June 2026.