Generative AI Policy
Our Generative AI Policy template:
- Solicitor-Drafted: Tailored for UK SMEs to ensure 100% legal reliability
- Comprehensive Risk Management: Addresses data privacy, intellectual property, and AI “hallucinations”
- Instant Download: Fully editable Microsoft Word format for immediate implementation
- Free helpline: Access to Legalo’s free helpline when needed regarding the template
- Money-Back Guarantee: A risk-free purchase for your peace of mind
How Does It Work?
-
1. Download
-
2. Edit
-
3. Print
-
4. Sign
MD, Legalo Ltd; Solicitor; Notary Public
Use our Generative AI Policy template to help ensure that your team uses AI safely and productively within your business.
This generative AI policy is aimed at being suitable for SME companies, from startups to mid-cap. The document provides a clear framework for the sensible use of tools like Gemini, ChatGPT, Claude and Midjourney, within the business.
As part of our commitment to supporting SME and startup compliance, we have made this template available to you free of charge. Yes, that’s right. You get a solicitor drafted document that’s been carefully drafted to make sure it is simple to complete – for free.
All that we ask is that if you use our template, you take a moment out to mention us on your social media and direct others to make use of our policy template and our many free compliance document packs.
if you find yourself in need of any support when completing the template, you can call my co-founder, Davo, whose also a solicitor, and mans our free helpdesk via email and telephone.
When to Use this AI Policy
Every business that has employees should have a formal AI policy in place. It is definitely something that you must put in place if:
- You allow staff to use AI: they need to know what they can and cant do when using AI.
- You have a ‘no AI’ in the business stance: if this is the case then it should be formally communicated to staff.
- Your business uses AI for marketing: to manage the rosks associated with copyright infringement, or inaccurate AI output.
We think all businesses should keep abreast of the use of AI. The reality is that it can be transformational within a business when used responsively. As McKinsey reports AI adoption within business drives efficiency and performance. My template includes a mandatory human review loop. AI output should never be published or shared in any way outside an organisation without first being reviewed by a human. AI does make mistakes, and frequently!
It is very easy and fast to complete. Mainly, you just need to insert the organisation’s name in several places. It should only take you a matter of a few minutes to complete it.
What’s included in the Template Pack?
Once downloaded, you’ll find more than just a standard template. You get a comprehensive AI support pack, all carefully prepared by me. It includes:
- The generative AI Policy: A fully editable Microsoft Word template covering the key topics of purpose, scope and prohibited uses.
- My step by step guide: I have written a guide that takes you through the policy, clause by clause, and explains what you need to edit and the options that you have.
- Approved AI Tools & Settings Register: Unlike many AI policy templates that embed the list of approved AI resources in the template – meaning you have to issue a new policy every time you change the list, Ive included a separate Register which can easily be updated as required.
How to Use This AI Policy Template
I outline, below, the steps that I recommend you follow once you have downloaded the policy template and begin completing it.
Step 1: Define the Policy Status
Once you start editing the template, you will need to select whether the policy will be contractual. If it’s contractual, then it becomes a condition of staff employment. Meaning that breach of it can be a disciplinary matter. If taking the effort to sensibly put an AI policy in place, then I recommend making it a contractual document.
Step 2: Customise “Restricted Information”
My template includes a detailed definition of what type of business information a staff member must never put into an AI tool. For example, customer data or passwords. The definition should suit you just fine as drafted, but you can edit it if you need to expand it.
Step 3: Add Your Business details
You will need to fill in your business details. You’ll see from the template that when adding in the details of a company, you should include its registered number. This is good documentation practice, although less critical with internally facing documents. You can look up your company number on the Companies House website.
Step 4: Set up the ‘AI Tools Register”
The register is a list of approved AI resources. It would be common to add ChatGPT, Gemini and Midjourney, but you can add any resource that you want staff to be able to make use of.
Once you have completed the policy, it should be issued to all staff. You can do this by adding it to your staff handbook and emailing staff to tell them that it’s been added. Alternatively, you may prefer to simply email it directly to all staff and advise them that it now applies and that they must read it, and raise any questions that they may have.
Why a Formal Policy and Not Just a Staff Memo?
The truth is that many businesses rely on a quick email to all staff, or a slightly more formal memo. All Staff Memo’ to cover off things like when and when not to use AI within the business. That can work ok, until it doesn’t. This type of informal approach results in the instruction, or guidance, being ‘non-contractual’ guidance. There is no scope for disciplinary action if the staff do not follow the memo. Its legal status is that it is simply ‘guidance’ or a ‘suggestion’.
Putting in place a formal policy brings credibility. It makes it clear to staff that you run all aspects of your business professionally and with consideration. See below my five benefits of taking the limited time required to put a formal Generative AI Policy in place.
| Feature | Informal Staff Memo | Legalo AI Policy Template |
|---|---|---|
| Enforceability | Hard to prove as a binding instruction. | Clear contractual or guidance status. |
| IP Protection | Often ignores the risk of “prompt-based” IP leaks. | Detailed clauses on third-party rights and input ownership. |
| Data Privacy | Lacks specific GDPR-aligned “Restricted Info” rules. | Comprehensive definitions of personal data risks and prohibited inputs. |
| Agility | Needs a new memo every time a new tool comes out. | Uses a dynamic “Tools Register” for quick, secure updates. |
| Liability | Doesn’t address the “hallucination” risk formally. | Mandatory human-review and strict record-keeping rules. |
Meet the Author: Legal Expert You Can Trust
Stephen Avila – Solicitor & Legalo Co-founder
This generative AIL Policy template was drafted by me, Stephen. I am a practising solicitor with over 20 years of experience supporting startups and scale-ups across commercial, employment and data protection matters. I know first-hand how quickly technology can outpace legal contracts.
I’ve drafted this template to be ‘future proof’, meaning that once in place its very unlikely that you will need to replace it for many years. I hope you find my work helpful, and our free template brings value to your business.
Frequently Asked Questions (FAQs)
I’ll cover the questions most commonly asked of David and me by our visitors.
Q: Does this policy cover staff using their personal AI accounts?
Yes, the policy does cover staff using their personal AI accounts. The policy applies to all ‘work-related’ AI use.
Q: Who owns the content generated by AI?
Under English law, the person responsible for making the ‘necessary arrangement’ to cause the AI output is the author and so the owner. The AI policy acts to make sure that such ownership is automatically transferred to the business.
Q: Is this policy GDPR compliant?
This AI use policy is designed to work alongside your existing Staff Data Protection Policy. It specifically restricts staff from inputting personal data into AI tools.
Q: Can I use this policy for contractors and freelancers?
Yes, you most definitely can. The scope of the policy is drafted to cover employees, contractors, and even volunteers.
Ready to Secure Your Business’ AI Future?
Download your solicitor drafted Generative AI Policy template now. Get the resource you need to quickly and easily implement a policy. Give staff clear guidance and your business the opportunity to engage with AI in an efficient and considered way.
⚠️ Important: Check Your Data Insurance
While this policy provides the legal framework for the safe and responsible use of AI within the business, we recommend checking your cyber liability insurance. Many insurers require that those with cyber liability coverage have a formal contractual AI policy in place.
Disclaimer
Whilst our generative AI policy template was drafted by me, STephen, a solicitor with over 20 years of legal experience, I am not providing you with legal advice. The information on this page is provided to you for your general information and for self-help purposes.
