AI and Your Employee Handbook: 3 Sections That Need Updating Before Your Next Incident

Executive Summary

• 56% of companies lack any formal AI policy, yet 81% of employees already use unapproved AI tools (Littler C-Suite Survey, n=330+, 2024; IBM, n=604, 2025). At most mid-market companies, the employee handbook — the document every employee actually signed — still contains zero language about AI. The standalone AI acceptable use policy (if one exists) sits in a folder nobody opens. The handbook sits on every desk.
• Three handbook sections create immediate legal exposure if they do not address AI: confidentiality and non-disclosure, use of company resources, and performance evaluation. Each section was written before generative AI existed. Each section now has a gap that an employee, a regulator, or a plaintiff’s attorney can walk through.
• Illinois, Colorado, New Jersey, and California have enacted AI employment laws effective in 2025-2026 that require specific employee notifications, bias audits, and handbook disclosures. Illinois HB 3773 (effective January 1, 2026) explicitly requires AI use notices in employee handbooks. Colorado SB 24-205 (effective June 30, 2026) requires disclosure when AI influences employment decisions. The compliance clock is running.
• This is not a new policy. This is three surgical updates to the document employees already reference — adding AI language to sections that govern what employees do every day with information, tools, and performance standards.

Why the Handbook Matters More Than the Standalone AI Policy

The Day 1 AI Acceptable Use Policy (a companion tool in this series) is essential. It creates the governance structure — approved tools, data rules, human oversight, violations. But at a 200-500 person company, two things are true about standalone policies:

First, employees reference the handbook. They signed it during onboarding. HR cites it in performance conversations. Managers point to it when questions arise. The AUP may live in a SharePoint folder. The handbook lives in the employee’s mental model of “what the rules are.”

Second, the handbook creates legal precedent. Courts look at the employee handbook when determining whether an employer established clear expectations. A standalone AI policy that contradicts or fails to connect to the handbook creates ambiguity. Ambiguity favors the employee in disputes and the plaintiff in litigation.

Littler’s 2024 C-Suite Survey found that among organizations with generative AI policies, only 74% require employees to adhere to them — 23% merely offer guidelines. The handbook is where guidelines become requirements. If the AI policy says “do not upload confidential data to AI tools” but the handbook’s confidentiality section does not mention AI, the enforcement mechanism has a gap.

The three sections below close that gap. Each takes 30 minutes to draft, one hour with counsel, and can be published in the next handbook update cycle.

Section 1: Confidentiality and Non-Disclosure

The Problem

The typical mid-market handbook confidentiality clause was written to address email, photocopies, and USB drives. It prohibits sharing company information “with unauthorized third parties” or “outside the organization.” It does not contemplate an employee pasting a customer contract into ChatGPT to “summarize the key terms” — an action that sends confidential data to a third-party AI provider’s servers, potentially including the provider’s training pipeline.

The U.S. Copyright Office confirmed in January 2025 that AI-generated content without sufficient human creative control is not copyrightable. This means an employee who feeds proprietary methodology into an AI tool and uses the output may have created a deliverable the company cannot copyright-protect. The confidentiality exposure runs in both directions: data goes out, and unprotectable work product comes back.

What to Add

Insert the following language into the existing confidentiality or non-disclosure section of the handbook (adapt bracketed items to match existing handbook terminology):

AI Tools and Confidential Information. [Company]'s confidentiality obligations apply to all forms of disclosure, including input to artificial intelligence tools, chatbots, large language models, and similar technologies — whether company-provided or personal. Employees must not enter, upload, paste, or otherwise transmit any [Confidential Information / Proprietary Information / Trade Secrets] into any AI tool unless that tool has been specifically approved for such use under [Company]'s AI Acceptable Use Policy and is configured with enterprise data protections.

This includes but is not limited to: customer data, financial information, employee records, legal documents, proprietary methodologies, source code, strategic plans, and any information subject to a non-disclosure agreement with a third party.

