Executive Summary
- Only 37% of organizations have AI governance policies, yet 81% of employees use unapproved AI tools (UpGuard, n=1,562, November 2025; IBM, n=604, 2025). The gap between “employees using AI” and “organization governing AI” is where the $670,000 breach cost premium lives. This template closes that gap in an afternoon.
- This is the Day 1 policy — not the final policy. It covers the four sections that eliminate 90% of near-term risk: approved tools, data rules, human oversight, and violations. A comprehensive AI governance program takes 90 days. This document takes one afternoon and stops the bleeding while the full program is built.
- The template includes a security posture section for companies without a dedicated CISO — five diagnostic questions and three controls that can be implemented in the same week the policy is published. At a 200-500 person company, the person signing this policy is often the same person implementing the controls.
- Training alone does not solve the problem. UpGuard’s research reveals a paradox: employees who received AI safety training use unapproved tools more frequently than those who did not. Knowledge increases confidence, not compliance. Policy creates the structure that training alone cannot.
How to Use This Template
This is a fill-in-the-blank document. Every blank marked [________] requires a decision from the person completing it — typically the CEO, General Counsel, or CIO. The template is designed to be completed in one sitting, reviewed by counsel, and distributed to all employees within five business days.
Three rules for completing this template:
- Fill in every blank. A blank left empty is a decision deferred — and deferred decisions become incidents. If the answer is unknown, write “TO BE DETERMINED BY [DATE]” with a named owner.
- Name names. “IT” is not an owner. “The CIO” is not an owner. A person with a first and last name is an owner.
- Do not expand the scope. This is one page, front and back. The urge to add sections is the urge to delay publishing. Publish this version, then iterate quarterly.
After completing: Print, distribute at the next all-hands or via email, and require a signed acknowledgment from every employee within 30 days. The acknowledgment is the legal evidence that employees knew the rules.
The Policy Template
[YOUR COMPANY NAME] — Artificial Intelligence Acceptable Use Policy
Effective Date: [] Policy Owner: [] (name and title) Next Review Date: [________] (no later than 90 days from effective date) Applies to: All employees, contractors, and temporary workers who use any AI tool in connection with company business, whether on company-owned or personal devices.
Section 1: Approved Tools
The following AI tools are authorized for business use. Using any AI tool not on this list for company work is prohibited unless approved in writing by [________] (name and title of approver).
| Tier | Tool Name | Permitted Use | Data Restrictions |
|---|---|---|---|
| Approved — enterprise-licensed, security-reviewed | [________] | [________] | Internal and Public data only unless enterprise data protections confirmed |
| Approved | [________] | [________] | [________] |
| Approved | [________] | [________] | [________] |
| Conditional — permitted with restrictions | [________] | Non-sensitive brainstorming, general research only | No company data of any kind |
| Conditional | [________] | [________] | [________] |
| Prohibited — blocked by policy | Personal ChatGPT, Claude, Gemini, or Copilot accounts used for company work | Not permitted | N/A |
| Prohibited | [________] | Not permitted | N/A |
Update cadence: This list is reviewed and updated by [] (name) every [] days (recommended: 90).
How to request a new tool: Submit a written request to [] (name and email). Requests are evaluated within [] business days. Do not use the tool until approval is confirmed in writing.
Section 2: Data Rules
No employee may enter the following data types into any AI tool — including Approved tools — without written authorization from [________] (name and title):
| Data Classification | Examples at Our Company | AI Permission |
|---|---|---|
| Restricted — never enters any AI tool | [________] (e.g., trade secrets, M&A materials, litigation strategy, privileged communications) | Prohibited — no exceptions |
| Confidential — Approved tools with enterprise data protections only | [________] (e.g., client names, financial projections, employee records, source code, contracts) | Approved-tier tools only, with enterprise DPA confirmed |
| Internal — Approved tools only | [________] (e.g., internal memos, process documentation, meeting notes, project plans) | Approved-tier tools only |
| Public — any Approved or Conditional tool | [________] (e.g., published marketing materials, job postings, public financial filings) | Any authorized tool |
The five things you may never paste into any AI tool at this company:
- [________] (e.g., client names or client data of any kind)
- [________] (e.g., employee Social Security numbers, salaries, or performance reviews)
- [________] (e.g., proprietary source code or algorithms)
- [________] (e.g., financial projections, revenue figures, or board materials)
- [________] (e.g., legal documents, attorney-client communications, or litigation materials)
These five prohibitions apply to every tool — Approved, Conditional, and personal accounts. Violation of any of these five items is a terminable offense.
