PwC 2026 Research: 72% of companies have no AI policy. Is yours one of them?
Be among the first to secure your company's AI usage

Your team is using AI. Do you have a policy?

Get a professional AI governance starting point for your business in 10 minutes. Customized to your industry, your tools, your data.

72% have no AI policy
10 min to generate
Generate My AI Policy — FreeSee How It Works

No credit card required · Based on PwC, ISACA & NIST frameworks

Built on research from PwC, ISACA, and NIST frameworks

Your employees are using AI right now. With zero rules.

Right now, someone on your team is probably:

Pasting customer emails into ChatGPT to draft replies

Uploading financial spreadsheets to get AI analysis

Using Copilot to write code with your proprietary logic

Asking AI tools questions that reveal trade secrets

Without a policy, there's nothing stopping them. Most AI tools explicitly state that they may use your inputs for training. Your confidential data could end up in someone else's AI response.

ChatGPT
U

Can you analyze this spreadsheet? It has our Q3 revenue by client:

Acme Corp — $2.4M ARR — Contract ends 09/2026

GlobalTech — $890K — At risk of churn

Smith & Partners — $1.2M — NDA active

Confidential client data exposed to a third-party AI

AI

Sure! Based on the data, here are your top clients by revenue...

This data may be used for model training

72%

of companies have no AI policy

(Source: PwC/ISACA 2026)

36%

have no AI governance function at all

(Source: PwC Canada)

Only 6%

of cybersecurity leaders say they're fully prepared

(Source: PwC Digital Trust)

~50%

of execs say operationalizing responsible AI is their biggest challenge

(Source: PwC)

Don't be part of the 72%

5 professional documents. Customized to your business.

Here's exactly what's inside your AI governance pack.

AI Acceptable Use Policy

The main policy your employees read and sign. Covers approved tools, data rules, dos and don'ts, and consequences. 3–5 pages, written in plain English.

Included in all plans

Approved AI Tools Register

A table listing every AI tool your team uses — who can use it, what data it can access, and its risk level. Makes ‘is this tool approved?’ a 2-second answer.

Pro & Team plans

Data Classification Guide

A one-page cheat sheet: Red zone (never enter into AI), Yellow zone (with approval only), Green zone (safe to use). Print it. Laminate it. Put it on every desk.

Pro & Team plans

Employee Acknowledgment Form

A sign-off form for onboarding. ‘I have read and understood the AI policy.’ Signature line, date, department. Simple and print-ready.

Pro & Team plans

Quarterly Review Checklist

15 yes/no questions a manager answers every 90 days. Takes 15 minutes. Keeps your governance current as AI tools evolve.

Pro & Team plans

See what you'll get — a real example

Here's an actual AI Acceptable Use Policy generated for a fictional 25-person marketing agency.

SAMPLE

DISCLAIMER: This document is a template generated by GetAIPolicy.co for informational purposes only. It does not constitute legal advice. Consult a qualified attorney before implementing any AI governance policy.


AI Acceptable Use Policy: BrightSpark Marketing


Company Name: BrightSpark Marketing

Effective Date: March 1, 2026

Version: 1.0

Next Review Date: June 1, 2026



1. PURPOSE

BrightSpark Marketing embraces AI as a tool to enhance creativity and operational efficiency. This policy establishes a framework to ensure that AI usage remains secure, ethical, and aligned with our commitment to protecting client privacy and intellectual property.


2. SCOPE

This policy applies to all employees, contractors, and interns at BrightSpark Marketing, regardless of their location or employment status.


3. DEFINITIONS

  • AI Tools: Software or systems that use artificial intelligence to perform tasks.
  • Generative AI: AI capable of creating new text, images, or audio (e.g., ChatGPT, Midjourney).
  • AI-Generated Content: Any output created by an AI tool that is intended for internal or client use.
  • Sensitive Data: Information that could harm the company or a client if leaked, including Customer PII (Personally Identifiable Information) and Intellectual Property (IP) trade secrets.
  • Approved Tools: AI software that has been vetted and cleared for use by BrightSpark management.

