← All posts

The One Policy Every Company Needs Before Its First AI Purchase

The One Policy Every Company Needs Before Its First AI Purchase
TL;DR

Most free AI acceptable use policy templates are generic IT policies with 'AI' swapped in. A real AUP needs five specific sections: data classification boundaries defining what cannot touch external AI tools, a named approval authority with a vendor verification checklist, a structured AI use reporting mechanism, detailed data handling rules covering model training and inference logging, and enforceable graduated consequences. Grounded in ISO 42001 Clauses 5 and 7.5, this is the policy every company needs before its first AI purchase, not six months after.

Search "AI acceptable use policy template" and you will find dozens of free downloads. Almost all of them are the same document: a generic IT policy with "artificial intelligence" swapped in for "software." They tell employees not to break the law. They mention confidentiality. They end with a signature block.

None of them answer the questions that matter. Can a developer paste production database credentials into ChatGPT to debug a query? Does the marketing team's Copilot subscription train on your customer lists? What happens when someone at a government client uploads a tender document to an external summariser? These are not hypotheticals. They have all happened inside Australian organisations in the past 18 months, and in most cases the company had an AUP. It just was not the right one.

If your organisation is about to buy its first AI tool, or already has half a dozen in use and nobody has stopped to ask what the rules are, the policy you need is not the one you will find in a free download. It has to be built around the specific risks that AI introduces. Here is what that looks like.

Why an AUP matters before tool number one

The most expensive AI governance mistake is buying the tools first and writing the rules later. Once staff have workflows built around ChatGPT or Copilot, retroactively telling them what they cannot do feels like punishment. People route around restrictions because they have already tasted the productivity gain.

An acceptable use policy is not just a HR checkbox. Under ISO 42001, it is a core piece of documented information that demonstrates your organisation has assessed AI risk before deployment. Clause 5 requires top management to demonstrate leadership and commitment. Clause 7.5 requires documented information to be created, updated, and controlled.

If your organisation ever faces a regulatory inquiry about how customer data ended up in a training dataset, or a board member asks about your AI governance framework, the timestamp on your AUP matters. A policy dated six months after your first AI purchase tells a story you do not want to tell.

The 5 non-negotiable sections every real AUP needs

Most template AUPs have two sections: a list of things you cannot do, and a disciplinary clause. A real AI acceptable use policy needs five specific sections that templates almost never include.

1. Data classification boundaries

This section prevents the production-database-credentials-in-ChatGPT scenario. It defines, in concrete terms, which categories of data cannot touch external AI tools under any circumstances.

A proper framework needs three tiers. Tier 1: data that must never leave your environment, including PII, protected health information, client confidential data, trade secrets, and authentication credentials. Tier 2: data usable with approved AI tools where the vendor contractually confirms no training on inputs and no logging of prompts. Tier 3: data usable freely, such as public information and properly anonymised internal data.

The critical detail most policies miss: prompt data is data. When an employee pastes a client's strategy document into an AI tool to summarise it, they have sent that client's confidential information to a third party. The AUP needs to explicitly call this out. "Do not share confidential information" is not enough. "Copying, pasting, uploading, or transmitting any Tier 1 data to an external AI service is prohibited" is.

2. The AI tool approval process

If your AUP does not specify who approves new AI tools and what they must verify, it is not a policy. It is a suggestion.

This section needs three things. First, a named approval authority: a specific role or committee, not "the IT department." For most mid-market organisations, this is the CISO or IT lead plus a business sponsor. Second, a verification checklist: does the vendor train on user inputs? Where is data processed geographically? What certifications does the vendor hold? Is a DPA available? Third, a register of approved tools. If a tool is not on the register, staff cannot use it.

ISO 42001 Clause 5.3 requires that roles, responsibilities, and authorities for the AI management system are assigned and communicated. The approval process section delivers on that requirement operationally.

3. The AI use reporting mechanism

You cannot govern what you cannot see. Most AUPs are silent on how staff report AI use, which means nobody reports anything and leadership has no visibility.

A real AUP requires staff to log AI use through a simple form or ticketing system capturing: which tool was used, for what purpose, what category of data was involved, and whether output was incorporated into a work product. This is not surveillance. It is asset management. You would not let staff sign up for SaaS products on a corporate card without logging the expense. AI tools are no different.

It also creates an audit trail. If a regulator asks "how is AI being used in your organisation," pointing to a Slack message about using ChatGPT is not an answer. Pointing to a structured log maintained under ISO 42001 Clause 9 (Performance Evaluation) is.

4. Data handling rules for AI tools

This section goes beyond "do not share confidential data" and addresses what actually happens to data once it reaches an AI tool. It separates a serious AUP from a template a lawyer wrote in 20 minutes.

It must cover four specific risks. First, model training: does the vendor use user inputs to train models? If yes, the tool should not be approved for any data above Tier 3. Second, inference logging: even if a vendor does not train on inputs, they may log prompts and responses. Your AUP needs to require verification of what is logged and for how long. Third, data residency: where is the data processed and stored? For Australian organisations, US-based servers raise questions under the Privacy Act 1988. Fourth, data deletion: can users delete their data, and is deletion actual deletion or just de-indexing?

The OAIC's guidance on privacy and artificial intelligence reinforces this: organisations must understand what happens to personal information throughout the AI lifecycle. Your AUP is where you operationalise that.

