Guide

March 2026

How to Write an AI Policy for Your Employees (That They Will Actually Use)

Most AI policies are written for the wrong audience.

They are drafted by legal teams, reviewed by compliance, and approved by the board. They are thorough, carefully worded, and almost entirely useless to the average employee who just wants to know whether they can use ChatGPT to help them write a client email.

If your AI policy reads like a terms and conditions document, it is not doing its job. A policy that nobody reads is not a policy. It is a liability document dressed up as one.

This guide is about writing something different: an AI policy that your people will actually engage with, that answers the questions they are genuinely asking, and that helps your organisation get the benefits of AI while managing the real risks.

Start With the Questions Your People Are Actually Asking

Before you write a single word of policy, spend some time understanding what your employees actually want to know. In our experience, the questions that come up most consistently are:

Can I use AI tools in my work? If so, which ones? What can I use them for and what should I avoid? What happens if I use AI and something goes wrong: am I responsible? Can my employer see what I am doing with AI tools? Will using AI make my job less secure?

These are reasonable questions. Your policy should answer them clearly and directly. If it does not, people will either avoid AI altogether (and your organisation loses the productivity benefit) or use it without any guidance (and your organisation carries the risk).

Be Clear About What You Are Trying to Achieve

A good AI policy has a clear purpose that goes beyond risk management. Before you start drafting, agree with your leadership team on what you want the policy to do.

Most organisations want their AI policy to do at least three things: set clear boundaries around what is and is not acceptable use, give employees enough guidance to make good decisions in the grey areas, and signal the organisation's values around AI, that it is being approached thoughtfully, with people in mind.

Write that purpose into the opening of the policy. Something like: "This policy is designed to help you use AI tools confidently and responsibly in your work. It sets out what we expect, explains our reasoning, and gives you guidance for situations that are not black and white."

That framing changes the tone of everything that follows.

Cover the Essentials Without Drowning in Detail

A practical AI policy for most organisations needs to cover five core areas.

Scope: which tools does the policy cover? Does it apply to all AI tools, or only specific ones? Does it cover personal devices as well as work devices? Be specific. "AI tools" is too vague. Name the categories you are thinking about: generative AI tools like ChatGPT and Copilot, AI-assisted search, AI image generation, AI coding assistants, and so on.

Acceptable use: what can employees use AI for, and what is off limits? The most important boundary for most organisations is around confidential and sensitive data. Employees should not be inputting client data, personal data, commercially sensitive information, or anything covered by confidentiality agreements into external AI tools. State this clearly and explain why.

Quality and accuracy: AI tools make mistakes. They hallucinate facts, misrepresent sources, and produce plausible-sounding content that is simply wrong. Your policy should be explicit that employees are responsible for checking and verifying any AI-generated output before using it, sharing it, or acting on it. This is especially important in roles where errors carry professional, legal, or reputational risk.

Transparency and disclosure: do you expect employees to disclose when they have used AI to produce work? For some organisations and some types of work, this matters a great deal. For others, it is less relevant. Be clear about your expectations. If you require disclosure in certain contexts (client-facing documents, formal reports, published content), say so.

Accountability: using AI does not transfer responsibility. If an employee uses an AI tool to produce work that turns out to be wrong, harmful, or in breach of a client's expectations, the employee (and the organisation) remains accountable. Your policy should make this explicit, not to frighten people, but to make sure they understand that AI is a tool, not a decision-maker.

Address the Anxiety, Not Just the Rules

One of the most common mistakes in AI policy writing is treating it purely as a rulebook. Rules without context create anxiety. People read a list of things they cannot do and assume the worst about the organisation's intentions.

Include a section that addresses the human side directly. Acknowledge that AI is changing the nature of work and that this can feel unsettling. Be clear about the organisation's intentions, that AI is being introduced to support people, not replace them, and that the organisation is committed to being transparent about how AI is being used and what it means for different roles.

This does not need to be long. Two or three paragraphs that speak honestly to the concerns your people have will do more to build trust than any number of carefully worded compliance clauses.

Make It Easy to Find and Easy to Read

Format matters. A policy that is buried in a shared drive under a folder called "Legal Documents, 2025" will not be read. A policy that is written in dense paragraphs with no headings, no examples, and no plain-English summaries will not be understood.

Publish your AI policy somewhere prominent: your intranet, your employee handbook, your onboarding materials. Use clear headings. Include a one-page summary for people who will not read the full document. Add a FAQ section that answers the most common questions in plain language. And make sure managers know where to find it and how to answer the questions their teams will ask.

Keep It Current

AI is moving fast. A policy written in 2023 is already out of date in several important respects. Build a review schedule into the policy itself, at minimum an annual review, and a triggered review whenever a significant new AI tool or regulation emerges that affects your organisation.

Assign clear ownership. Someone in your organisation needs to be responsible for keeping the AI policy current. In most organisations, that sits with HR, Legal, or a combination of both.

A Note on Getting Started

If you do not have an AI policy yet, the most important thing is to start. An imperfect policy that is published and communicated is infinitely more useful than a perfect one that is still being drafted. You can refine it over time. What you cannot do is leave your people without any guidance while AI tools proliferate around them.

If you are not sure where to start, we can help. Our service Adapting Your AI Policy to Be People-Focused is designed to help organisations create policies that are genuinely useful, not just legally defensible.

Want help getting your people ready for AI?

At Adaptiv HR, we help organisations prepare their people for AI. Practically, strategically, and without the jargon. Based in London, working remotely worldwide.

Adaptiv HR

© 2026 Adaptiv HR. All rights reserved.