Governance
Your internal AI policy: guardrails for everyday work
Banning AI doesn't work - people use it anyway. A one-page policy that tells your team what's allowed, what's off-limits, and how to stay safe.
Your employees are already using AI. The only question is whether they're doing it with guidance or in the dark. A clear policy turns shadow AI into safe, productive AI.
Why "no AI" fails
A blanket ban pushes usage onto personal accounts and personal devices, where you have zero visibility and zero control. The data still leaves; you just stop seeing it. Policy beats prohibition.
What a good policy covers
- Approved tools - which AI tools are sanctioned, and for what.
- Data rules - what may never be pasted into a public AI tool (customer data, secrets, source code, personal data).
- Human review - what always needs a human check before it ships or goes external.
- Disclosure - when AI-generated content must be labeled (per the EU AI Act and customer expectations).
- Accountability - the person using AI owns the output, mistakes included.
Keep it to one page
A policy nobody reads protects nobody. One page, plain language, concrete examples. Pair it with a short training so people understand the why, not just the rules.
Review it quarterly
Tools change monthly. Set a quarterly review so the policy keeps pace with new capabilities and new risks - especially as EU AI Act obligations phase in.
What we do
We help teams write a practical AI policy and train everyone on it - so the rules live in daily work, not in a forgotten document.
If you'd like help drafting yours, get in touch.