An AI Acceptable Use Policy (AI AUP) is a written policy that governs how employees, contractors, and — increasingly — agents and automated systems use AI tools inside an organization. A complete AI AUP answers six questions:
Most first-draft AI policies answer questions 1–5 in text and skip question 6 entirely. That's the gap this post exists to close.
Three shifts made the AI AUP non-optional:
1. Shadow AI is the default state. The average mid-market enterprise has 3–5× more AI tools in use than IT has sanctioned. Employees have already decided which tools they use. The AUP is the chance to intervene before the next data leak.
2. Regulatory and audit scope has caught up. SOC 2 auditors, HIPAA assessors, and PCI QSAs now routinely ask for the AI AUP. The EU AI Act (in force since August 2024) requires documented governance over AI usage for covered systems. NIST AI RMF and ISO 42001 both call out acceptable-use as a required control.
3. Litigation has moved upstream. The Samsung source code leak, multiple hospital HIPAA incidents, and repeated public ChatGPT data exposures all have one thing in common: no documented AI AUP, or one with no enforcement. Post-incident, the absence of a credible policy is the single most damaging fact in the record.
Strong AI AUPs share the same eight components. Any missing component is a known failure mode.
Component 1 — Scope and Applicability. Who the policy applies to (employees, contractors, agents, vendors), which AI systems it covers (generative AI, agentic AI, embedded AI features in SaaS), and which devices (corporate-managed, BYOD, personal).
Component 2 — Definitions. Define generative AI, agentic AI, shadow AI, foundation model, prompt, model output, model context protocol (MCP), sensitive data (PII, PHI, PCI, trade secrets, source code, credentials). Ambiguous policies get argued around.
Component 3 — Sanctioned AI Tools List. An explicit list of approved AI tools (enterprise ChatGPT, Copilot, Claude for Business, Gemini for Workspace, internal AI copilots). Anything not on the list is unsanctioned.
Component 4 — Data Classification and Permitted Use. A clear mapping of which data classes may be used with which AI tools. Public data → any tool. Internal → sanctioned tools only. Confidential → sanctioned tools with enterprise contract. Restricted (PHI, PCI, secrets) → prohibited unless explicitly approved in writing for a specific use case.
Component 5 — Prohibited Uses. Specific uses that are prohibited regardless of tool or data class. Common entries: generating legal or medical advice for external parties, making employment decisions, generating regulated disclosures, impersonation, generating code to bypass security controls, circumventing authorization checks.
Component 6 — Oversight and Review. When human review is required before AI output is used for a consequential decision. Typically includes: external communications, legal documents, security and privacy decisions, employment actions, financial decisions above a threshold.
Component 7 — Incident Reporting. How employees report suspected AI-related incidents (inadvertent data sharing, harmful output, prompt injection). Timeline for reporting. Escalation path.
Component 8 — Enforcement. Technical and operational controls used to enforce the policy, and disciplinary consequences for violations. This is the component most policies skip.
Copy this template into your policy system. Replace the [bracketed] placeholders with your organization's details. Sections are framework-aligned to NIST AI RMF, EU AI Act, ISO 42001, SOC 2, and HIPAA.
Version: 1.0 · Owner: [Chief Information Security Officer] · Effective date: [Date] · Review cadence: Annual or upon material change
This policy defines how employees, contractors, and other authorized users of [Company Name] may use artificial intelligence (AI) tools in the course of their work. It protects company and customer data, meets regulatory and contractual obligations, and supports responsible AI use aligned with [NIST AI RMF / EU AI Act / ISO 42001].
This policy applies to:
Only the following AI tools are sanctioned for work use:
Any AI tool not on this list is unsanctioned and prohibited for work use, including personal accounts of otherwise-sanctioned tools (e.g., personal ChatGPT Plus). Exceptions require written approval from [AI Review Board].
Employees are responsible for classifying data before AI use. Where classification is uncertain, default to the more restrictive class.
Regardless of tool or data class, the following are prohibited:
For the following categories, human review is required before acting on AI output:
Reviewers must document (in the relevant system of record) that the review occurred.
[Company Name] reserves the right to discover, audit, and remove unsanctioned AI tools from corporate-managed devices and networks. Shadow AI discovery is conducted by [Security Team] using [approved discovery tool — e.g., Strac Endpoint + Browser DLP].
[Company Name] uses technical controls to enforce this policy:
Enforcement platform: [Strac / your chosen AI governance platform].
Employees are notified that AI tool usage may be logged and inspected in accordance with applicable law and [Company Name]'s privacy notice.
Employees must report the following within [24 hours / 1 business day] to [security@company.com]:
Good-faith reporting is protected; failure to report is a violation.
