Skip to content
All posts
Policy4 June 2026 · 5 min read

The one-page AI policy your team will actually follow

Long policies get skimmed once and forgotten. Here is a short, plain AI policy that fits on a page and actually changes behaviour, with a template you can copy.

By Fez Yousuf
A glowing gold data file travelling along circuitry away from an office toward a large dark cloud server

Most AI policies fail for the same reason most policies fail: they are too long to read and too vague to use. Twenty pages of “employees shall exercise appropriate caution” tells nobody what to actually do at 3pm with a client file open.

A policy only works if a busy person can remember it. So make it fit on one page, in plain words, with rules you could say out loud.

What a one-page policy needs to cover

You only need to answer five questions clearly.

What can never go into a public AI tool. Be specific to your work: client names tied to their details, tax file numbers, financial records, identity documents, health information, anything under legal privilege.

Which tools are approved, and for what. Name the actual tools your team should use, and the ones they should not. Vagueness is where shadow AI grows.

What is fine to use AI for. Just as important as the limits. Tell people the green-light uses so they feel encouraged, not policed: drafting general text, summarising public information, brainstorming, formatting.

What to do when unsure. Give one simple fallback, usually “ask before you paste.” Most mistakes happen in the grey zone, so make the grey zone easy to resolve.

Who owns it. One named person to ask, and a date to review it, because tools change fast.

A template you can copy

Cruxen AI use policy (v1)

We use AI to work faster. We never let it put client information at risk.

  1. Never paste client-identifying or confidential information into a free or personal AI tool.
  2. For anything touching client data, use only our approved business tools: [list them].
  3. AI is encouraged for general drafting, summarising public material, formatting, and brainstorming.
  4. If you are not sure whether something is safe to paste, ask [name] first. No one is ever in trouble for asking.
  5. Questions or new tools: talk to [name]. We review this page every [quarter].

That is the whole thing. It is short on purpose. A rule that gets remembered beats a manual that gets ignored.

Make it real, not a poster

A policy on a shared drive that nobody opened is not a policy. Spend fifteen minutes walking the team through it, give a couple of real examples of right and wrong, and make clear that asking questions is welcome. The tone matters: this is about protecting clients and protecting staff from an honest mistake, not catching people out.

If you would like a version of this tailored to your firm and the tools you actually use, it is part of the training and policy work we do, and it usually starts from what an AI Readiness and Security Assessment finds.

Want this sorted for your business?

An AI Readiness and Security Assessment is a short, fixed-scope look at where AI fits and where your data is exposed, with a plain plan to fix it.

Book a free discovery call

Keep reading, or get a plan.

Browse more plain-spoken notes, or book a free call to talk about your business.

Book a free discovery callBack to all posts