Marketing & Advertising

Employee AI Guidelines for Marketing & Advertising

Covers brand marketing, performance marketing, programmatic advertising, search and social media advertising, content marketing, influencer marketing, email and SMS marketing, out-of-home advertising, direct mail, loyalty and CRM programmes, marketing analytics and attribution, ad tech platforms, demand-side platforms (DSPs), supply-side platforms (SSPs), data management platforms (DMPs), customer data platforms (CDPs), AI content generation for marketing, marketing automation, and market research. Any AI system that generates marketing content, targets advertising audiences, personalises consumer communications, measures campaign performance, scores customer propensity, or automates marketing decisions falls within this overlay..

Generate Employee Guidelines →See sample output

Why Responsible AI matters in marketing and advertising

Organisations in marketing and advertising face AI obligations that generic templates don’t cover — clinical-safety duties, sector-specific regulators, data protection expectations for the populations you serve, and emerging AI-specific legislation. Blanket policies written for software companies miss most of what matters.

The Employee AI Guidelines produces plain-language AI guidelines for staff tailored to your jurisdiction, risk appetite, and the specifics of marketing and advertising. It is a drafting aid built to accelerate — not replace — qualified review by your in-house practitioners or external counsel.

Industry-specific risks

AI risks that matter in marketing and advertising

Drawn from published evidence and regulatory guidance specific to marketing and advertising. Each is pre-scored on a 5×5 likelihood × impact matrix in the Risk Register tool and referenced in the generated policy.

CriticalLikelihood 4 · Impact 5

AI Advertising Discrimination Producing Unlawful Differential Ad Delivery by Protected Characteristics

AI programmatic advertising optimisation systems that maximise click-through or conversion rates learn to deliver advertisements for housing, employment, financial products, and consumer credit predominantly or exclusively to audience segments defined by race, gender, age, and national origin — producing discriminatory ad delivery patterns that violate the Fair Housing Act, Equal Credit Opportunity Act, and equivalent EU non-discrimination law even when protected characteristics are not explicit targeting inputs, because AI audience optimisation achieves functionally equivalent demographic segregation through correlated behavioural proxies.

CriticalLikelihood 4 · Impact 5

AI-Generated Synthetic Content and Deepfakes Creating Brand, Legal, and Regulatory Exposure

AI tools used in marketing content production generate synthetic images, video, voice, and text that misrepresents real persons through deepfakes, creates false impressions of celebrity endorsement, reproduces copyrighted creative works without licensing, or generates advertising content making product claims that are factually inaccurate — exposing the brand to false advertising liability, right of publicity claims, copyright infringement, and regulatory sanction from advertising standards authorities and consumer protection regulators.

HighLikelihood 4 · Impact 4

AI Manipulation and Dark Patterns in Digital Marketing Causing Consumer Harm and Regulatory Enforcement

AI systems trained to maximise engagement, click-through, or conversion generate and deploy manipulative interface design, exploitative emotional triggers, and deceptive persuasion techniques — including AI-identified individual psychological vulnerabilities used to personalise manipulation, AI-optimised countdown timers, false scarcity signals, and confirmshaming — causing consumer harm through unwanted purchases, subscription traps, and privacy consent being obtained by manipulation rather than genuine choice, attracting enforcement from the FTC, DPAs, and ASA.

CriticalLikelihood 3 · Impact 5

AI Advertising Profiling Data Breach Exposing Sensitive Consumer Audience Segments

AI advertising data management platforms, customer data platforms, and programmatic advertising infrastructure holding highly detailed consumer behavioural profiles — including inferred health conditions, financial stress indicators, political sympathies, sexual orientation proxies, and location patterns — suffer data breaches or unauthorised third-party access, exposing sensitive consumer data assembled through AI profiling to threat actors, creating GDPR special category data breach liability and catastrophic consumer trust damage.

