From my perspective, the staff Ai use guidelines sit alongside the firm-level Ai policy but speak a different language. The firm-level policy is the compliance document the COLP or DPO signs. The staff guidelines are the practical rules every team member reads at induction. Both need to exist; only one needs to be 4 pages long, and it isn’t the staff one.
Template
Here’s the structure I’d use for staff Ai guidelines. One page. Plain English. Signed at induction and re-acknowledged annually.
Why this matters. “Ai tools are part of how [Firm] works. Used correctly, they save time. Used incorrectly, they leak client data, breach confidentiality and can create legal exposure for you and for the firm. This page tells you what’s OK and what isn’t.”
What you can do. “Use [governed Ai tool] for client-facing work — drafting, research, summarisation, admin. The tool keeps client data inside the firm’s systems and every interaction is logged. This is the fast, approved way.”
What you can’t do. “Do not paste client data, client documents, client financial information, client personal data, case details, medical records or any identifiable client information into any other Ai tool. This includes ChatGPT, Claude, Gemini, Grok, Copilot (unless within the firm-approved Microsoft 365 governed deployment), and any Ai-powered browser extension.”
What to do in an emergency. “If you think client data has accidentally been entered into a non-approved tool, tell [Managing Partner / DPO] within 24 hours. We’re more concerned about speed than blame — the response matters more than the mistake.”
Your signature. “I have read and understood these guidelines. I will use Ai tools in line with them.”
How to roll it out
Specially in small practices, the rollout matters more than the document. Three practical tips. One, brief the team verbally before circulating the written policy. Five minutes at a team meeting, explaining the why. Two, tie it to the governed tool — “we’re adopting [tool] because the current approach creates client risk, and this tool is faster anyway.” Three, make the approved tool actually faster than ChatGPT. If the approved tool is slower, the policy will be worked around within a month.
Pair with the firm-level Ai policy
The staff guidelines sit alongside the firm-level policy. We’ve published a free Ai policy template for UK SMEs that covers the governance document. Together, the two documents are what your COLP, DPO or regulator expects to see.
Other Me
Other Me is the governed Ai tool many UK SME practices adopt to make the staff guidelines easy to follow. Built for SMEs page and free 7-day trial, no credit card.