How to Create a Simple AI Policy for Your SME (With Templates)

1. Why every SME needs a simple AI policy

As AI becomes part of everyday work, SMEs need clear, practical rules for staff. Not a long legal document—just a straightforward policy that explains:

• what AI can be used for,
• what staff must avoid,
• how to handle sensitive data,
• when human review is required.

This guide gives you a clear, SME-friendly AI policy that you can customise and share with your team.

2. What an SME AI policy should cover

A good AI policy focuses on five areas:

• approved tools,
• data safety,
• acceptable use,
• review and approval,
• record keeping and accountability.

3. The core principles of a safe AI policy

Your AI policy should be guided by three simple principles:

• AI assists; humans approve.
• No sensitive data goes into public AI tools.
• AI output is always checked for accuracy and tone.

4. Template: One-page AI policy for SMEs

You can paste and adapt the following policy directly into your company handbook or intranet:

AI Acceptable Use Policy (SME Version)

1. Purpose
AI tools (such as ChatGPT, Gemini, Copilot and similar systems) 
may be used to improve productivity, communication and accuracy. 
This policy explains how staff should use AI safely and responsibly.

2. Approved Tools
Staff may only use AI tools approved by the business. These tools
must offer secure data handling and must not use submitted data 
for training unless explicitly permitted.

3. Do Not Submit Sensitive Data
Staff must NOT enter the following into AI tools:
• customer names, addresses or contact details
• financial documents or pricing sheets
• confidential emails or contracts
• employee information
• photos showing people or identifiable locations
• any data covered by GDPR or confidentiality agreements

4. Acceptable Use
AI may be used for:
• drafting emails, reports and messages
• rewriting text for clarity or tone
• summarising long documents (after removing sensitive data)
• generating ideas or explanations
• cleaning up engineer notes or admin text

5. Human Review
All AI-generated output must be checked by staff before being sent
to customers, suppliers or partners. AI output should always be
treated as a draft.

6. Accuracy and Tone
Staff must verify:
• factual accuracy,
• completeness,
• professionalism of tone,
• compliance with company policies.

7. Data Security
Staff must comply with the company’s data protection and GDPR
requirements at all times. Do not store AI output in personal
accounts or external tools without approval.

8. Accountability
Staff remain responsible for any communication or document 
generated with AI. Using AI does not remove responsibility for 
accuracy or decision-making.

9. Prohibited Uses
AI must not be used for:
• legal, financial or medical decisions without expert review
• hiring decisions or employee evaluations
• decisions that affect people’s rights or opportunities
• automated messages sent without human approval

10. Reporting Issues
Any misuse, errors or security concerns must be reported to the 
AI policy owner or line manager.

5. Step-by-step guide to rolling out your AI policy

a) Share the policy in simple language

Introduce the policy through a short meeting or recorded video, not just an email. Explain:

• why the policy exists,
• how it protects staff,
• how it improves productivity.

b) Provide staff with a “safe usage checklist”

Example checklist:

• Have I removed names and sensitive data?
• Is this task appropriate for AI?
• Will I review the output before sending?

c) Create a list of approved prompts

This ensures consistency and reduces risk.

d) Assign an AI policy owner

This person acts as the point of contact for questions, improvements or issues.

e) Review the policy every 3–6 months

AI evolves quickly—your policy should evolve with it.

6. Optional: Create two versions of the policy

Some SMEs find it useful to create:

• a simple, one-page version for everyday staff,
• a longer version for managers or compliance teams.

7. The bottom line

A good AI policy doesn’t slow innovation—it provides confidence and clarity. With a simple, practical set of rules, staff can use AI safely while your business benefits from increased productivity and reduced admin.

In the next guide, we’ll explore how to introduce AI to customers in a way that strengthens trust and showcases professionalism.