By Matthew D. Kohel, Esq.
Saul Ewing

The use of artificial intelligence (AI) technologies in the workplace has become a regular occurrence and its adoption by companies is only going to increase. The unmanaged employee use of AI creates significant risks that can negatively impact an organization and even have broader social effects due to the unique nature of this evolving technology. It is therefore important that organizations develop policies addressing employee use of AI that are clear, practical, and tailored to its business to promote the responsible use of AI, while also mitigating the potential risks and challenges posed by AI systems.

AI Corporate Policy – Top Ten Tips

Saul Ewing attorneys can help clients develop corporate policies and respond to incidents when they arise. We believe that companies should follow these steps when preparing a corporate AI policy:

  1. Take a proactive approach to managing the potential risks from employee use of AI.
  2. Identify the risks specific to your organization, as well as individuals, and even the broader societal risks that may arise from the irresponsible use of AI. Prioritize those risk in the context of your organization’s business operations.
  3. Explain the risks to the executives in your organization and get buy-in from the C-suite in the formulation of your AI policy.
  4. Design an AI policy that fits your organization’s business operations and particular needs.
  5. Work with a cross-functional team to utilize their expertise and make sure that your AI policy meets the needs of different stakeholders (e.g., IT, Sales and Marketing, Data Privacy, HR, Legal).
  6. Draft an AI policy that is clear and easy to follow for employees in various roles and levels within your organization.
  7. Draft a policy that explains the risks and scope of use – when and how employees can use AI to perform their work and what is not permitted. Make clear that non-compliance can result in discipline, including termination.
  8. Access and security are key considerations. Implement electronic record-keeping to document and allow for auditing of AI use by employees.
  9. Responsible AI use requires training and awareness programs. incorporate these initiatives into your organization’s AI use procedures.
  10. Develop and periodically measure metrics to determine employee compliance and identify gaps in your organization’s AI policy. 

Above all, understand that an AI policy is not a static but a “living document” that should be revisited and updated to reflect changes in technology and trends in the use of AI. The landscape is continuously changing and new AI technologies are being made available to users at a rapid rate. The implementation of an effective AI policy requires adapting to the evolution of this emerging technology. Keep this card as a handy reminder of the steps to consider in formulating an AI policy for your organization.


Matt Kohel is a Partner at Saul Ewing, where represents clients in commercial litigation, intellectual property matters, and data privacy issues. Matt is IAPP CIPM certified and he assists clients with privacy program management and the preparation of privacy notices. He writes regularly and is a speaker and panelist on artificial intelligence, especially as related to intellectual property, data privacy, and corporate policies on the use and management of artificial intelligence in the workplace.