5. Consequences

Most AUPs include a generic disciplinary clause nobody reads and nobody enforces. A real policy makes consequences specific, proportionate, and enforceable.

This means a graduated response. First instance: mandatory AI awareness training. Second instance: formal warning and restricted tool access. Third instance: disciplinary action up to termination for deliberate or reckless breaches involving Tier 1 data.

If your organisation is not logging AI use (section 3), you cannot enforce consequences. If your data classification framework (section 1) is vague, breaches are impossible to prove. The sections work together or not at all.

What most templates miss completely

Beyond structural gaps, specific AI risks catch organisations by surprise because generic templates never address them.

Shadow AI. Staff using personal accounts on free AI tools because the approved tool does not do what they need. A personal ChatGPT account with a company email and no DPA is a data breach waiting to happen. Your AUP needs to explicitly prohibit personal accounts on external AI services for work purposes, and explain why: no contractual protection, no data processing agreement, no audit rights.

AI output and intellectual property. If a staff member generates code, copy, or designs using an AI tool and incorporates them into a deliverable, who owns the output? Under Australian copyright law, AI-generated works may not attract protection. Your AUP needs to require that AI-generated outputs be reviewed and substantially modified by a human before inclusion in any client-facing deliverable.

Procurement bypass. Most AUPs miss the most dangerous vector: line-of-business leaders buying AI tools on a corporate credit card without review. This is the fastest path to a vendor that trains on your data, stores it in an unknown jurisdiction, and has no DPA. Your AUP must extend the approval process to procurement. If it costs money and uses AI, it goes through the same gate.

How to enforce it beyond "please read this PDF"

The most perfectly drafted AUP is worthless if nobody reads it and nobody enforces it.

Integrate it into onboarding. The AUP should be part of every new hire's first-week paperwork, signed alongside the code of conduct. This creates a record that the policy was acknowledged before the employee had access to any AI tools.

Annual refresh with attestation. AI tools evolve fast. A policy written in 2024 might not cover multimodal models, voice agents, or local AI coding assistants. An annual review cycle with mandatory re-attestation keeps the policy current. ISO 42001 Clause 10 (Improvement) expects the AI management system to be continually improved.

Technical controls. Policy without enforcement is advice. Block known consumer AI domains at the network level. Require SSO for approved enterprise AI tools. Implement DLP rules that flag Tier 1 data patterns in outbound traffic. Words are policy. Technical controls are walls.

Spot-check audits. Quarterly spot-checks: pick five random staff, check what tools they use and what data they send. Findings go to leadership. Not to punish. To understand whether the policy is working. ISO 42001 Clause 9.1 requires monitoring, measurement, analysis, and evaluation. Spot-checks are the simplest way to operationalise that for a mid-market organisation.

Getting it right from day one

An AI acceptable use policy will not win design awards. It will not feature in a town hall presentation. But it is the single most consequential governance document you can write before your first AI purchase, because it defines the boundary between productive adoption and uncontrolled risk.

The templates online are a starting point at best. A real AUP answers the questions those templates do not ask: what data cannot leave the building, who decides which tools are approved, how do we know what staff are actually doing, what happens to our data on someone else's servers, and what are the real consequences for getting it wrong. If you need help building one that passes an ISO 42001 audit, talk to our team or see how we assess AI vendors.

Write that policy. Sign it. Date it. Then buy your first AI tool knowing you have done the work most organisations skip until it is too late.

Written by David Swan, reviewed and fact-checked against primary regulatory sources including ISO 42001:2023 and OAIC guidance. AI-assisted but human-directed.

Frequently asked questions

What is an AI acceptable use policy?

An AI acceptable use policy (AUP) is a formal document defining how employees may and may not use artificial intelligence tools at work. It covers which AI tools are approved, what categories of data can be shared with those tools, how AI use must be reported, and consequences for violating the policy.

Why does ISO 42001 require an AI acceptable use policy?

ISO 42001 Clause 5 requires top management to demonstrate leadership and commitment to the AI management system, which includes establishing an AI policy. Clause 7.5 requires documented information to be created, updated, and controlled. An AUP is core documented information demonstrating your organisation assessed AI risk before deploying tools.

What do most AI AUP templates miss?

Most free templates are generic IT acceptable use policies with 'AI' substituted for 'software.' They typically miss: data classification boundaries specific to AI (prompt data, model training, inference logging), a named AI tool approval authority with verification checklist, a structured AI use reporting mechanism, and shadow AI and procurement bypass risks.

How should companies enforce an AI acceptable use policy?

Beyond onboarding sign-off, enforcement should include annual policy refresh with mandatory re-attestation, technical controls such as domain blocking and DLP rules, and quarterly spot-check audits of AI use against the policy. Consequences should be graduated, from mandatory training through to termination for deliberate breaches involving Tier 1 data.

What data should never be sent to external AI tools?

Tier 1 data must never leave your environment for an external AI tool. This includes personally identifiable information (PII), protected health information, client confidential documents, trade secrets and proprietary algorithms, authentication credentials and API keys, and any data subject to contractual confidentiality obligations or legal privilege.

Who should approve new AI tools in an organisation?

A named approval authority, not a generic 'IT department.' For most mid-market organisations, this works best as a combination of the CISO or IT lead for security and compliance verification, plus a business sponsor for operational need. The approver must verify vendor training practices, data residency, certifications, DPA availability, and retention policies before adding a tool to the register.