HighLikelihood 3 · Impact 4

AI Brand Safety Failure Placing Advertising Adjacent to Harmful or Illegal Content

AI programmatic advertising systems that automate media buying at scale place brand advertisements adjacent to extremist content, child sexual abuse material, terrorist propaganda, misinformation, or deeply offensive user-generated content — because AI brand safety filters fail to detect novel harmful content, are circumvented by adversarial content creators, or prioritise inventory scale over content safety — causing severe brand reputational damage, consumer backlash, and in some jurisdictions legal liability for advertising funding harmful content.

CriticalLikelihood 3 · Impact 5

AI Targeting Children with Inappropriate or Exploitative Advertising Content

AI audience targeting systems misclassify minors as adults, fail to implement effective age-gating, or direct advertising for age-restricted products — including gambling, alcohol, high-interest credit, and age-inappropriate content — to child and adolescent audiences through AI personalisation systems that do not reliably distinguish children from adults using behavioural signals rather than verified age data, violating DSA prohibition on AI-targeted advertising to minors, COPPA, Children's Code requirements, and advertising standards codes.

Responsible AI principles applied

How the five principles apply to marketing and advertising

Human oversight

Outputs support, rather than replace, the qualified practitioners in your marketing and advertising team. Human review is treated as a core step, not a rubber stamp.

Safety & validation

Before any AI system is acted on in marketing and advertising, it is tested in the specific population, workflow, and risk context of your organisation — not just in a vendor's demo environment.

Transparency & explainability

Outputs carry enough context — regulatory references, assumptions, known limitations — that a reviewer in marketing and advertising can trace and challenge them.

Accountability

Named roles — named individuals, named committees — are accountable for the AI decisions that affect people in your marketing and advertising organisation.

Equity & inclusiveness

Performance is reviewed across the demographic groups your marketing and advertising organisation actually serves, not just a representative-of-the-dataset average.

Our approach

How the Employee AI Guidelines works

You describe your organisation and the staff roles in scope. The tool produces a plain-English guidelines document written for frontline employees — not for lawyers — covering what AI tools they can use, what they must not do, and how to escalate concerns.

The output is editable so it can be aligned with your induction and mandatory-training materials. It is a drafting aid intended for review by HR, clinical education, or information-governance leads before it reaches staff.

The output is a draft calibrated to marketing and advertising — it still requires review by qualified in-house or external practitioners before adoption.

Benefits

What you get — measured and defensible

Readable by frontline staff — short sentences, concrete examples, no legal jargon.
Role-aware: individual contributors, managers, and technical roles each get guidance written for their context.
Includes a printable wallet card summarising the most critical rules for day-to-day reference.
Supports a no-blame reporting culture — the escalation process encourages concerns to surface early.

Regulatory context

Regulatory and governance considerations

Selected obligations the tool’s output references for marketing and advertising. This is not a complete statement of your legal obligations — qualified counsel should verify applicability in your jurisdiction and context.

EU AI Act — Prohibited Subliminal Manipulation and Vulnerability Exploitation in Commercial AI (Article 5)

EU AI Act Article 5(1)(a) prohibits AI systems that deploy subliminal techniques beyond a person's consciousness or purposefully manipulative or deceptive techniques to materially distort behaviour in ways that cause or are likely to cause significant harm. Article 5(1)(b) prohibits AI systems that exploit vulnerabilities of specific groups — including children, persons with disabilities, and people in financial difficulty — to distort their behaviour in ways likely to cause harm. Both prohibitions are directly applicable to AI marketing and advertising systems from August 2026.

GDPR and ePrivacy Directive — Consent and Lawful Basis for AI Advertising Profiling

GDPR governs all processing of EU consumer personal data used in AI advertising, including behavioural profiling, interest-based targeting, lookalike modelling, retargeting, and AI-driven personalisation of marketing communications. The ePrivacy Directive controls placement of and access to tracking technologies — including cookies, pixels, and fingerprinting — that feed AI advertising profiling. Together they regulate the complete data foundation of programmatic and personalised advertising AI.