All employees complete AI acceptable use training at onboarding and annually thereafter. Role-specific training applies to engineering, legal, security, and customer-facing teams.
Violations of this policy may result in, depending on severity: additional training, removal of AI tool access, disciplinary action up to and including termination, and legal action. Certain violations (intentional exfiltration, repeated Restricted data violations) are grounds for immediate termination.
This policy is reviewed annually and upon material change (new AI tool, new regulation, material incident). Material changes require approval by [AI Review Board].
All employees acknowledge this policy at onboarding and annually thereafter. Acknowledgment is recorded in [HR system].
The AI AUP is the easy part. The hard part is that policy ≠ control.
Symptoms of a policy-only AI AUP:
When the first incident happens — and it always happens — "we had a policy" is not a defense. Regulators ask: what control did you operate? Auditors ask: show me the logs. Courts ask: what was your reasonable standard of care?
A working AI AUP runs on five technical controls:
Every one of those controls is what turns a policy binder into a governance program.
Strac is the operational layer underneath an AI AUP. The policy you write stays the policy you write — Strac generates the enforcement events and compliance evidence that prove it works.
Deploys in under 10 minutes with no proxy and no TLS break.
An AI Acceptable Use Policy is a foundational control for any enterprise using AI in 2026. But a policy is only the first half. The second half is enforcement — real-time prompt inspection, shadow AI discovery, cross-SaaS redaction, and continuous evidence generation.
Copy the template above. Customize it. Deploy the enforcement layer alongside it. The organizations that do both are the ones that survive the first AI incident without a six-figure legal bill.
Book a 15-minute demo to see how Strac enforces your AI AUP — with real controls, continuous evidence, and deployment in under 10 minutes.
Related reading: AI Governance Framework · AI Governance Policy · AI Usage Governance vs Model Governance · What Is AI Governance? · 14 Best AI Governance Tools · Shadow AI · ChatGPT Security Risks
Directly: not in most jurisdictions yet. Indirectly: yes, for most enterprises. SOC 2, HIPAA, PCI DSS, GDPR, and EU AI Act all require documented governance over data handling and system use — which covers AI usage. The absence of an AI AUP is routinely called out as a gap in 2026 audits. Several state privacy laws (CCPA / CPRA, Colorado, Virginia) and sectoral regulators (HHS, FTC, SEC, NYDFS) have issued AI-specific guidance that makes a documented AUP effectively mandatory for covered entities.
An AI Acceptable Use Policy governs how people use AI tools — which tools, what data, what prohibited uses, what oversight. An AI Governance Policy is the broader program-level policy governing how the organization governs AI as a whole — risk assessment, vendor review, model inventory, committee structure. The AUP is one document inside a complete AI Governance Policy program. A mature program has both.
Generally no. Traditional AUPs focus on network, device, and SaaS use. They don't address data classes and AI, prompt content, model outputs, shadow AI discovery, MCP/agentic AI, or human oversight of AI-assisted decisions. Auditors and regulators increasingly expect a dedicated AI AUP. The template in this post can be adopted as a standalone policy or as an AI-specific annex to your existing AUP.
Enforcement requires five technical controls: real-time prompt inspection on sanctioned AI tools; shadow AI discovery on endpoints and browsers; cross-SaaS redaction on data-rich channels that feed AI connectors; endpoint data lineage; and continuous compliance evidence generation. Together they turn the policy from a written statement into an operational control. Strac is built specifically to operate all five.
Short and explicit. Most mature programs sanction 3–6 tools: an enterprise ChatGPT or Copilot for general productivity, a coding assistant (GitHub Copilot, Cursor), and at most one or two specialist tools (Claude for long-context work, a domain-specific AI). Long lists become unenforceable; short lists force intentional choices. Run shadow AI discovery first so the list reflects real usage patterns — otherwise the policy will be violated on day one.
At minimum annually. Trigger an out-of-cycle review on any of: new AI tool onboarded, new regulation in your jurisdiction, material AI-related incident, change to data classification scheme, material change to the enterprise contract with any sanctioned AI vendor. AI moves faster than most policy review cycles — be explicit about the triggers that override the annual cadence.
Strac enforces Sections 4 (sanctioned tools list, via browser extension and endpoint agent), 5 (data classes, via real-time prompt inspection across 100+ data types including inside attachments), 6 (prohibited uses, via custom detectors and MCP DLP), 8 (shadow AI discovery, via endpoint and browser), 9 (monitoring and audit logs, with SIEM-native export), and 10 (incident reporting, via automated incident creation on Block events). Compliance evidence is pre-mapped to NIST AI RMF, EU AI Act, ISO 42001, SOC 2, HIPAA, PCI DSS, ISO 27001, GDPR, and CCPA.
.avif){kind=icon}
.gif)
.webp)
