How to communicate your AI policy so employees actually follow it — not just email a PDF that lives in a folder nobody opens. The 5 most common employee questions, how to answer them, and a template to get started.
Quick Answer
An AI use policy only works if employees actually read and understand it. The five questions employees always ask cover: what tools are approved, what data is off-limits, who owns AI-generated work, when human review is required, and what happens if they make a mistake.
Key Takeaways
On this page
Most AI policies are written for lawyers and auditors. Employees don't need that. They need to be able to answer 3 questions on their own, in 10 seconds:
"Can I use [tool] for this task?"
Answered by your approved tool list.
"Can I put this data into an AI tool?"
Answered by your data rule.
"Does this AI output need review before I send it?"
Answered by your output standard.
Everything else in your AI governance documentation — the incident response plan, the data classification framework, the vendor review process — is important infrastructure. But employees don't need it to do their jobs. What they need is a short, clear reference that answers those 3 questions.
Your employee-facing AI guidelines should be 1–2 pages. Everything else can live in the full policy document that managers and ops leaders reference.
Live walkthrough (mandatory)
A 30-minute team session where you walk through the policy, show real examples ("here's what you can do, here's what you can't, here's why"), and answer questions. Record it for future employees. This session does more for actual compliance than any document.
Tip: Make it interactive: show 5 real scenarios and have the team say whether it's allowed or not. Then reveal the answer. People remember what they figure out themselves.
One-page reference card
Not the full policy — a reference card with the approved tool list, the data rule in one sentence, and "if in doubt, ask [person]." Employees can pin this, screenshot it, or keep it bookmarked. Design it to be glanceable.
Tip: The simpler it is, the more likely it gets used. Resist the urge to add caveats and edge cases.
Onboarding integration
Add the AI policy to your onboarding checklist. New employees sign off on it on day 1 (or day 2). Review it during their first-week orientation. Don't treat it as optional.
Tip: Make it part of your Atlas onboarding SOP so it's documented and repeatable.
SOP headers
For SOPs that include AI steps, add a header note: "AI use in this process follows our AI Guidelines — see [link]." This creates a contextual reminder exactly when employees are doing the work the policy applies to.
Tip: Atlas makes this natural: link to your AI policy from every AI-enabled SOP.
Use these to build your FAQ section for employees. Customize the bracketed fields for your company.
1. "Can I use ChatGPT for this?"
Check the approved tool list. If the tool is on it, yes — as long as you follow the data rules. If it's not on the list, ask [AI governance owner] before using it for work tasks.
Replace [AI governance owner] with the actual person/role at your company.
2. "Can I paste client data into an AI tool?"
No. Client data — including names, contact information, contracts, financials, and any information marked or obviously confidential — cannot be pasted into AI tools unless you're using an enterprise-licensed tool with a data processing agreement. If you're unsure whether something qualifies as client data, treat it as if it does.
Adjust if your company has enterprise AI licenses with different data terms.
3. "Does my AI-generated work need to be reviewed before I send it?"
Yes, for anything that leaves the team. Any AI-generated content going to clients, being published externally, or informing a significant decision needs to be read and verified by a human who takes responsibility for its accuracy. The review standard is: you could stand behind it without the AI disclaimer.
Adjust the review standard based on your specific quality requirements.
4. "Do I need to tell clients I used AI?"
Review your client contracts. Some contain explicit AI provisions. If yours do, follow them. If they don't, disclosure is at your discretion — but the output must meet the same quality standard as manually produced work. When in doubt, disclose. Being honest about AI use is better than clients discovering it independently.
Update this based on your specific client contract terms.
5. "Is AI going to replace my job?"
We're implementing AI to eliminate repetitive, low-value tasks — not roles. The goal is that you spend more time on work that actually requires your expertise, judgment, and relationships. The tasks being automated are the ones that slow you down. The expectation is that you learn to use these tools effectively, because that's a skill that will matter increasingly.
Adapt this to your actual implementation goals — be honest, not just reassuring.
Copy and customize this for your team. Keep it to one page. Store it in Atlas alongside your prompts and SOPs.
TEMPLATE — AI Guidelines for [Company Name] Employees
Approved Tools
The following AI tools are approved for work use: • [Tool 1] — approved for [use cases] • [Tool 2] — approved for [use cases] • [Tool 3] — approved for [use cases] All other AI tools require approval from [AI owner] before work use.
Data Rule
Client data, financial data, and confidential company information cannot be entered into AI tools without prior approval. When in doubt: treat it as confidential.
Output Rule
AI-generated content that leaves our team (goes to clients, is published, or informs decisions) must be reviewed and approved by a human team member before use.
Questions?
For AI policy questions: contact [AI owner name] via [channel]. For urgent issues (potential data exposure): contact [person] immediately.
Incidents
If you think you may have shared data you shouldn't have, or used AI in a way that violated this policy: tell [AI owner] as soon as you notice. We'd rather know and address it than not know. There is no penalty for reporting in good faith.
Last updated: [Date] · Owner: [Name/Role] · Next review: [Date]
An employee-facing AI policy needs five things: (1) The list of approved AI tools — exactly which tools are OK to use at work. (2) The data rule — a clear, simple statement about what information can and cannot go into AI tools (especially client and confidential data). (3) The output rule — what happens before AI-generated content leaves the team (who reviews, what "approved" means). (4) How to get help — who to ask when they're unsure about an AI use case. (5) What happens when something goes wrong — a non-threatening path to report issues.
One to two pages maximum for the employee-facing version. Your full AI governance documentation can be longer, but the document employees interact with daily should be skimmable in 3 minutes. If it's longer than that, people won't read it — and an unread policy is no policy at all.
Three-channel approach: (1) Live walkthrough — 30-minute team session where you walk through the policy, show examples, and answer questions. Video-recorded for future employees. (2) Reference card — a one-page (or single slide) quick reference they can pin, save, or bookmark. Not the full policy — just the 5–7 things they need to remember. (3) Integration — add the AI policy to employee onboarding, SOP header pages, and relevant Slack/Teams channels. The goal is that employees encounter the policy in context, not just when it's first published.
The top 5: (1) "Can I use ChatGPT for [specific task]?" — answered by your approved tool list and data rules. (2) "Can I paste [specific data type] into an AI tool?" — answered by your data rule. (3) "Do I have to disclose that I used AI in my work?" — define your disclosure standard. (4) "What if I use AI and it's wrong?" — explain your review requirements. (5) "Is AI going to replace my job?" — address directly, honestly.
It depends on context. For internal work: generally no disclosure required if they're following the policy (approved tools, proper data handling, human review). For client deliverables: check your client contracts first — some explicitly prohibit AI use or require disclosure. For public content: increasingly, publishing standards require AI disclosure. Your policy should define disclosure requirements clearly by output type, not leave it to employees to figure out.
The ShiftWorks Foundations Workshop trains your team on exactly what's in this guide — what the policy means, how to use approved tools, and how to work with AI in a way that's consistent and compliant.
Hands-on. Role-specific. Includes your Atlas prompt library setup.