Employees are responsible for reviewing AI-generated output before use. AI output based on confidential input may reproduce or reveal protected information. Employees must review all AI-generated content for inadvertent disclosure before sharing it internally or externally.

Why This Matters

The Proskauer guidance on AI-driven workplace tools (2025) is explicit: policies should prohibit employees from using “company or third-party proprietary information, any personal information, or any customer or third-party data as input” to unapproved AI tools. Littler recommends that any AI system “not explicitly approved in the policy is expressly prohibited.” The handbook confidentiality section is where this prohibition gains teeth — it connects AI use to the non-disclosure obligations the employee already agreed to follow.

Section 2: Use of Company Resources

The Problem

Most handbook “use of company resources” sections cover computers, email, internet access, and sometimes personal devices. They establish that company-provided technology is for business purposes, that the company may monitor usage, and that employees should not use company resources for unauthorized purposes.

These sections were written when “unauthorized use” meant personal email or visiting social media during work hours. They do not address an employee using a company laptop to access a free AI tool that processes company data on external servers — or an employee using a personal phone to photograph a whiteboard and upload it to an AI image analysis tool.

SHRM’s 2025 research finds 43% of organizations now use AI in HR tasks, up from 26% in 2024. The adoption curve is steeper among individual employees. The resources section needs to establish what “authorized AI use” means and connect it to the approved-tools list in the AUP.

What to Add

Insert the following into the existing use of company resources or technology use section:

Artificial Intelligence Tools. The use of AI tools — including but not limited to generative AI chatbots, coding assistants, image generators, and AI-enhanced features within existing software — is subject to [Company]'s AI Acceptable Use Policy. The following rules apply to all employees using company resources or conducting company business:

1. Approved tools only. Employees may only use AI tools that have been reviewed and approved by [IT / the AI governance committee / designated approver]. The current list of approved tools is maintained in [location]. Using unapproved AI tools on company devices, networks, or for company work on personal devices is prohibited.

2. AI features in existing software. Many tools [Company] already licenses (including [e.g., Microsoft 365, Salesforce, Google Workspace, Zoom]) now include AI features that may be active by default. Employees should be aware that using AI-powered features in these tools — such as meeting transcription, email drafting suggestions, or document summarization — may process company data through AI systems. [Company] will communicate which embedded AI features are approved for use and which should be disabled.

3. Monitoring. [Company] reserves the right to monitor the use of AI tools on company devices and networks, consistent with applicable law. This includes logging which AI tools are accessed, what data is submitted, and how outputs are used.

4. Work product and intellectual property. All work product created using AI tools in the course of employment remains [Company] property, consistent with existing intellectual property and work-for-hire provisions of this handbook. Employees should be aware that purely AI-generated content may not be eligible for copyright protection under current U.S. law (U.S. Copyright Office, January 2025; Thaler v. Perlmutter, affirmed March 2026). Employees must apply sufficient human judgment, editing, and creative input to AI-assisted work to maintain intellectual property protections.

Why This Matters

The intellectual property clause addresses a risk most handbooks ignore entirely. The U.S. Supreme Court declined to hear the Thaler appeal on March 2, 2026, leaving intact the rule that works without a human creator are ineligible for copyright protection. An employee who generates a client deliverable, marketing copy, or technical documentation primarily through AI prompts — without meaningful human creative contribution — may produce work the company cannot protect. The handbook is where this expectation gets established before the deliverable ships, not after the IP dispute.

Section 3: Performance Evaluation

The Problem

This is the section with the most active regulatory exposure. Illinois HB 3773 (effective January 1, 2026) now requires employers to notify employees when AI is used in “recruitment, hiring, promotion, renewal of employment, selection for training or apprenticeship, discharge, discipline, tenure, or the terms, privileges, or conditions of employment.” The law requires this notice to appear in employee handbooks, on the employer’s premises, on the intranet or website, and in job postings.

