The General Consulting Company

Three Core Tenets Every AI Policy Needs

Most executives know they need to move on AI, they just don't have a policy in place. Here are three principles to start with when building your organization's first AI policy.

ai-policy strategy leadership
Nelson Lee

Nelson Lee

Software engineer at Shopify who has built AI systems, workflows, and automations for millions of merchants. Previously an 8VC Fellow in San Francisco. Computer Engineering from the University of Toronto with a minor in Artificial Intelligence.

AI Policy Template

A lot of C-suite executives I talk to want to implement AI but feel frozen.

There’s risk in introducing a tool that generates incorrect information. What if it leaks customer data? Will your organization’s sensitive information be trained on and become public? These unknowns are real. They’re balanced against the fact that most C-suite leaders already know they need to move on AI. They’ve seen the efficiencies AI brings. They’ve seen what competitors are doing. They just don’t know where to start because they don’t have a solid AI policy in place.

If that’s you, you’re not alone. I’ve been working with C-suite executives across mid-sized organizations on exactly this problem, helping them implement AI without taking on unnecessary risk.

Here are three core tenets from the AI policy template I put together — principles you can use as a starting point for your own organization.

1. Protect Your Data First

This is the most important one.

Your policy needs to ensure that AI vendors and their affiliates are not training on your data for products used outside your organization. That’s a procurement conversation — one you need to have before any tool gets rolled out.

On top of that, your policy should strictly prohibit customer PII from ever entering a model where that data leaves your company. Full stop. If a vendor can’t guarantee that, they don’t get in the door.

2. Keep It Vendor-Neutral

Think of your AI policy like a constitution. It sets guiding principles and hard boundaries. A constitution doesn’t specify tax rates or who the government buys from.

Your AI policy should give your procurement team the principles to evaluate vendors, not a vendor list. That separation matters, because your policy shouldn’t need to change every time a new tool gets approved or an old one gets replaced.

Vendor-specific decisions belong in a separate, operational document. The AI policy itself should be durable.

3. Humans Are Still Accountable

AI is probably the most powerful productivity tool we’ve seen in a century. But it’s not infallible. Bad context produces bad output. It can misread your priorities, miss nuance, or confidently present something wrong.

Your policy needs to make clear that every work product is still owned and reviewed by a person. AI assists. It doesn’t decide. That accountability chain can’t break just because the AI tool is fast.

These three tenets won’t cover everything, but they’ll give you a foundation to build on when building your AI policy.

I put together a 14-page AI policy template that any organization can use as a starting point. It covers governance, data handling, procurement, acceptable use, and more.

Download the 14-page AI policy template for free from The GCC →

About The General Consulting Company

The General Consulting Company helps business owners and C-suite executives understand and implement AI. We offer practical training, policy frameworks, and custom tooling so your organization can move on AI with confidence.

Not sure where to start? Book a free consultation with The General Consulting Company and we'll walk through what makes sense for your business.

BOOK A CALL

Ready to Build AI Confidence?

Start with a free 15-minute call, or download the AI Policy Template to get a head start.

Book a CallDownload AI Policy Template