Draft a first version of an AI acceptable-use policy
Produce a workable first draft of an AI usage policy for your organisation, sized to your sector and risk appetite.
Yours to copy, change, and make your own.
Replace every [BRACKETED PLACEHOLDER] with your own material before you send it.
You are helping a [ORGANISATION TYPE] in the UK draft its first AI acceptable-use policy. We have roughly [NUMBER OF STAFF] staff. Our main uses of AI today are: [CURRENT USES]. Our biggest worries are: [MAIN CONCERNS]. Draft a policy with these sections: 1. Purpose and who it applies to 2. What staff may use AI tools for 3. What staff must never put into AI tools (with concrete examples relevant to us) 4. Checking and accountability: who is responsible for AI-assisted output 5. Approved tools and how to request a new one 6. What happens if the policy is breached 7. Review date and owner Rules: - Plain English throughout. A new starter should understand it without a glossary. - Be specific rather than legalistic. "Do not paste client names into public AI tools" beats "exercise appropriate caution". - Mark any point where UK GDPR or sector regulation needs a specialist's review with [LEGAL REVIEW]. - Use British English.
- [ORGANISATION TYPE]
- What you are, for example "housing charity", "accountancy firm", or "multi-academy trust".
- [NUMBER OF STAFF]
- Approximate headcount, so the policy is sized sensibly.
- [CURRENT USES]
- How staff already use AI, honestly, including unofficial use.
- [MAIN CONCERNS]
- Your top two or three worries, for example client confidentiality or exam integrity.
Where it shines, and where it falls over.
- Organisations writing their first AI policy from scratch
- Updating a generic template to fit how your teams actually use AI
- Producing a discussion draft for a leadership or board meeting
- Paste in your existing IT or data-protection policy and ask the model to keep the new policy consistent with it.
- Ask for a one-page staff summary alongside the full policy; most people will only read the summary.
This gives you a first draft, not a finished policy. The model does not know your regulator, your insurance terms, your union agreements, or your existing IT policies, and it will happily write rules that contradict them. Anything marked for legal review genuinely needs it, and ideally the whole document does.
It also fails when the inputs are vague. If you tell it your concerns are "data protection" and nothing else, you get a generic policy that reads like every other template on the internet. The specific examples in section 3 are the most valuable part; feed the model real scenarios from your organisation to get them.
AI output is a first draft, not a finished product. You are responsible for whatever you send, publish, or decide with it.
More prompts worth exploring.
Theme free-text survey responses
Turn hundreds of open-ended survey comments into a small set of evidenced themes, with counts and representative quotes.
Write a job description that attracts the right people
Draft a job description from a role outline: honest responsibilities, a short essential-criteria list, and no boilerplate.
Draft a difficult email
Get a firm, fair first draft of an email you have been putting off: chasing, declining, apologising, or pushing back.

