AI Workflows · HR policy build · Updated June 2026
Write an Employee AI Use Policy With Claude
It is the single most-requested artifact in HR in 2026, and most teams stall on a blank page. Here is the section-by-section build, with the exact prompts, that gets you a usable draft in an afternoon.
How to write an employee AI use policy: build six sections with Claude, one at a time. Scope, permitted tools, prohibited data, disclosure, human review, and a state-aware notice clause. Give the model your real tools, data rules, and states, and you get a strong first draft in an afternoon. AI writes the draft; a named human and counsel own the policy.
Key takeaways
- Six sections cover it. Scope, permitted tools, prohibited data, disclosure, human review, and a state-aware notice clause are the load-bearing parts of any employee AI policy.
- The prohibited-data section is the one that prevents disasters. Name exactly what employees must never paste into a general AI tool: customer PII, employee PII, health information, source code, and trade secrets.
- The notice clause is what makes it 2026-proof. A state-aware AI-use notice clause keeps the policy aligned with laws like Illinois HB 3773 instead of going stale the moment a state acts.
- AI drafts, a human owns. Claude builds the draft fast and keeps the language consistent. A person and counsel confirm the legal clauses and put their name on the result.
Why every HR team needs this now
Your employees are already using AI. They are pasting customer emails into chatbots to draft replies, dropping contract clauses in to summarize them, and asking models to clean up internal documents. Most of them are doing it with no rules at all, which means your confidential data is leaving the building one prompt at a time and you have no record of it. The question is not whether to allow AI. It already happened. The question is whether you have a written policy that tells people what is allowed, what is forbidden, and what they have to disclose.
HR owns this because the highest-risk AI use is people data and people decisions, and because a CEO who reads one alarming article will ask HR for "our AI policy" by end of week. The good news is that a strong employee AI policy is a writing task, and writing tasks are exactly where AI helps most. You bring the real inputs, your tools and your data rules and your states, and the model assembles a clean, consistent draft you then make yours.
A policy nobody can find or understand is not a policy. The goal is six plain-language sections an employee actually reads, not a ten-page document that lives in a drawer.
The six sections, and what each one does
Before you open the tool, understand the skeleton. Every section answers one question an employee will actually have.
| Section | The question it answers |
|---|---|
| Scope | Who and what does this policy cover, and which AI tools does it apply to? |
| Permitted tools | Which AI tools are approved, and is there an approval path for new ones? |
| Prohibited data | What must I never paste into an AI tool? (The most important section.) |
| Disclosure | When do I have to flag that AI helped produce something? |
| Human review | What can never go out on AI output alone, without a person checking it? |
| State-aware notice | When does the law require us to notify applicants or employees that AI is used? |
That last section is what separates a 2026 policy from a 2023 one. State laws now require employers to notify people when AI touches employment decisions. Building a notice clause into the policy from the start means it does not go stale the next time a state acts.
The build: six prompts, one afternoon
Run this with Claude or your company's sanctioned tool. Build one section at a time so you can review each before moving on. Do not ask for the whole policy in one shot, because a single mega-prompt produces a generic document that fits no one.
Step 1: Set the scope
Tell the model who you are and who the policy covers. Example prompt: "You are helping an HR team draft an employee AI use policy. Our company has 600 employees across Illinois, California, and Texas. Write the scope section: it covers all employees, contractors, and interns, and applies to all generative AI tools whether company-provided or personal, used for company work. Keep it to plain language a non-lawyer reads in thirty seconds."
Step 2: Define permitted tools
Name your approved tools and an approval path for new ones. Example prompt: "Write the permitted-tools section. Our approved tools are [list yours]. Employees may use these for company work. Any other AI tool requires written approval from IT and HR before use on company data. Explain the approval request in two sentences."
Step 3: Lock down prohibited data
This is the section that prevents the disasters, so be specific. Example prompt: "Write the prohibited-data section. Employees must never enter the following into any AI tool: customer personal information, employee personal information, health or disability information, salary and compensation data, source code, unreleased financial results, and trade secrets. Give a short plain-language rule of thumb at the end: if you would not email it to a stranger, do not paste it into an AI tool."
Step 4: Set disclosure and human review
Tell people when to flag AI help and what can never ship unchecked. Example prompt: "Write the disclosure and human-review sections. Disclosure: employees must note when AI substantially produced a customer-facing or employee-facing document. Human review: no AI output may be sent to a customer, used in a hiring or performance decision, or published externally without a named human reviewing and approving it. Keep each to a short paragraph."
Step 5: Add the state-aware notice clause
This is the clause that future-proofs the policy. Example prompt: "Write a state-aware AI-use notice clause. Because we operate in Illinois and California, where law requires notifying applicants and employees when AI is used in employment decisions, state that the company will provide written notice when AI is used in recruiting, hiring, promotion, discipline, or discharge, and will keep records of that use. Note that this clause is reviewed by counsel and updated as state laws change."
Step 6: A human edits, counsel reviews, you publish
The model has given you six clean sections. Now a person reads every line, cuts anything that does not match your reality, and routes the legal clauses, especially the notice and prohibited-data sections, to employment counsel. You align it to your company voice, date it, and put a named owner on it. Then save the prompt set as a reusable template so your next policy update starts from your standard, not from scratch.
Paste-ready: employee AI use policy skeleton
Drop this into your tool as the frame, then fill each section using the prompts above. Replace every bracketed placeholder with your real inputs before you publish.
1. Scope. This policy applies to all employees, contractors, and interns, and to all generative AI tools, whether company-provided or personal, used for company work in [your states of operation].