    • 4. APPROVED AI TOOLS


    Tool NameApproved Use CasesRestrictionsData Allowed ChatGPTDrafting emails, brainstorming, researchNo sensitive client dataPublic/Non-Sensitive MidjourneyVisual concept art, mood boardsReview for IP infringementPublic/Non-Sensitive JasperMarketing copy draftingHuman review requiredPublic/Non-Sensitive Grammarly AISpelling, grammar, tone checkNo PII in text inputsInternal Only Any New ToolN/ARequires manager approvalNone until approved

    5. ACCEPTABLE USES

    Employees are encouraged to use approved AI tools to:

  • Accelerate drafting processes for marketing campaigns.
  • Perform initial market research and data summarization.
  • Optimize workflows and improve content quality.
  • Brainstorm creative concepts for client deliverables.

    • 6. PROHIBITED USES

    Employees must never perform the following actions:

  • Entering sensitive customer PII or company trade secrets into public AI models.
  • Using AI to make final strategic decisions regarding client accounts without human intervention.
  • Bypassing company security settings or using personal AI accounts for work-related tasks.
  • Claiming AI-generated output as original human work without proper attribution or legal vetting.
  • Using AI to generate content that violates copyright laws or creates defamatory materials.

    • Join waitlist to see the full policy
    7 more sections including data handling, disclosure rules, and enforcement...

    This is a real output.

    This AI Acceptable Use Policy was generated for a fictional 25-person marketing agency called BrightSpark Marketing. It includes:

    • Industry-specific language for marketing/creative agencies
    • Approved tools table with risk levels and data restrictions
    • Client IP and NDA protections
    • Red/Yellow/Green data classification specific to agency work
    • Disclosure requirements for AI-generated client deliverables

    Your policy will be customized to YOUR industry, YOUR tools, and YOUR data sensitivity.

    Generate yours in 10 minutes

    How It Works

    From zero policy to fully customized governance pack in three simple steps.

    1

    Answer 15 quick questions

    About your company, the AI tools you use, and the data you handle. Takes about 5 minutes.

    2

    We generate your custom policy pack

    AI-powered, industry-specific documents tailored to your exact situation. Ready in under 30 seconds.

    3

    Download and deploy

    Professional PDF + editable Word docs. Review, customize, and distribute to your team.

    Your AI policy in 3 phases — from template to implemented

    GetAIPolicy gives you the starting point. You make it yours.

    1
    What you get today

    Get your starting point

    Answer 15 questions. Get 5 professionally structured documents customized to your industry, AI tools, and data sensitivity. Done in 10 minutes.

    2
    Your next step

    Review & make it yours

    Edit the Word docs with your team. Add company-specific details, adjust the tone, fill in the [placeholder] fields. We recommend having your attorney review before finalizing.

    3
    Coming soon

    Stay current

    AI regulations evolve constantly. Our upcoming quarterly subscription ($19/mo) keeps your policy updated as laws change, new tools emerge, and best practices shift.

    Customized for your industry. Not a generic template.

    GetAIPolicy generates different policies for different industries — because a healthcare clinic and a marketing agency have very different AI risks.

    Healthcare

    Includes HIPAA-aware language for patient data protection

    SaaS / Tech

    Code review requirements for AI-generated code, OSS compliance

    Marketing Agency

    Client IP ownership, content disclosure requirements

    Financial Services

    SOX compliance, algorithmic fairness considerations

    Education

    FERPA student data rules, academic integrity guidelines

    Legal

    Attorney-client privilege protections, confidentiality safeguards

    Also supports: Retail, Manufacturing, Nonprofit, Consulting, and more.

    Generate your industry-specific policy

    Not a random template. Built on recognized frameworks.

    Our document generation is informed by established AI governance standards used by enterprises worldwide.

