By: Jenna Bishop on June 24th, 2024

Print/Save as PDF

How To Create an AI Policy for Your Company


In just a few short years, Artificial Intelligence has gone from unimaginable to unavoidable.

AI used to sound like science fiction until tools like ChatGPT suddenly appeared. And now, huge companies like Apple, Microsoft, Google, Adobe, and Meta have announced that artificial intelligence will become a key part of their platforms—which means that AI will soon be present in every office in the world.

However, leaders still need to consider how AI will fit into their business processes. Like any major change, this will require strategic planning and a rigorous policy framework. But, according to a recent SHRM survey, 75% of organizations say they still don’t have an AI policy in place.

Why do you need an AI policy?

Every major new technology can create organizational disruption. 

For example, in the 2010s, many businesses began adopting cloud-based software solutions. But moving to the cloud wasn't just an IT issue; it affected the entire organization. HR leaders had to step in and ask important questions, such as:

  • How would employees be retrained to use cloud software?
  • Would employee data be safe if held in the cloud?
  • What are the legal implications of using cloud platforms? For instance, what do HIPAA guidelines say about processing employee health records in the cloud?

AI is another major challenge that affects the whole organization. How will AI change job descriptions? What should the employee handbook say about AI? What does AI mean for the candidate experience?

An AI policy lays out the core principles that guide your organization’s use of this exciting new technology. Having a strong framework helps to ensure the entire organization is on the same page, while making it it easier for technical and non-technical people to work together and create a positive strategy.

Main concerns for your AI policy

There’s no one-size-fits-all approach to AI. Some companies might want to focus on innovation and proceed as quickly as possible; others might prefer to be cautious and wait until they’re comfortable with the new technology.

Whatever approach suits your company, there are some issues that you’ll need to address in your AI policy framework:

  • Security: Cybersecurity is the number one concern when adopting any new technology. Remember, user training is the most important part of cybersecurity—you’ll need to educate people about the safest ways to use any new tools.

  • Enablement: AI tools should empower people to work faster and smarter. Your AI policy should talk about process redesigns, user training, and upskilling your current team where necessary.

  • Oversight: Right now, artificial intelligence can’t be trusted to work alone. It requires a great degree of human oversight, which means you need a way for people to audit systems and provide feedback. Some of these overseers may not be IT people, so they may require additional training and support.

  • Communication: All stakeholders need to communicate with each other, especially during the initial rollout. This includes employees, local leaders, and anyone else who interacts with the new tools. Communication needs to be two-way, so you need an effective way to broadcast new information and gather user feedback.

  • Compliance: AI often sends data to a third-party server, so you’ll need to ensure your processes are compliant. This means looking at local, state, federal, and international laws about handling personally identifiable information. Your AI policy should also outline rules for handling sensitive internal information.

  • Ethics: AI raises some new ethical questions for organizations. For example, if you deploy an AI-powered chatbot, do you need to make customers aware they’re not speaking to a human?

With this in mind, let’s now take a look at how to draw up an effective policy framework.

8 steps for creating an AI policy

1. Consult with stakeholders

First, identify all the main stakeholders and invite them to consult on the new AI policy. A whole-of-organization approach is required to ensure your policy framework supports the needs of each team. Additionally, involving stakeholders in the development of the policy helps ensure they will lead by example and ensure the policy is appropriately enforced.

2. Audit current processes

AI policies will exist in conjunction with your other existing policies. Ensure any relevant policies that may impact the use of AI in the workplace are updated as well, to ensure no conflicts exist between policies (e.g., your code of conduct, equal employment opportunity statement, cyber security and IT policies, workplace security, etc.).

3. Define the policy’s scope

Be clear about what the policy will cover—and what it won’t. For example, will your AI policy discuss third parties? Or employees using AI on their personal devices? It’s also important to outline technical terms, such as machine learning and Generative AI, which will make the policy document accessible to non-technical contributors.

4. Consider the ethics of AI usage

AI creates some new ethical issues, such as whether to let customers know if they’re dealing with artificial intelligence. Also, you’ll need to consider when employees need to declare if they use AI tools in their day-to-day roles.

5. Protect the company from legal issues

The AI policy document should highlight the main legal issues that arise from using AI. For example, if an AI error causes a loss for one of your customers, then your organization might be liable. It’s also essential that you outline the main compliance issues that affect AI usage, especially rules about data protection.

6. Agree an AI adoption process

Adopting a new AI tool should follow a rigorous process. This might involve vendor comparisons, live testing, pilot schemes, managed rollouts, and user training. The steps in this process should be confirmed in your AI policy document.

7. Include a communication checklist

Communication is an important part of any rollout. The AI policy document should include guidelines on how to bring your team up to speed and clarify who is responsible for communication. Also, remember to collect user feedback on the new tools to ensure they’re working as intended and adding value.

8. Arrange regular audits

AI will require ongoing oversight, so it’s important a regular auditing process is in place. Your AI policy should include details of quality audits and outline the required steps if an error is identified.

Get the right AI strategy

Digital transformation can be overwhelming, especially with an emerging technology like AI. There are still many questions about how AI will evolve over time and whether it can deliver value for businesses. 

That's why it's so important to focus on the basics: building a great team, nurturing a positive workplace culture, and helping people develop the skills they need for the future. A strong AI policy will help you innovate while staying focused on what matters. 

Need help with AI policy or people strategy? Book a call with a Helios HR consultant and let's talk about the plans for your future. 

Contact Us CTA  (3)