Section 3: Human Oversight Requirements
AI-generated output is a draft. It is never a final product. The person who submits AI-generated work assumes full professional responsibility for its accuracy.
| Output Type | Review Required Before Use |
|---|---|
| Client-facing — any document, email, analysis, or deliverable sent to a client or external party | Reviewed and approved by [________] (name/role) before transmission |
| Financial — any projection, budget, or analysis used in a business decision | Verified against primary data by [________] (name/role) |
| Legal — any contract language, compliance analysis, or regulatory filing | Reviewed by [________] (name/role — must be licensed attorney or designated counsel) |
| Internal communications — company-wide announcements, HR communications, policy documents | Reviewed by [________] (name/role) |
| All other business use | Employee is personally responsible for verifying accuracy before use |
Disclosure requirement: AI-assisted content used in [] (specify: all client deliverables / regulatory filings / external communications / other) must be disclosed as AI-assisted. The disclosure format is: [] (e.g., “Prepared with AI assistance and reviewed by [name]”).
The accountability statement: “You are personally responsible for the accuracy, completeness, and appropriateness of any AI-generated content you use in company business. The use of an AI tool does not diminish or transfer your professional accountability.”
Section 4: Violations and Reporting
| Violation | Example | Consequence |
|---|---|---|
| Minor | Using a Conditional tool without following restrictions; failing to verify AI output before internal use | [________] (e.g., written warning and mandatory training refresher) |
| Moderate | Entering Internal data into a Conditional tool; repeated minor violations; using an unapproved tool for non-sensitive work | [________] (e.g., formal disciplinary action; temporary suspension of AI access) |
| Severe | Entering Confidential or Restricted data into any unauthorized tool; using a personal AI account for company work involving client data; falsifying AI output as original human work | [________] (e.g., termination; referral for legal action) |
How to report an incident: If you suspect company data has been entered into an unauthorized AI tool, or if AI-generated output containing errors has reached a client or been used in a decision, report immediately to:
- Primary contact: [________] (name, email, phone)
- Alternative contact: [________] (name, email, phone)
- Timeline: Within 24 hours of discovery. Immediate for incidents involving client data or Restricted information.
- No retaliation: Employees who report in good faith are protected from disciplinary action for the act of reporting, even if the report reveals a policy violation they committed.
Section 5: Security Posture — Five Questions for Companies Without a Dedicated CISO
Most companies with 200-500 employees do not have a Chief Information Security Officer. The person reading this section is likely the CIO, IT director, or GC who also handles security. These five questions determine whether the organization’s security infrastructure supports the policy above — or whether the policy is wallpaper.
Answer each question. If the answer is “no,” implement the corresponding control before or within one week of publishing this policy.
| # | Question | Your Answer | If “No” — The Control to Implement |
|---|---|---|---|
| 1 | Do all Approved AI tools authenticate through the company’s identity provider (Okta, Azure AD/Entra ID, Google Workspace) with MFA required? | Yes / No | Control 1: Enforce SSO + MFA for every Approved AI tool. This is the single most cost-effective security control — it solves identity, access, and offboarding in one mechanism. If an employee departs, one action terminates access to every AI tool. Cost: $0-$6/user/month (most companies already have SSO). Time: 4-8 hours for IT. |
| 2 | Does the company’s web filtering or firewall block access to consumer AI platforms (free-tier ChatGPT, Claude.ai personal, Gemini personal) from company networks and managed devices? | Yes / No | Control 2: Block consumer AI at the network level. This is not about banning AI — it is about routing employees to the Approved, governed versions. If the company licenses ChatGPT Enterprise, block consumer ChatGPT. The right path becomes the only path. Cost: $0 (configuration change on existing web gateway). Time: 2-4 hours for IT. |
| 3 | Does the company monitor for sensitive data being submitted to AI tools through browser prompts — not just through email and file transfers? | Yes / No | Control 3: Deploy AI-aware data loss prevention. Traditional DLP monitors email attachments and USB drives. AI data leakage happens through browser prompts — a channel most legacy DLP cannot see. AI-aware DLP inspects prompts before they reach AI platforms and redacts sensitive data in real time. Cost: $3-8/user/month. For 300 employees: $10,800-$28,800/year. Time: 1-2 days for deployment. |
| 4 | Can the company produce a list of every AI tool in use — including vendor data handling practices, training data policies, and sub-processor disclosures — within 24 hours if asked by a client, insurer, or regulator? | Yes / No | If no: the AI tool inventory is the first task for [] (name), due by [] (date — within 30 days of this policy). |
| 5 | Has the company updated its incident response plan to include AI-specific scenarios (data leakage through AI prompts, hallucinated content reaching a client, compromised AI agent)? | Yes / No | If no: the AI incident response addendum is the second task for [] (name), due by [] (date — within 30 days of this policy). |
Score your answers:
- 5 “yes” answers: The security infrastructure supports this policy. Proceed with confidence.
