AI governance guide

How to Create an AI Policy

A practical guide to creating an AI policy for employees, leaders and suppliers, including scope, rules, data controls and oversight.

Guide

Practical board-level starting point.

An AI policy should be short enough for people to use and clear enough for leaders to enforce. Start with scope, approved tools, prohibited data and human review requirements.

The policy should explain what employees may use AI for, what information must not be entered into public systems, and when outputs need checking before use.

For higher-risk use cases, connect the policy to an approval workflow, an inventory record and a named accountable owner.

Next steps

Turn the guide into action.

Board AI Readiness Scorecard · AI Use Case Risk Classifier · AI Policy Generator

Related guides