    PwC

    PwC Responsible AI Framework

    Our risk assessment methodology draws from PwC’s 2026 Responsible AI research and governance recommendations.

    NIST

    NIST AI Risk Management Framework

    Document structure follows NIST AI RMF guidelines for identifying and managing AI-related risks.

    ISACA

    ISACA AI Governance Standards

    Policy templates incorporate ISACA’s AI acceptable use policy framework and compliance checklists.

    EU/US

    EU AI Act & US AI Action Plan

    Industry-specific sections reference key regulatory requirements from both EU and US governance initiatives.

    GetAIPolicy is not affiliated with or endorsed by these organizations. Our templates are informed by their publicly available frameworks and guidelines.

    Simple, One-Time Pricing

    No subscriptions. No hidden fees. Pay once, download your customized policy pack.

    Starter

    Perfect for small teams getting started with AI governance.

    $29one-time
    • 1 AI Acceptable Use Policy
    • PDF + DOCX format
    • Industry-customized
    • Email delivery
    Get Started
    Most Popular

    Pro

    Complete governance pack for growing companies.

    $49one-time
    • Full 5-document governance pack
    • PDF + DOCX format
    • Industry-specific presets
    • Data classification guide
    • Employee acknowledgment form
    • Quarterly review checklist
    Get Started

    Team

    Everything you need to roll out AI governance company-wide.

    $79one-time
    • Everything in Pro
    • Company branding on documents
    • 2 free regenerations
    • Priority email support
    • Implementation guide
    Get Started
    Coming Soon

    Enterprise

    For companies that need legal validation.

    $199one-time
    • Everything in Team plan
    • Human legal review by a qualified attorney
    • Compliance verification checklist
    • “Reviewed by legal counsel” badge for your docs
    • Priority implementation support
    Join Waitlist for Updates

    Full refund within 7 days, no questions asked. All plans include a recommendation to have your attorney review documents before implementation.

    Think of us like LegalZoom — but for AI governance

    DIY / Free templates

    Free

    • Generic — not customized to your company
    • No industry-specific language
    • Outdated — doesn't reflect 2026 regulations
    • No structure — just a PDF to figure out

    Most companies give up halfway through

    Best value

    GetAIPolicy

    $29–79

    • Customized to your industry, tools & data
    • 5 structured documents, ready to deploy
    • Based on PwC, NIST & ISACA frameworks
    • Editable Word docs you can customize
    • Attorney review recommended (add-on coming)

    Professional starting point in 10 minutes

    Consultant / Law firm

    $5,000+

    • Fully customized and legally reviewed
    • Industry-specific and jurisdiction-aware
    • $5,000 – $200,000+
    • Takes 2–8 weeks
    • Only accessible to large companies

    Comprehensive — but 72% of companies can't afford it

    For the 72% who can't justify a consultant, GetAIPolicy bridges the gap. Get protected today, upgrade to legal review when you're ready.

    Get your professional starting point

    What happens when you don't have an AI policy

    Data Leaks

    An employee pastes your client database into ChatGPT. The data is now in a third-party system you don’t control. Your NDA with that client? Potentially violated.

    Legal Liability

    The EU AI Act is being enforced. US states are passing AI laws. Without a documented policy, you have no defense if something goes wrong.

    Lost Business

    Enterprise clients increasingly require AI governance documentation from their vendors. No policy = no contract. It’s already happening.

    Reputation Damage

    One AI-related incident reported in the press can cost years of trust. A policy doesn’t eliminate risk — but it shows you took reasonable steps.

    A documented policy — even a template — shows regulators, clients, and your team that you took reasonable steps. That matters.

    Protect your business in 10 minutes

    Frequently Asked Questions

    Everything you need to know about GetAIPolicy.

    Your team is using AI today. Your policy should exist today.

    Generate your customized AI governance pack in 10 minutes.

    Get Early Access — 20% Off

    No credit card required. No legal expertise needed.