AI Acceptable Use Policy Template for Small Business (2026)
Your team is already using AI. The question is whether you have a written policy that protects your business — and keeps your insurance intact.
Why this matters NOW
Starting January 2026, insurers can exclude AI-related liability from general liability policies using Verisk's new CG 40 47 endorsement. Having a written AI use policy is one of the key factors carriers consider when deciding whether to offer affirmative AI coverage.
What Is an AI Acceptable Use Policy?
An AI Acceptable Use Policy (AUP) is a formal document that defines how employees can and cannot use artificial intelligence tools in your business. It covers which tools are approved, what data can be shared with AI systems, who is responsible for reviewing AI outputs, and what happens when something goes wrong.
Think of it as the “rules of the road” for AI in your company. Without one, every employee is making their own decisions about AI usage — and your business bears the liability.
Why Your Business Needs One in 2026
Insurance requirements
With Verisk's CG 40 47 and CG 40 48 endorsements now live, carriers can exclude AI liability from your GL policy. Having documented AI governance is increasingly required for affirmative coverage.
Legal compliance
The Colorado AI Act takes effect June 30, 2026. EU AI Act Article 50 hits August 2, 2026. Written AI policies are foundational to compliance with both.
Liability protection
If an employee uses ChatGPT to draft a client proposal that contains errors, or uses AI-generated images with copyright issues, your policy (or lack of one) determines your exposure.
Employee clarity
92% of small businesses use AI tools. Without a written policy, each employee decides for themselves what's appropriate. That's a risk you can eliminate in 15 minutes.
What to Include in Your AI Use Policy
A comprehensive AI Acceptable Use Policy should cover these sections:
1. Approved AI Tools
List every AI tool your company uses or permits employees to use. For each tool, specify:
- Tool name and vendor (e.g., ChatGPT by OpenAI)
- Approved use cases (e.g., “drafting internal emails” but not “client-facing proposals”)
- Risk level (Low / Medium / High)
- Who approved it and when
2. Prohibited Uses
Be explicit about what employees cannot do with AI:
- Entering customer PII, financial data, or health records
- Using AI outputs as legal, medical, or financial advice without human review
- Generating content that impersonates real people
- Using AI tools not on the approved list
- Sharing proprietary business information with AI systems
3. Human Review Requirements
Specify which AI outputs require human review before use. At minimum:
- All client-facing communications
- Any content published externally
- Financial calculations or projections
- Legal or compliance-related content
4. Data Privacy Rules
Define what data can and cannot be shared with AI tools. This is critical for insurance — data breaches involving AI are a growing exclusion trigger.
5. Incident Reporting
What happens when AI produces an error, a data breach, or a compliance violation? Define:
- Who to notify (manager, IT, compliance)
- Timeline for reporting (within 24 hours)
- Documentation requirements
- Remediation steps
6. Employee Acknowledgment
Every employee should sign an acknowledgment form confirming they've read and understood the policy. This is essential for liability protection and insurance documentation.
Skip the Template. Get the Full Kit.
CoverMyAI generates a complete, customized AI Acceptable Use Policy plus 4 additional governance documents — pre-filled for your industry, your tools, and your insurance renewal timeline.
Consultants charge $15,000-$35,000. This takes 15 minutes.
Free AI Acceptable Use Policy Template
Here's a basic template to get started. Note: this is a starting point — your policy should be customized for your industry, tools, and regulatory requirements.
[COMPANY NAME] — AI ACCEPTABLE USE POLICY
Effective Date: [DATE]
Version: 1.0
Purpose: This policy establishes guidelines for the acceptable use of artificial intelligence tools and technologies by [Company Name] employees, contractors, and agents.
1. SCOPE
This policy applies to all employees, contractors, and third-party agents who use AI tools in connection with [Company Name] business operations.
2. APPROVED AI TOOLS
The following AI tools are approved for business use:
• [Tool Name] — Approved for: [use cases]
• [Tool Name] — Approved for: [use cases]
Use of AI tools not listed above requires written approval from [designated authority].
3. PROHIBITED USES
• Entering customer personally identifiable information (PII)
• Sharing proprietary or confidential business information
• Using AI-generated outputs as final deliverables without human review
• Generating content that could be misleading or discriminatory
• Using unapproved AI tools for any business purpose
4. HUMAN REVIEW REQUIREMENTS
All AI-generated content must be reviewed by a qualified human before being used in client communications, published materials, financial documents, or legal/compliance contexts.
5. INCIDENT REPORTING
Any AI-related incident (errors, data exposure, compliance violation) must be reported to [designated contact] within 24 hours using [reporting method].
6. ACKNOWLEDGMENT
I have read and understand this AI Acceptable Use Policy. I agree to comply with all provisions.
Employee Signature: _____________ Date: _____________
Disclaimer: This template is provided for informational purposes only and does not constitute legal advice. Consult with a qualified attorney to ensure your AI use policy meets your specific legal and regulatory requirements.
Why a Template Isn't Enough
A generic template gets you started, but insurance carriers and regulators are looking for policies that are:
- Industry-specific — A healthcare company has different AI risks than a marketing agency
- Tool-specific — Your policy should reference the actual AI tools your team uses
- Integrated with risk assessment — Your governance docs should reflect your actual risk profile
- Paired with supporting documents — An AI Tool Registry, Employee Acknowledgments, and Incident Response Plan round out your governance framework
That's exactly what the CoverMyAI Governance Kit delivers — customized for your business in under 15 minutes.
Related Reading
- How to Write an AI Acceptable Use Policy When You Don't Have a Legal Team →
- AI Employee Policy Template: Complete Kit, Not Just a One-Pager →
- Verisk CG 40 47 Explained: The AI Exclusion Reshaping Insurance →
- Do You Need an AI Policy? Take This 2-Minute Quiz →
- 2026 AI Compliance: What Actually Applies to Small Businesses →
Check your AI insurance risk for free
Take the 60-second AI Gap Check to see if your business is exposed to the new AI exclusions.
Start Free Gap Check