search account download cart
static-aside-menu-toggler

Do You Have an AI Policy?

AI policy

Artificial Intelligence tools are now firmly embedded in everyday business life — from chatbots and automated email responses to content generation and data analysis. Most employees are already using AI in some form, whether their organisation has sanctioned it or not. This is why having a clear AI policy in place has now become essential.

Why your organisation needs an AI policy

Without a formal policy, AI use within your business is effectively uncontrolled. Employees may feed confidential or personal data into AI tools without understanding the risks. AI-generated content may be published without human review. Decisions may be made — or heavily influenced — by AI in circumstances where human judgement is both appropriate and required.

An AI policy sets the boundaries. It makes clear what AI can and cannot be used for, who is responsible for overseeing its use, and what guidelines employees must follow. It also signals to clients, partners and interested parties that the organisation has taken a responsible and ethical approach to the use of AI.

For organisations with ISO management system certification, a formal AI policy is required to meet the requirements of the ISO 42001:2024 Artificial Intelligence Management System standard.

What should an AI policy cover?

A good AI policy should be concise enough to be read and understood, but comprehensive enough to be actionable. At a minimum it should address:

  • Permitted uses — the forms of AI the organisation allows, such as digital assistants, content generation, data analysis and productivity tools
  • Prohibited or restricted uses — circumstances where AI must not be used, or where human involvement is required
  • Data and confidentiality — clear rules preventing personal or confidential information being entered into AI systems without appropriate controls
  • Risk management — a commitment to assessing AI-related risks before implementing AI into critical systems or processes
  • Monitoring and review — how AI use within the organisation will be monitored and reviewed
  • Ethical principles — a statement of the organisation's commitment to using AI responsibly and in compliance with applicable laws and regulations

Getting started

Our P-120 Artificial Intelligence Policy is available to download and provides a ready-to-use policy document that covers all of the above. It includes a public-facing policy statement on the organisation's commitment to the ethical use of AI and references the AI management system and AI guidelines that support day-to-day implementation.

Download the P-120 Artificial Intelligence Policy here

Published: 12th March 2026
payment logos