EU Digital Services Act (DSA — Regulation 2022/2065) — AI Advertising Transparency and Targeting Restrictions

The DSA imposes transparency and targeting restriction obligations on online platforms regarding AI-powered advertising. Very large online platforms (VLOPs) and very large online search engines (VLOSEs) face the most extensive obligations, including prohibition on certain targeting practices. All in-scope platforms must maintain an accessible advertising register and provide meaningful transparency about AI targeting parameters to users and researchers.

FTC Regulations and Guidance — AI in Advertising Disclosure, Endorsements, and Deceptive Practices

The FTC applies Section 5 of the FTC Act prohibiting unfair or deceptive acts and practices to AI in advertising across the full advertising stack. The FTC's 2023 revised Endorsement Guides specifically address AI-generated endorsements, AI-generated reviews, and AI influencer content. FTC guidance and enforcement actions from 2023-2024 have addressed AI-generated advertising content, AI voice cloning in commercial contexts, and AI dark patterns in digital advertising.

Trust & transparency

Built to strengthen in-house expertise

Every output is an editable draft. Every section carries the regulatory basis it was built from, so reviewers in your marketing and advertising team can verify, challenge, and adapt it to local context. Nothing is a finished legal instrument; nothing is intended to bypass qualified review.

We publish explicit disclaimers in the generated documents themselves, and treat human oversight as a default — not an opt-in. The tool’s role is to reduce the time your qualified practitioners spend on the first draft, so they can focus on review and adaptation.

Explore the Employee AI Guidelines for Marketing & Advertising

Review a sample of what the tool produces, then generate a draft tailored to your own marketing and advertising organisation. $29.95 · one-time.

Generate Employee Guidelines →See sample output

Related laws & frameworks

Laws the output references for marketing and advertising

22 regulations across 10 jurisdictions. This list is descriptive, not exhaustive, and is subject to change — verify applicability with qualified counsel before relying on any reference.

AU

Spam Act 2003 (Cth) — AI Commercial Electronic Message ComplianceThe Spam Act 2003 (Cth) regulates all unsolicited commercial electronic messages (CEMs) sent to Australian accounts, including AI-generated and AI-automated email, SMS, MMS, and instant messaging campaigns regardless of where the sender is based. Any AI marketing system that generates, schedules, or triggers commercial electronic messages targeting Australian recipients falls within scope — including AI email personalisation platforms, automated abandoned-cart and re-engagement sequences, and AI-driven promotional SMS campaigns. The Act requires every CEM to meet three core requirements: prior consent (express or inferred), clear identification of the sending entity, and a functional unsubscribe mechanism that operates within five business days. There is no minimum volume threshold — a single non-compliant AI-generated message is sufficient to constitute a breach. The Australian Communications and Media Authority (ACMA) enforces the Act with civil penalties up to AUD 2.22 million per day for bodies corporate, making AI bulk sending at scale a significant regulatory exposure.

BR

Marco Civil da Internet — Law 12,965/2014Brazil's internet civil rights framework establishing net neutrality, user privacy protections, and content liability rules for internet application providers operating in Brazil, applicable to AI-powered online services.

CN

Interim Measures for the Management of Generative AI Services (CAC, 2023)Regulates providers of generative AI services to the public in China, covering training data legality, content safety obligations, user data protection, and mandatory security assessments before service launch.
Provisions on the Management of Algorithmic Recommendations (CAC, 2022)Regulates providers of algorithm recommendation services in China, addressing transparency obligations, user control rights, and prohibitions on addictive design, price discrimination, and targeting of minors.