2. Permitted tools. Approved tools: [list your approved tools]. Any other AI tool requires written approval from IT and HR before use on company data. To request approval, submit [your request path].
3. Prohibited data. Never enter into any AI tool: customer personal information, employee personal information, health or disability information, salary and compensation data, source code, unreleased financial results, or trade secrets. Rule of thumb: if you would not email it to a stranger, do not paste it into an AI tool.
4. Disclosure. Note when AI substantially produced a customer-facing or employee-facing document, per [your disclosure method].
5. Human review. No AI output may be sent to a customer, used in a hiring or performance decision, or published externally without a named human reviewing and approving it.
6. State-aware notice. The company provides written notice and keeps records when AI is used in recruiting, hiring, promotion, discipline, or discharge, as required in [your states]. This clause is reviewed by counsel and updated as state laws change.
Owner and review. Owner: [named HR leader]. Effective date: [date]. Next review: [date]. Legal clauses reviewed by: [counsel].
Honest usage notes
The afternoon estimate is real, but the value lives in your inputs, not the model's eloquence. A vague prompt produces a generic policy that reads like every template online and fits no company. A specific prompt with your real tools, your real data categories, and your real states produces something usable. Most of the skill is in knowing your own environment well enough to brief the model accurately.
The legal clauses are not optional polish. The notice and prohibited-data sections touch real law that varies by state and changes quickly, so they get counsel review before the policy goes live. AI can draft a notice clause that reads correctly and still miss a state-specific requirement. Treat the model as a fast first-drafter on the legal sections and a final authority on none of them. For the underlying law behind the notice clause, our briefing on Illinois HB 3773 walks through what one state now requires.
Guardrails
Do not let AI write the legal clauses unchecked
The notice clause and the prohibited-data list touch employment and privacy law. Use the model to draft them fast, then route them to counsel before the policy is published. An AI-written legal clause that nobody verified is a liability dressed up as compliance.
Do not feed the model your actual confidential data while drafting
You are writing a policy about protecting confidential data. Do not undercut it by pasting real employee or customer records into the tool as you draft. Describe the categories, not the contents.
Do not publish once and forget
A policy written in January is stale by summer as your tools and the state laws change. Set a review cadence, refresh the permitted-tools and notice sections, and re-communicate the policy when it changes. A named owner keeps it alive.
How we built this workflow
This six-section structure and the prompt set reflect hands-on use of AI to draft internal policy documents, where the reliable pattern is to build section by section rather than in one shot. The legal sections, notice and prohibited data, are flagged for counsel review because rules around AI in employment vary by jurisdiction and change quickly. We do not publish invented adoption statistics or fabricated outcomes. Confirm every legal clause against current guidance and your own counsel before relying on it.
What to do this week
You do not need a committee to start. Block one afternoon, gather your real inputs, your approved tools, your prohibited-data categories, and your states, and run the six prompts. You will end the day with a draft that is genuinely yours, not a downloaded template, and a clear list of which clauses go to counsel. That is the difference between announcing "we are working on an AI policy" and handing your CEO a real one by Friday.
Part of TLY's AI Workflows → workflow playbooks for senior professionals.
Frequently asked questions
What sections does an employee AI use policy need?
Six: scope (who and what it covers), permitted tools (which AI tools are approved and how to request new ones), prohibited data (what must never be pasted into an AI tool), disclosure (when to flag AI help), human review (what cannot ship on AI output alone), and a state-aware notice clause (when the law requires notifying applicants or employees). Build them one at a time so each gets a real review.
Can I just download an AI policy template instead?
You can, but a generic template names tools you do not use, omits your real prohibited-data categories, and ignores the states you operate in. Building it section by section with the model, using your actual inputs, takes about an afternoon and produces a policy that fits your company. The legal clauses still go to counsel either way, so you may as well start from something accurate.
What is the most important section?
The prohibited-data section. It is what stops employees from leaking customer and employee personal information, health data, source code, and trade secrets one prompt at a time. Name the categories explicitly and add a plain rule of thumb: if you would not email it to a stranger, do not paste it into an AI tool.
Do I need a notice clause if my state has no AI law yet?
Building one in is the smart move regardless. State AI employment laws are spreading, and a state-aware notice clause means your policy does not go stale the moment your state acts. Even where no law applies yet, telling applicants and employees when AI touches an employment decision is a defensible practice that costs you nothing.
Should AI write the whole policy?
AI should write the draft, not own the policy. It is excellent at producing clean, consistent sections from your inputs in an afternoon. It is not a substitute for human and legal judgment on the clauses that touch employment and privacy law. A named person in HR, with counsel reviewing the legal sections, edits, fact-checks, and signs off before the policy is published.
Build the policy, then build the judgment
Drafting the document is the easy part once you have the structure. The harder skill is knowing which clauses carry real legal weight, where the state laws are heading, and how to keep the policy alive as your tools and the rules change. That is what we teach: a practical system for putting AI to work across HR, including the policy work, without ever handing the judgment to a machine.
Go deeper with The Leveraged HR Professional course Join The Leverage Club for $49 and get the policy prompts, templates, and clause library Not sure where to start? Take the 2-minute course finderSources: TLY hands-on use of AI to draft internal policy documents section by section (June 2026); general guidance on AI-use notice obligations under state employment laws, confirmed against current regulatory guidance and counsel. Rules around AI in employment vary by jurisdiction and change quickly; verify the legal clauses against current guidance before relying on this page.