Human2Human

Skip to content
Human2Human

Governance

Your internal AI policy: guardrails for everyday work

Banning AI doesn't work - people use it anyway. A one-page policy that tells your team what's allowed, what's off-limits, and how to stay safe.

· Adrian Stavljenić· 6 min

Your employees are already using AI. The only question is whether they're doing it with guidance or in the dark. A clear policy turns shadow AI into safe, productive AI.

Why "no AI" fails

A blanket ban pushes usage onto personal accounts and personal devices, where you have zero visibility and zero control. The data still leaves; you just stop seeing it. Policy beats prohibition.

What a good policy covers

  1. Approved tools - which AI tools are sanctioned, and for what.
  2. Data rules - what may never be pasted into a public AI tool (customer data, secrets, source code, personal data).
  3. Human review - what always needs a human check before it ships or goes external.
  4. Disclosure - when AI-generated content must be labeled (per the EU AI Act and customer expectations).
  5. Accountability - the person using AI owns the output, mistakes included.

Keep it to one page

A policy nobody reads protects nobody. One page, plain language, concrete examples. Pair it with a short training so people understand the why, not just the rules.

Review it quarterly

Tools change monthly. Set a quarterly review so the policy keeps pace with new capabilities and new risks - especially as EU AI Act obligations phase in.

What we do

We help teams write a practical AI policy and train everyone on it - so the rules live in daily work, not in a forgotten document.

If you'd like help drafting yours, get in touch.

Let's talk about your AI project

We're here for you