EU

EU AI Act — Prohibited Subliminal Manipulation and Vulnerability Exploitation in Commercial AI (Article 5)EU AI Act Article 5(1)(a) prohibits AI systems that deploy subliminal techniques beyond a person's consciousness or purposefully manipulative or deceptive techniques to materially distort behaviour in ways that cause or are likely to cause significant harm. Article 5(1)(b) prohibits AI systems that exploit vulnerabilities of specific groups — including children, persons with disabilities, and people in financial difficulty — to distort their behaviour in ways likely to cause harm. Both prohibitions are directly applicable to AI marketing and advertising systems from August 2026.
GDPR and ePrivacy Directive — Consent and Lawful Basis for AI Advertising ProfilingGDPR governs all processing of EU consumer personal data used in AI advertising, including behavioural profiling, interest-based targeting, lookalike modelling, retargeting, and AI-driven personalisation of marketing communications. The ePrivacy Directive controls placement of and access to tracking technologies — including cookies, pixels, and fingerprinting — that feed AI advertising profiling. Together they regulate the complete data foundation of programmatic and personalised advertising AI.
EU Digital Services Act (DSA — Regulation 2022/2065) — AI Advertising Transparency and Targeting RestrictionsThe DSA imposes transparency and targeting restriction obligations on online platforms regarding AI-powered advertising. Very large online platforms (VLOPs) and very large online search engines (VLOSEs) face the most extensive obligations, including prohibition on certain targeting practices. All in-scope platforms must maintain an accessible advertising register and provide meaningful transparency about AI targeting parameters to users and researchers.
EU Unfair Commercial Practices Directive (2005/29/EC as amended) — AI Dark Patterns and Misleading AdvertisingThe Unfair Commercial Practices Directive prohibits misleading and aggressive commercial practices across the EU, with national consumer authorities applying it to AI-generated advertising content, AI-personalised commercial communications, AI dynamic pricing in advertising contexts, and AI dark pattern tactics in digital advertising and marketing. The EU Omnibus Directive 2019/2161 strengthened enforcement and introduced specific provisions on fake reviews and personalised pricing.
EU General Data Protection Regulation — Special Category Data and Children in AI Marketing (Articles 8 and 9)GDPR Articles 8 and 9 impose heightened restrictions on AI marketing that processes or targets based on special category personal data — including health, political opinions, religious beliefs, racial or ethnic origin, and sexual orientation — and on processing of children's personal data in marketing contexts. These provisions create the most significant compliance constraints in AI programmatic advertising, interest-based targeting, and audience modelling.

IN

MeitY Advisory on AI Models and Platforms (2024)Advisory from India's Ministry of Electronics and Information Technology guiding AI platform providers on content safety, AI-generated content labelling, bias detection, and compliance with Indian law.

JP

Amended Telecommunications Business Act — Platform TransparencyAmended to impose transparency obligations on large-scale online platforms operating in Japan regarding algorithmic recommendation and content curation systems that influence information distribution.

SG

Singapore PDPA Do Not Call Registry (PDPA 2012 s.43) and Advisory GuidelinesThe Personal Data Protection Act 2012 (Singapore) section 43 and the DNC Provisions prohibit sending specified marketing messages to Singapore telephone numbers registered on the Do Not Call Registry without prior consent. AI-driven marketing automation, voice-bot campaigns, and AI-generated SMS or call content are fully in scope. PDPC Advisory Guidelines on the DNC Provisions (revised 2021) clarify application to automated and AI-assisted marketing.
Singapore Online Safety (Miscellaneous Amendments) Act 2022Strengthens Singapore's regulatory framework for online safety, requiring designated social media services to implement codes of practice addressing harmful content including AI-generated harmful material.

UAE

UAE Federal Decree-Law No. 34 of 2021 on Combatting CybercrimesComprehensive cybercrime law containing provisions on unauthorised data access, AI-generated defamatory content, deepfakes, electronic fraud, and misuse of digital systems, with criminal penalties applicable to AI-enabled offences.

