Key facts
- Format: editable DOCX, ready to brand and adapt.
- Covers approved generative AI tools, prohibited data and uses, human review and IP.
- Complements the broader AI acceptable use policy with generative-AI-specific detail.
- Designed to be signed off by leadership and acknowledged by staff.
- Free to download — no sign-up required.
What is the generative AI policy template?
It is a ready-to-edit Word document focused specifically on generative AI — tools that create text, images, audio, video or code — covering what is approved, what must never be input, when a human must review output before it is used, and how intellectual property and disclosure are handled.
Who is it for?
Organisations that already have a broad AI acceptable use policy but want specific, practical rules for generative AI tools, which raise particular questions around IP ownership, hallucination risk and disclosure that general AI policies do not always cover.
What the template covers
Approved tools. Which generative AI tools are sanctioned and how to request new ones.
Prohibited data. Personal, confidential or regulated data that must never be entered into a public generative AI tool.
Human review. Requiring a qualified person to check generative AI output before it is relied on or published externally.
IP and disclosure. Ownership of generative AI output and when its use must be disclosed to clients or the public.
How to use it
Adapt the bracketed sections to your organisation, get sign-off, and have staff formally acknowledge it alongside your broader acceptable use policy. Review at least annually and whenever your approved-tools list changes.
Frequently asked questions
What should a generative AI policy cover?
Approved tools, data that must never be input, review and oversight, IP, disclosure and consequences.
What is the difference between an AI policy and a governance framework?
A policy states rules; a framework is the whole system that implements and enforces them.
Should employees acknowledge the AI policy?
Yes — recorded acknowledgement supports enforcement and evidences governance.
What data should never be entered into public AI tools?
Personal, confidential, regulated or IP-sensitive data, unless an approved, contracted tool is being used.
Do we need separate policies for different AI uses?
A core policy plus annexes or standards for high-risk or specialised uses, like generative AI, works well.
Related pages
Sources
Last updated 19 June 2026.