- 3-4 “yes” answers: The policy is publishable, but the gaps create enforcement blind spots. Implement the missing controls within one week.
- 0-2 “yes” answers: Publish the policy anyway — but treat the security controls as urgent, not optional. A policy without Controls 1-3 relies entirely on employee compliance, and the data shows that is insufficient: 93% of executives use unapproved AI tools even when they know the rules (UpGuard, n=1,562, 2025).
The Three Controls — Implementation Summary
For the CIO or IT lead implementing the security posture controls, here is the consolidated view:
| Control | What It Does | Cost | Time | Priority |
|---|---|---|---|---|
| SSO + MFA enforcement | Centralizes AI tool access through the identity provider. One kill switch for offboarding. Prevents personal account usage on managed devices. | $0-6/user/month | 4-8 hours | Implement before publishing the policy |
| Consumer AI network blocking | Routes employees to Approved tools by blocking consumer alternatives. Makes the governed path the only path. | $0 (config change) | 2-4 hours | Implement before publishing the policy |
| AI-aware DLP | Monitors the prompt channel for sensitive data before it reaches AI platforms. Catches what traditional DLP misses. | $3-8/user/month | 1-2 days | Implement within one week of publishing |
Total cost for all three controls at a 300-person company: $10,800-$50,400/year. This is 1.5-7.5% of the cost of a single shadow AI breach ($670,000 premium — IBM, n=604, 2025).
What Happens After Day 1
This policy is a starting point. The next 90 days should produce:
| Timeline | Deliverable | Owner |
|---|---|---|
| Week 1 | This policy published and distributed; Controls 1-2 implemented | [________] |
| Week 2 | Control 3 (AI-aware DLP) deployed; AI tool inventory started | [________] |
| Week 3-4 | Shadow AI audit completed (use the Discovery Worksheet) | [________] |
| Day 30 | All employee acknowledgments collected; AI incident response addendum published | [________] |
| Day 60 | Shadow AI audit findings presented to leadership; Approved tool list updated based on findings | [________] |
| Day 90 | First quarterly policy review; comprehensive AI governance program decisions made | [________] |
The Day 1 policy handles the emergency: employees are using AI now, data is flowing into unmanaged tools now, and the organization needs guardrails now. The 90-day program handles the strategy: which tools to standardize, how to train 200+ people, what to budget, and how to measure whether any of it works.
Key Data Points
| Metric | Finding | Source |
|---|---|---|
| Organizations with AI governance policies | 37% | IBM / industry aggregate, 2025 |
| Employees using unapproved AI tools | 81% | UpGuard, n=1,562, November 2025 |
| Shadow AI breach cost premium | +$670,000 ($4.63M vs. $3.96M) | IBM Cost of a Data Breach, n=604, 2025 |
| Executives using unapproved AI tools | 93% | UpGuard/Cybernews, n=1,562, 2025 |
| Training paradox — trained employees use shadow AI more | Positive correlation between training and unapproved usage | UpGuard, n=1,562, November 2025 |
| Companies with technical controls to prevent data leakage to AI | 17% | Industry surveys compiled, 2025-2026 |
| Sensitive data incidents per company per month | 223 (doubled year-over-year) | Netskope, 2025-2026 |
| Breached organizations lacking AI access controls | 97% | IBM, 2025 |
| Organizations with formal AI governance: agentic AI adoption rate | 46% vs. 12% without | CSA/Google Cloud, 2025 |
| Colorado AI Act — replacement framework proposed | New ADMT framework proposed March 17, 2026; if passed, effective January 2027 | Colorado AI Policy Work Group, March 2026 |
What This Means for Your Organization
The acceptable use policy is the single fastest risk reduction available to a mid-market company. It requires no technology purchase, no board resolution, and no organizational restructuring to draft and publish. It requires one person to fill in the blanks, one counsel review, and one all-hands email.