UK

UK CAP and BCAP Codes — AI in Advertising Content and Targeting (ASA Administered)The UK Code of Non-broadcast Advertising and Direct and Promotional Marketing (CAP Code) and the UK Code of Broadcast Advertising (BCAP Code), administered by the Advertising Standards Authority, govern all advertising content including AI-generated advertising materials, AI-personalised marketing communications, and AI-targeted advertising in the UK. The ASA has issued specific guidance on AI in advertising and has upheld complaints about AI-generated advertising content.
Online Safety Act 2023Requires online platforms and services accessible to UK users to assess and address risks of illegal and harmful content, with specific provisions covering AI-generated content and algorithmic recommendation systems.
Digital Markets, Competition and Consumers Act 2024Strengthens the Competition and Markets Authority's powers over digital markets, enabling designation of firms with Strategic Market Status and imposing conduct requirements including on algorithmic and AI-enabled market practices.

US

FTC Regulations and Guidance — AI in Advertising Disclosure, Endorsements, and Deceptive PracticesThe FTC applies Section 5 of the FTC Act prohibiting unfair or deceptive acts and practices to AI in advertising across the full advertising stack. The FTC's 2023 revised Endorsement Guides specifically address AI-generated endorsements, AI-generated reviews, and AI influencer content. FTC guidance and enforcement actions from 2023-2024 have addressed AI-generated advertising content, AI voice cloning in commercial contexts, and AI dark patterns in digital advertising.
CCPA and CPRA — Consumer Rights Regarding AI Advertising Profiling and Data SharingThe California Consumer Privacy Act and California Privacy Rights Act grant California residents rights over personal information used in AI advertising systems including the right to opt out of sale and sharing of personal information for cross-context behavioural advertising, rights regarding sensitive personal information used in AI targeting, and — under CPRA automated decision-making regulations — rights regarding AI profiling used to serve advertising.
CAN-SPAM Act — Commercial Email Requirements for AI Marketing (15 U.S.C. §7701)The Controlling the Assault of Non-Solicited Pornography And Marketing Act (CAN-SPAM, 15 U.S.C. §7701) applies to all commercial electronic mail messages sent to US recipients, including AI-generated, AI-personalised, and AI-triggered email campaigns regardless of whether the sender is based in the United States. Unlike opt-in frameworks such as GDPR and CASL, CAN-SPAM operates on an opt-out basis — AI email campaigns may be sent to prospected or purchased email lists without prior consent, but must comply with content, identification, and opt-out requirements from the first message. The Act covers any email whose primary purpose is commercial, including AI-personalised promotional emails, AI-generated product recommendation sequences, AI-triggered abandoned-cart flows, and AI-optimised newsletter content with promotional material. FTC guidance and enforcement actions from 2023–2024 have addressed AI-generated subject line optimisation, AI voice and persona use in commercial email, and AI-generated sender impersonation. Transactional and relationship messages have lighter requirements under CAN-SPAM but must not be used as a pretext to embed AI-generated commercial content.
Telephone Consumer Protection Act (47 U.S.C. §227) and FCC AI Voice Declaratory Ruling (2024)The TCPA regulates telephone calls and text messages made using automatic telephone dialing systems (ATDS) or artificial or prerecorded voices. The FCC Declaratory Ruling of 8 February 2024 confirmed that AI-generated voice calls — including voice-cloning and text-to-speech calls — are "artificial or prerecorded voice" calls subject to TCPA restrictions and prior express written consent requirements. State laws (e.g., Florida Mini-TCPA) apply concurrently.
CAN-SPAM Act (15 U.S.C. §7701 et seq.) and FTC Enforcement Guidance on AI-Generated Commercial EmailThe CAN-SPAM Act regulates commercial electronic mail messages sent to US recipients, imposing identification, header-accuracy, opt-out, and content-labelling requirements. FTC enforcement guidance (2024) confirms that AI-generated commercial email — including AI-drafted subject lines, AI-personalised body copy, and AI-selected send-lists — remains fully within CAN-SPAM scope, with the sender responsible for compliance regardless of AI involvement.