Colorado SB 24-205 (effective June 30, 2026) requires employers using “high-risk” AI systems in employment decisions to conduct risk assessments, provide transparency notices, and implement bias testing. New Jersey adopted regulations (effective December 15, 2025) governing disparate impact from automated employment decision tools. California’s automated decision system regulations require anti-discrimination measures, routine independent audits, and four-year data retention.

Gartner’s 2025 survey (n=not disclosed) finds that 88% of HR leaders say their organizations have not realized significant business value from AI tools — yet AI is already embedded in many HR platforms used for performance management, compensation analysis, and promotion recommendations. The handbook performance evaluation section must address AI’s role before a regulator, an employee, or a jury asks why it did not.

What to Add

Insert the following into the existing performance evaluation or performance management section:

Use of AI in Performance Management. [Company] may use technology tools, including those with artificial intelligence or automated decision-making capabilities, to support — but not replace — human judgment in performance evaluations, compensation decisions, promotion recommendations, and other employment-related decisions.

Disclosure. Consistent with applicable law, [Company] will notify employees when AI tools or automated systems are used in connection with decisions that materially affect their employment, including but not limited to performance ratings, promotion eligibility, compensation adjustments, and disciplinary actions. [For Illinois employers: This notice is provided pursuant to the Illinois Human Rights Act, as amended by HB 3773.]

Human oversight. No employment decision will be made solely by an AI system or automated tool. All AI-generated recommendations, scores, or assessments will be reviewed by a qualified human decision-maker before any action is taken. Employees have the right to request information about how AI tools contributed to decisions affecting their employment and to raise concerns through [Company]'s existing [complaint / grievance / HR review] process.

Bias prevention. [Company] will conduct periodic reviews of any AI tools used in employment decisions to evaluate potential bias or disparate impact on protected groups, consistent with federal, state, and local anti-discrimination laws.

Why This Matters

Fisher Phillips’ 2026 analysis warns that AI bias liability arises without discriminatory intent through the legal theory of “disparate impact” — when facially neutral AI systems produce outcomes disproportionately affecting protected groups. Two pending cases — Mobley v. Workday (California) and Harper v. Sirius XM (Michigan) — allege exactly this pattern. The 80/20 rule applies: if a protected group’s selection rate falls below 80% of the most favored group’s rate, the employer faces potential liability whether or not a human made the final decision.

Gartner’s December 2025 survey finds 65% of employees are excited to use AI at work — but only 26% of job applicants trust that AI will evaluate them fairly (Gartner, July 2025). The handbook disclosure is not just a compliance requirement. It is a trust-building mechanism that tells employees the company takes fairness seriously enough to put it in writing.

Key Data Points

What This Means for Your Organization

The three updates above are not aspirational. They are the minimum language that closes the gap between what employees are doing with AI today and what the handbook says they can do. The standalone AI acceptable use policy sets the rules. The handbook makes those rules enforceable by embedding them in the document every employee signed.

The regulatory timeline makes this urgent. If the organization has employees in Illinois, the handbook should already include AI notification language — HB 3773 has been in effect since January 1, 2026, and requires notices in handbooks specifically. Colorado’s requirements take effect June 30, 2026. New Jersey’s automated employment decision tool regulations have been live since December 15, 2025. California’s ADS regulations require four-year data retention for all AI-related employment decisions. Waiting for “a comprehensive AI governance program” before updating the handbook is the same logic that produced the 56% of companies with no AI policy at all.

The practical path: draft the three clause additions above (two hours of internal work), review with employment counsel familiar with the organization’s state-specific obligations (one to two hours of outside counsel time), publish in the next scheduled handbook update, and require acknowledgment from all employees. The total cost is less than a single day of legal fees. The cost of not doing it is measured in litigation exposure, regulatory penalties, and the ambiguity that lets the next AI incident become an employment dispute.

If these updates raised questions about how AI language intersects with the organization’s specific handbook structure or regulatory exposure, that conversation is worth having — brandon@brandonsneider.com.

