AI Policy Generator

Generate your Company AI Usage Policy, in under 5 minutes

Jurisdiction‑awareIndustry‑calibratedBoard‑ready
Generate My PolicySee sample output

  1. Configure your context

  2. AI drafts your output

  3. Download and share

  4. Review and refine

AI‑generated · Requires legal review before use

What you get

Everything included in your policy document

A single generation produces a complete, structurally sound policy — not a template with gaps to fill, but a referenced document ready for legal review. Plus 3 free companion Excel reports.

Purpose & Scope Statement

Defines what AI systems are covered, who the policy applies to, and its relationship to other governance documents.

Guiding Principles (7)

EU AI Act and NIST-aligned principles: transparency, accountability, fairness, privacy, safety, human oversight, and sustainability.

Permitted & Prohibited Uses

Explicit list of approved AI applications and categories of AI use that are prohibited in your organisation.

Risk Classification Matrix

AI systems tiered by governance impact — Critical / High / Medium / Low — with definitions, sector-relevant examples, and the approval pathway and controls each tier requires.

Roles & Accountability

Named governance responsibilities — from the board down to individual AI users — with clear escalation paths.

Data Governance Rules

Data classification, personal data handling, third-party AI data flows, and retention requirements.

Compliance citations (woven throughout)

Regulation-specific references appear inline within every relevant section — not collected into a single 'citations' chapter. Covers your jurisdiction's primary AI and data laws.

Incident Response & Review

When and how to report AI-related incidents, plus scheduled policy review cadence and ownership.

Procurement Checklist

Vendor due-diligence checklist for AI tool procurement — included free with every policy generation.

Training Matrix

Role-based AI training requirements mapped to your organisation — included free.

AI Tools Glossary

Plain-English glossary of AI terms, regulations, and risk concepts referenced in your policy — included free.

Generate My Policy

Generate your policy

Fill in your organisation details below. The more context you provide, the more precisely tailored your policy will be.

What you'll receive

10-section policy document, fully regulation-referenced
Risk Classification Matrix with tier controls
Permitted & Prohibited AI Uses list
3 free Excel reports — Vendor, Training, Glossary

Organisation details

Appears in the document header. Leave blank to use “Your Organisation”.

Risk Appetite

Optional. Up to 6 tools, separated by commas.

By completing checkout you’ll be added to the weekly Responsible AI Studio Brief unless you opt out via the unsubscribe link in any issue. See our Privacy Policy.

Please accept both checkboxes above to generate your policy.

Not ready to buy? See a sample first →

Want the jurisdiction cheat sheet first? Free →

Your generated document will appear here.

Fill in the form and click Generate to begin.

By industry

Tailored guidance for your sector

Each industry page combines the same ai policy generator with sector-specific risks, regulator citations, and bias considerations drawn from the canonical overlay data.

By jurisdiction

Tailored to your regulatory context

Each jurisdiction page anchors the ai policy generator on the regulations that apply locally — top laws, key articles, and enforcement status — pulled from our maintained jurisdiction overlay.

Often bought together

Part of 4 bundles

Each bundle is anchored on a specific persona’s buyer journey. Standard sum-of-parts pricing — each tool is still purchased individually at its standard price (no subscription, no bundled checkout).

Related reading

EU AI Act in mid-2026: what is in force, what is deferred, what to do this week →
A practitioner read of the live obligations, the Digital Omnibus deferrals, and the five moves your programme should still make this week.

Your data — what we collect, keep, and share

What we collect

Your tool inputs — jurisdiction, industry, staff size, risk appetite, and an optional organisation name — plus a Stripe-processed payment. No account, no email required. Our hosting platform keeps minimal server logs (IP, timestamp) for security.

How long we keep it

Tool inputs are used to generate your document and are not retained after your session. Payment transaction metadata (ID, amount, timestamp) is kept for seven years, the retention period required by financial-records law.

Does it train any model

No. Your inputs are not used to train our AI models. Generation runs through Anthropic's API, which does not use API inputs for model training by default.

Where it is stored

Frontend on Vercel, backend on Railway, AI generation via Anthropic's API, payment via Stripe's PCI-DSS certified infrastructure. All data in transit is TLS-encrypted.

Full detail in the Privacy Policy.

Built to amplify your in-house expertise

These outputs support, rather than replace, your practitioners. Qualified human review is not optional — it is a core part of the process.

  • AI-generated — a first draft, not a finished legal instrument.
  • Qualified review by in-house or external practitioners required before implementation.
  • Regulation references reflect the position at the date of generation.

Full disclaimer

  1. Built to amplify your in-house expertise

    These documents support, and do not replace, qualified legal, clinical, or compliance practitioners. This output does not constitute legal advice. Consult your qualified in-house or external counsel before implementing or relying on any part of this document.

  2. Regulation currency

    Laws, regulations, and guidance cited are subject to change. Content reflects the position as at the date of generation and may not account for subsequent amendments, enforcement decisions, or judicial interpretations.

  3. Proposed legislation

    Where proposed or draft legislation is referenced — including the EU AI Liability Directive — such references describe legislation that has not been enacted. Its final form, scope, timing, and territorial application remain unconfirmed.

  4. AI output limitations

    AI output can contain errors or omissions. Do not rely on this document as a complete statement of your legal obligations or as a substitute for specialist compliance advice.

FAQ

Common questions about the AI Policy Generator

What jurisdictions does this tool cover?

All 14 jurisdictions: European Union, United Kingdom, United States, Canada, Australia, Singapore, China, Japan, India, Brazil, UAE, Switzerland, South Africa, and Global/International. Each output is cited to the jurisdiction's actual laws and regulations.

Which industries are supported?

All 14 industry sectors: Healthcare, Financial Services, HR & Recruitment, Legal & Professional Services, Education & EdTech, Retail & E-commerce, Manufacturing, Marketing & Advertising, Government, Energy, Transport, Insurance, Technology, and a Universal option for cross-sector use.

Is there a subscription or recurring cost?

No. Pay once per generation, view the output online, and download immediately. No monthly fees, no account required, no recurring charges.

Is the output legally binding or a substitute for legal advice?

No. Every output is an AI-generated starting-point document that amplifies your in-house expertise — it is not a substitute for qualified legal review. We include explicit regulatory citations and review notes; you should have a qualified lawyer or compliance professional sign off before implementation.

What is the refund policy?

We offer a 7-day money-back guarantee if the generated document fails to meet reasonable expectations for your stated jurisdiction and industry. See our refund policy for full details.

What format is the output and how customisable is it?

A complete 10-section Microsoft Word (.docx) document with inline regulatory citations, plus three free Excel companions (Procurement Checklist, Training Matrix, AI Tools Glossary). The .docx is fully editable — your in-house counsel can mark up, redline, and adapt to your organisation's tone before sign-off.

Which regulations does the Policy Generator cite?

EU AI Act, GDPR, NIST AI RMF, ISO/IEC 42001, and jurisdiction-specific frameworks (e.g. UK ICO guidance, US Colorado AI Act SB 24-205, Singapore Model AI Governance Framework). The exact citations are selected based on the jurisdiction + industry combination you pick at generation time.

Ready to build your
AI governance foundation?

Generate a complete, regulation-referenced AI usage policy in minutes. No account needed. No commitment.

Generate My Policy