AI Use Policy¶

Effective date: [Insert Date]
Review cycle: [e.g. Annually]
Applies to: All employees, contractors, and third parties who design, procure, operate, or interact with AI systems on behalf of [Organisation Name].

1. Purpose¶

The purpose of this policy is to ensure the safe, responsible, and effective use of Artificial Intelligence (AI) within [Organisation Name]. It establishes clear expectations for how AI should support organisational goals, protect people, and align with applicable standards and laws.

This policy aims to:
Support organisational objectives.
Comply with Australian laws and standards.
Protect privacy, data, and intellectual property (IP).
Align with the Australian Government’s Voluntary AI Safety Standard (10 Guardrails).
* Reference emerging international standards, including ISO/IEC 42001:2023 Artificial Intelligence Management System (AIMS).

2. Scope¶

This policy applies across the organisation wherever AI technologies are developed, purchased, or used. It covers both internal and external use cases, ensuring that all applications of AI are appropriately governed.

In scope are:
All AI projects, pilots, and procurements.
All AI-generated outputs used for decision-making or external publication.
* Any third-party AI services or APIs integrated into organisational workflows.

3. Terms & Definitions¶

To ensure consistency and clarity, the following definitions apply within this policy:

Artificial Intelligence (AI): Computer systems that perform tasks normally requiring human intelligence (e.g. text generation, decision support).
AI System: Any software, service, or model that uses AI to produce outputs or assist in decisions.
Human Oversight: A human must review and remain accountable for consequential decisions informed by AI.
Personal Information: Information about an identifiable individual, as defined under the Privacy Act 1988 (Cth).
Intellectual Property (IP): Creations of the mind (trade secrets, code, designs, works) owned or licensed by the organisation.
High-risk AI Use: Applications that may significantly affect people’s rights, safety, or financial position (e.g. HR, medical, or safety-critical systems).

4. Principles¶

The organisation is committed to using AI in a way that is safe, transparent, and aligned with community expectations. All AI systems and services must reflect the following principles:

Have a clear purpose and benefit.
Be governed responsibly and accountably.
Apply risk controls proportionate to impact.
Embed privacy, security, and IP protection by design.
Operate safely, reliably, and securely.
Be tested and evaluated before deployment.
Support social and environmental sustainability.
Maintain human oversight and contestability.
Be transparent and explainable.
Be subject to ongoing monitoring and improvement.

5. Acceptable Use¶

AI technologies may be used where they support the organisation’s objectives, comply with relevant laws, and can be applied responsibly. Acceptable use requires staff to follow the conditions below:

Align AI use with organisational goals and policies.
Comply with applicable laws, standards, and ethics.
Ensure humans remain accountable for significant decisions.
Protect personal data and organisational IP.
Document purpose, data sources, and limitations.
Use only approved and secure AI tools for sensitive workloads.

6. Prohibited Use¶

To manage risks and maintain compliance, certain uses of AI are not permitted under any circumstances. These restrictions help safeguard the organisation and its stakeholders.

The following are strictly prohibited:
Any illegal activity or violation of Australian law.
Automated decision-making without required human oversight.
Using unapproved or unvetted AI vendors.
Uploading confidential or IP-protected data into public AI tools.
* Training AI models on datasets without appropriate rights or licences.

7. Privacy, Intellectual Property & Data Rights¶

Respecting privacy and protecting intellectual property are central to responsible AI adoption. AI use must safeguard both personal information and organisational assets, while also respecting the rights of third parties.

The organisation requires that:
All AI systems comply with the Privacy Act 1988 (Cth).
Both personal information and organisational IP are protected at all times.
Third-party IP rights are respected when using datasets, models, or outputs.
Copyright or licence status is confirmed before publishing AI-generated content.

8. Roles & Responsibilities¶

Effective governance requires clear accountabilities. Different roles within the organisation carry specific responsibilities for AI oversight and use.

Board/Executive: Provide oversight of AI risk and ensure alignment to strategy.
AI Governance Lead: Maintain the AI register, policies, and guardrail compliance.
Project Owners: Conduct risk assessments, testing, and monitoring.
All Staff: Complete AI literacy and security awareness training; follow this policy.

9. Compliance & Review¶

Compliance with this policy is mandatory. Breaches will be addressed in line with organisational disciplinary procedures or contractual terms.

This policy will be reviewed at least annually, or sooner if required by law, organisational change, or updates to standards (e.g. ISO/IEC 42001:2023).

This policy is guided by relevant standards and legislation that inform responsible AI practice. These include:

Australian Government Voluntary AI Safety Standard (2024) – 10 Guardrails.
ISO/IEC 42001:2023 – AI Management System (AIMS).
ISO/IEC 23894:2023 – AI Risk Management.
NIST AI Risk Management Framework 1.0 (2023) – U.S. AI risk guidance.
Privacy Act 1988 (Cth) – Australian Privacy Principles (APPs).
Fair Work Act 2009 (Cth) – Employee data and workplace rights considerations.

11. Quick Guide – Do’s & Don’ts¶

To support day-to-day use, the following quick guide summarises acceptable and unacceptable practices:

Do:
Use only approved AI systems.
Keep sensitive data secure.
Double-check AI outputs before sharing externally.
Disclose AI use when interacting with customers if relevant.

Don’t:
Paste confidential or client data into public AI tools.
Rely on AI for final decisions without human oversight.
Use unapproved AI vendors or unlicensed data.
Assume AI-generated content is automatically free of copyright.

Disclaimer¶

This AI Use Policy template is provided as an open source resource by SafeAI-Aus to support responsible AI adoption in Australian businesses.

The content reflects best practice principles (including the Australian Government’s Voluntary AI Safety Standard) but is intended as a starting point only.

Organisations should adapt this policy to their specific context and may wish to seek advice from legal counsel, governance, risk, or compliance officers before formal adoption.

SafeAI-Aus provides this template without warranty or liability.

Licence¶

This AI Use Policy template is made available under the Creative Commons Attribution 4.0 International (CC BY 4.0) licence.

You are free to:
Share — copy and redistribute the material in any medium or format.
Adapt — remix, transform, and build upon the material for any purpose, even commercially.

Under the following terms:
Attribution* — You must give appropriate credit, provide a link to the licence, and indicate if changes were made.

Attribution statement for reuse:
“This policy template was developed by SafeAI-Aus and is licensed under CC BY 4.0. Source: SafeAI-Aus.”

Full licence text: https://creativecommons.org/licenses/by/4.0/