AI Acceptable Use Policy: What to Include

An AI acceptable use policy (AUP) is a specific form of AI usage policy focused on what employees may and may not do, rather than the vendor or technical details. It's the document your staff actually reads and signs — so clarity matters more than comprehensiveness.

What to always include

A clear data rule ('never enter confidential, personal or client data into a consumer AI tool'), an approved-tools list (or a link to it), a transparency rule (staff must disclose AI-generated content where material), and a reporting mechanism (where to ask about a new tool, where to flag a concern).

What varies by sector

Legal, medical and financial services teams often need a stricter data rule that prohibits even aggregate or anonymised client data. Education teams need rules around AI-generated student-facing content. If you're EU-based, an AI literacy acknowledgement clause covers the Article 4 duty under the EU AI Act.

Length and tone

The most-used AI policies are one to two pages. Write it in plain English, not legalese. The goal is a document employees read and remember, not a liability shield. Employees who understand the policy by default follow it; employees who skip it because it's dense don't.

Generate one in minutes

Greenlightly's free AI usage policy generator asks you the key questions (company type, data sensitivity, regulatory context) and outputs a ready-to-share policy. It's faster than any template and already structured for AI literacy attestation.