ModelCharter

How to Write an AI Usage Policy (with a Free Template)

An AI usage policy tells your team how they may and may not use AI tools at work. A good one is short, specific and easy to follow, not a 20-page legal document nobody reads.

1. Define the scope

Say who it applies to (employees, contractors, anyone acting for you) and what counts as an 'AI tool': standalone assistants, AI features baked into other software, and anything that sends your data to a third-party model.

2. Set your stance

Decide how permissive to be. Most teams land on 'balanced': AI is allowed, with guardrails. Regulated or data-sensitive teams go stricter, allowing only explicitly approved tools and uses.

3. Nail the data rules

This is the heart of the policy. Be explicit about customer data, personal data (PII), secrets and confidential plans. The simplest safe default: never put confidential or personal data into a consumer AI tool, and only use approved tools that don't train on your data for anything sensitive.

4. Add transparency and regulatory clauses

If you have EU users, the EU AI Act expects you to disclose AI interactions and ensure basic AI literacy. If you handle health data, HIPAA needs a BAA. If you sell B2B, SOC 2 auditors expect this policy to exist.

5. Name an owner and generate it

Say who owns the policy and handles questions and breaches. Then don't start from a blank page: our free AI usage policy generator builds all of the above, tailored to your answers, in a couple of minutes.

Put this into practice

Generate a free AI usage policy for your team, then see which of your tools are safe to use.

Open the generator