Skip to content

AI · · 3 min read

A simple AI policy for small businesses: safe use on one page

Your staff already use AI. A simple policy makes that use safe without slowing it down. Here is what a good one-page AI policy should cover.

By Mediseo

The truth is that your staff already use AI — whether you have decided on it or not. The question is not whether, but whether they do it safely. A simple policy solves that, without making the use any harder than it needs to be.

Why you need a policy, not a ban

A ban on AI does not work. It just pushes the use onto personal accounts and phones, where you can neither see it nor steer it. Then you have the worst of both worlds: the risk, but no control.

A good policy does the opposite. It says yes to AI in a safe way, so people use approved tools instead of smuggling. The aim is clarity, not restriction.

Keep it to one page

An AI policy nobody reads is as worthless as no policy. So: one page, plain language, no clauses heavy with legalese. It should be readable in five minutes and memorable afterwards. Longer documents end up in a drawer.

What a good policy should cover

Most small businesses get by being clear on these five points:

1. Which tools are approved. List the few tools the business has an agreement with, and ask people to use them rather than random free services. Business versions with a data processing agreement, not personal accounts.

2. What must never be pasted in. The most important rule. Personal data, customer details, contracts and commercially sensitive material do not belong in open tools. Give concrete examples, not just principles.

3. That AI drafts, it does not produce finished replies. Anything touching customers, money or legal matters passes through a human before it is sent. AI can be wrong and sound just as confident when it is. The human owns the content.

4. When sources must be checked. AI makes things up with great confidence. Figures, quotes, names and facts that go onward must be verified against a reliable source — not against the model's memory.

5. Who to ask when in doubt. Name one person people can turn to. That lowers the threshold for asking before something goes wrong, rather than explaining afterwards.

What you do not need

It is just as useful to know what a small business policy does not need:

  • Not a legal treatise. You are writing a ground rule, not a contract.
  • Not a list of everything forbidden. A few clear noes are remembered; long lists are not.
  • Not a technical explanation of how AI works. People need to know what to do, not how the model functions.

Keep it simple enough that it is actually followed. A perfect policy nobody reads loses to a decent one everybody remembers.

Keep it alive

A policy written once and forgotten ages quickly — the tools and routines change. A couple of simple habits keep it current:

  • Raise it when new staff start.
  • Review it a couple of times a year, at the same time as you tidy your subscriptions.
  • Update it when a new tool is adopted, or an old one phased out.

A last word on privacy

Privacy is not an obstacle to using AI — it is the frame that makes safe use possible. Your obligations under data protection rules depend on the kind of data you handle, and this is general guidance, not legal advice. If you are unsure what kind of data you process, check that before pointing AI at customer details.

A simple policy is often the first step towards using AI with a clear conscience. If you would like help setting it in the context of how you actually work, you are welcome to book a quick call.

What we can do for you and your business.

Tell us briefly what you need help with — a new website, more visibility on Google, or just a once-over. We get back within a working day, usually with something concrete.

Book a free 20-min callBuild a site with us