AI policy for SMEs: practical help, without the jargon
Your team is already using AI. An AI policy is how you set the ground rules: what is allowed, what is not, which data must never go near these tools, and who is accountable. We help UK SMEs put a practical one in place in days, not months.
Why you need an AI policy now
Staff are already using ChatGPT, Copilot, Claude and a dozen other tools. Without a policy you have no control over what data goes in, what decisions AI makes, or your exposure under UK GDPR, the DUAA 2025 (Article 22) and the Equality Act. An AI policy is the cheapest, fastest piece of governance you can put in place, and increasingly something clients, insurers and boards ask to see.
What a good AI policy covers
Acceptable use
Which tools are allowed, for what, and the data that must never be entered.
AI register
A simple inventory of where AI is used across the business.
Roles & accountability
Who owns AI decisions and the risks that come with them.
AI literacy
Basic training so staff use AI safely.
High-risk controls
Extra care where AI makes decisions about people.
Incident handling
What to do when something goes wrong.
How we help
We do not hand you a generic template and walk away. We tailor a policy to how your business actually uses AI, in plain English, and make sure it reflects what UK law requires versus what is voluntary best practice. It is part of our wider AI governance work.
Start free
Not sure where you stand? Take the free 10-minute AI Readiness Scorecard, or read our AI Policy Starter Checklist. Then we will help you turn it into a policy that fits.