Sources

1. Littler Mendelson, “C-Suite Executives Are Advancing Workplace Generative AI Policies as Risks Mount” (2024 C-Suite Survey, n=330+). Independent employment law firm survey. https://www.littler.com/press/press-release/c-suite-executives-are-advancing-workplace-generative-ai-policies-risks-mount

2. IBM, “AI Adoption in the Enterprise” (n=604, 2025). Major technology firm survey on enterprise AI usage patterns. Shadow AI adoption statistic cross-referenced with UpGuard (n=1,562, November 2025).

3. SHRM, “The Role of AI in HR Continues to Expand” (2025). Leading HR professional organization tracking AI adoption across HR functions. https://www.shrm.org/topics-tools/research/2025-talent-trends/ai-in-hr

4. Gartner, “88% of HR Leaders Say Their Organizations Have Not Realized Significant Business Value from AI Tools” (October 2025). Independent analyst firm. https://www.gartner.com/en/newsroom/press-releases/2025-10-28-gartner-survey-shows-88-percent-of-hr-leaders-say-their-organizations-have-not-realized-significant-business-value-from-ai-tools

5. Gartner, “65% of Employees Are Excited to Use AI at Work” (December 2025). https://www.gartner.com/en/newsroom/press-releases/2025-12-16-gartner-hr-survey-finds-65-percent-of-employees-are-excited-to-use-ai-at-work

6. Gartner, “Just 26% of Job Applicants Trust AI Will Fairly Evaluate Them” (July 2025). https://www.gartner.com/en/newsroom/press-releases/2025-07-31-gartner-survey-shows-just-26-percent-of-job-applicants-trust-ai-will-fairly-evaluate-them

7. U.S. Copyright Office, “Copyright and Artificial Intelligence” (January 2025). Federal guidance on copyrightability of AI-generated works. https://www.copyright.gov/ai/

8. U.S. Supreme Court, cert. denied in Thaler v. Perlmutter (March 2, 2026). Affirms AI-generated works without human authorship are not copyrightable.

9. Illinois General Assembly, HB 3773 — amendments to the Illinois Human Rights Act addressing AI in employment (effective January 1, 2026). Requires employer notification in handbooks when AI is used in employment decisions. https://www.seyfarth.com/news-insights/legal-update-new-illinois-ai-law-requires-employee-notice-affirms-existing-employer-nondiscrimination-duties.html

10. Colorado General Assembly, SB 24-205 — Colorado Artificial Intelligence Act (effective June 30, 2026). Requires risk assessments, transparency notices, and bias mitigation for high-risk AI employment systems. Small business exemption for employers with fewer than 50 employees. https://ogletree.com/insights-resources/blog-posts/colorados-artificial-intelligence-act-what-employers-need-to-know/

11. New Jersey Administrative Code, N.J.A.C. 13:16 — disparate impact regulations for automated employment decision tools (effective December 15, 2025).

12. Fisher Phillips, “Why You Need to Care About AI Bias in 2026 and How a Bias Audit Can Help You Avoid Danger” (2026). Employment law firm analysis of pending AI bias litigation. https://www.fisherphillips.com/en/news-insights/why-you-need-to-care-about-ai-bias-in-2026.html

13. K&L Gates, “Navigating the AI Employment Landscape in 2026: Considerations and Best Practices for Employers” (February 2, 2026). Comprehensive state-by-state AI employment law analysis. https://www.klgates.com/Navigating-the-AI-Employment-Landscape-in-2026-Considerations-and-Best-Practices-for-Employers-2-2-2026

14. Littler Mendelson, “Considerations for Artificial Intelligence Policies in the Workplace” (2025). Practical guidance on AI policy structure and handbook integration. https://www.littler.com/news-analysis/asap/considerations-artificial-intelligence-policies-workplace

15. Proskauer Rose LLP, “Artificial Intelligence (AI) Driven Tools in the Workplace Policy” (2025). Model policy guidance for AI workplace data restrictions. https://www.proskauer.com/uploads/artificial-intelligence-ai-driven-tools-in-the-workplace-policy

Brandon Sneider | brandon@brandonsneider.com March 2026