The policy is also the prerequisite for everything that follows. The shadow AI audit cannot be commissioned without a definition of “authorized” versus “unauthorized.” The vendor evaluation cannot proceed without data classification rules. The training program cannot be delivered without a policy to train on. The board risk briefing cannot be credible without a documented governance posture. Every downstream tool in the AI program depends on this document existing.
The regulatory landscape is shifting. Colorado’s AI Policy Work Group proposed on March 17, 2026, a new framework to replace SB 205, potentially effective January 2027. Illinois AIPA is already in force. The EU AI Act’s high-risk provisions arrive August 2026. A policy published today is not just good governance — it is the beginning of a documented compliance posture that becomes more valuable with each new regulation. If filling in these blanks surfaced questions about what belongs in the Approved column, how to classify the data your organization handles, or how to sequence the 90-day program that follows — that conversation is worth having at brandon@brandonsneider.com.
Sources
- UpGuard — “The State of Shadow AI.” n=1,562 U.S. employees, November 2025. 81% unapproved AI usage, 93% executive usage, training paradox (trained employees use shadow AI more). Independent security vendor. High credibility. https://www.upguard.com/resources/the-state-of-shadow-ai
- IBM — Cost of a Data Breach 2025. n=604 organizations, 17 countries. $670K shadow AI breach premium, 97% lacking AI access controls, 37% with governance policies. Ponemon Institute methodology. High credibility. https://www.ibm.com/reports/data-breach
- CSA/Google Cloud — “The State of AI Security and Governance.” 2025. 46% agentic AI adoption with governance vs. 12% without. Industry consortium with vendor co-sponsorship. Moderate-high credibility. https://cloudsecurityalliance.org/blog/2025/12/18/ai-security-governance-your-maturity-multiplier
- Netskope — AI data leakage monitoring. 2025-2026. 223 sensitive data incidents per company per month, doubled year-over-year. Network telemetry data. Moderate-high credibility. https://www.cybersecuritydive.com/news/shadow-ai-security-risks-netskope/808860/
- ISACA — “AI Use Is Outpacing Policy and Governance.” n=3,200+, April 2025. 28% formal policy adoption. Independent professional association. High credibility. https://www.isaca.org/about-us/newsroom/press-releases/2025/ai-use-is-outpacing-policy-and-governance-isaca-finds
- Colorado AI Policy Work Group — Proposed ADMT framework to replace SB 205. March 17, 2026. If passed, effective January 2027. Primary legislative source. High credibility. https://www.mayerbrown.com/en/insights/publications/2026/03/the-colorado-ai-policy-work-group-proposes-an-updated-framework-to-replace-the-colorado-ai-act
- Ponemon/DTEX — 2026 Cost of Insider Risks Global Report. n=354 organizations, February 2026. $19.5M annual insider cost, 67-day containment. Independent research. High credibility. https://ponemon.dtex.ai/
- Samsung ChatGPT incident — Three employees entered proprietary source code and meeting notes into ChatGPT within 20 days, April 2023. Widely reported and confirmed. Event documentation. https://techcrunch.com/2023/05/02/samsung-bans-use-of-generative-ai-tools-like-chatgpt-after-april-internal-data-leak/
- Gartner — 40% of data breaches attributed to AI misuse by 2027. AI governance platform market $492M in 2026. Independent analyst. High credibility. https://www.gartner.com/en/newsroom/press-releases/2026-02-17-gartner-global-ai-regulations-fuel-billion-dollar-market-for-ai-governance-platforms
- FRSecure — AI Acceptable Use Policy template methodology. 2025. Practitioner guidance. Moderate credibility. https://frsecure.com/ai-acceptable-use-policy-template/
- Mayer Brown — Analysis of Colorado AI Policy Work Group proposed ADMT framework. March 2026. Law firm analysis. High credibility. https://www.mayerbrown.com/en/insights/publications/2026/03/the-colorado-ai-policy-work-group-proposes-an-updated-framework-to-replace-the-colorado-ai-act
- Denver Post — “Colorado AI task force reaches agreement on regulatory framework.” March 18, 2026. Journalism. Moderate-high credibility. https://www.denverpost.com/2026/03/18/artificial-intelligence-task-force-recommendations-colorado/
Brandon Sneider | brandon@brandonsneider.com March 2026