The AI Policy Gap

UK businesses are adopting AI faster than they're managing the risks

Visual representation of AI risk assessment - concentric protective layers analysing data flows
36%

Of UK Businesses Use AI

AI adoption among UK businesses has jumped significantly, creating urgent governance needs

Source: Ofcom
85%

Worried About Data Security

Senior UK IT leaders cite data security as their top AI-related concern

Source: EY Research
4%

Of SMEs Have AI Policies

Leaving 96% exposed to data breaches, compliance gaps, and costly mistakes

Source: Tech UK

The Compliance Driver

The UK GDPR requires businesses to conduct a Data Protection Impact Assessment (DPIA) if they process data that may result in high risk to the individual—and AI is considered a high-risk technology. Without a formal policy, you're exposed to regulatory scrutiny, data breaches, and reputational damage.

We close this gap with a practical policy and SOP delivered in 3-5 working days, giving your team clear guardrails without months of internal debate.

Only 4% of UK businesses have an AI policy—leaving 96% exposed to data breaches, compliance gaps, and costly mistakes. This service delivers a practical AI acceptable-use policy in 3-5 working days, complete with a Standard Operating Procedure so your team uses AI safely and confidently from day one.

We start with a free 30-minute consultation to understand your needs and provide a personalised quote. From there, we audit your current AI tools, map data flows, and build a risk profile tailored to your organisation. Unlike generic templates, we embed practical guidance directly into everyday tasks—showing teams exactly how to handle sensitive information, validate AI outputs, and escalate edge cases.

The service includes role-based guidance for marketing, sales, operations, and support teams, written in plain English. You receive a comprehensive SOP document, a quick-reference summary for day-to-day use, and a simple team acknowledgement system for governance purposes.

Choose a 30, 60, or 90-day follow-up review to check adoption, address emerging questions, and refine the policy as your AI tools and practices evolve. This creates a foundation for safe, confident AI use that scales with your organisation.

What You Get

A complete governance framework tailored to your organisation

Visual representation of AI policy framework - interconnected governance documents forming a protective network

AI Acceptable Use Policy

A comprehensive policy document tailored to your specific AI tools and use cases, written in plain English your team can actually follow.

Standard Operating Procedure

Step-by-step guidance for common AI tasks—what's allowed, what needs approval, and how to handle sensitive data safely.

GDPR Compliance Guidance

Documentation to support your Data Protection Impact Assessment requirements, with clear guidance on data handling and third-party AI tools.

Role-Based Examples

Practical examples for different roles in your organisation—marketing, HR, finance—showing exactly what's appropriate for each team.

Also Included

  • Quick-reference summary for day-to-day decisions
  • Staff acknowledgement template for compliance records
  • Flexible follow-up review at 30, 60, or 90 days
  • Microsoft 365 and Google Workspace formatting options

How It Works

Discovery phase - auditing current AI usage and identifying governance requirements
1

Discovery & Audit

Day 1

We review your current AI tools, use cases, and data handling practices. A 30-minute consultation identifies your specific governance requirements.

Deliverables:

  • AI tools inventory
  • Risk assessment
  • Scope agreement
Drafting phase - creating tailored AI policy and standard operating procedures
2

Policy Drafting

Days 2-3

We draft your bespoke AI acceptable use policy and SOP, incorporating your specific tools, roles, and compliance requirements.

Deliverables:

  • Draft AI policy
  • Draft SOP
  • Role-based examples
Review phase - stakeholder feedback and document refinement
3

Review & Refinement

Day 4

You review the drafts and we incorporate your feedback. We ensure the documents work for your team and align with your business culture.

Deliverables:

  • Refined documents
  • Stakeholder feedback incorporated
  • Final approval
Delivery phase - handing over final governance documents and implementation support
4

Delivery & Implementation

Day 5

We deliver final documents in your preferred format with implementation guidance and staff acknowledgement templates.

Deliverables:

  • Final policy & SOP
  • Quick-reference guide
  • Acknowledgement template

Every organisation is different. We adapt this process to fit your specific requirements, risk profile, and team size. Some projects need comprehensive coverage; others focus on specific departments. We'll recommend the right approach during your free consultation.

Investment

Clear pricing with no hidden costs. You get a complete governance package upfront.

From £995

Complete policy and SOP package to enable safe AI use across your organisation

What's Included

  • Free 30-minute consultation to scope your needs
  • AI acceptable-use policy tailored to your tools
  • Comprehensive Standard Operating Procedure (SOP)
  • GDPR compliance guidance and documentation
  • Role-based practical examples in plain English
  • Quick-reference summary and acknowledgement system
  • Flexible follow-up review at 30, 60, or 90 days
Book Free Consultation

Personalised quotes based on your specific requirements

Fixed pricing • No hidden costs • Transparent process

Frequently Asked Questions

Everything you need to know about our AI risk management services.

How does this differ from a general data protection policy?

While a data protection policy covers how you handle personal data across all systems, the AI Risk Management Service specifically addresses the unique risks of generative AI: hallucinations, prompt injection, unintended data disclosure, and output validation. We provide practical, role-specific guidance that helps teams use AI tools safely in their day-to-day work, complementing rather than replacing your broader data protection framework.

What if our team is already using AI tools without a policy?

That's precisely why this service exists. We start with a free consultation and Shadow AI Governance Assessment to identify current usage patterns and risks. The policy addresses real tools and workflows your team already uses, making it immediately applicable rather than theoretical. The SOP provides step-by-step guidance to transition from informal usage to safe, governed practices without disrupting productivity.

Do we need technical expertise to implement and maintain this policy?

No. The policy and SOP are written in plain English and designed for non-technical teams to understand and apply. We provide a quick-reference summary, role-based examples, and clear escalation procedures. Your chosen follow-up review (30, 60, or 90 days) and refresh checklist help you maintain the policy as AI tools evolve, with guidance on when to update rather than requiring constant monitoring.

How does the Standard Operating Procedure work for remote or distributed teams?

The SOP is a comprehensive, self-contained document designed for asynchronous use across all locations. It includes step-by-step guidance, role-based examples, and decision trees that teams can reference independently. The quick-reference summary provides an at-a-glance overview for day-to-day use, and the acknowledgement system works digitally for distributed teams.

What happens if we adopt new AI tools after the policy is implemented?

The policy is designed to be tool-agnostic, focusing on principles (data handling, output validation, escalation) rather than specific platforms. The refresh checklist guides you through assessing new tools against existing guardrails. Your chosen follow-up review provides an opportunity to update the policy, or you can request an ad-hoc review at any time.

Can the policy accommodate different risk appetites across departments?

Yes. The policy includes role-based guidance that reflects different risk profiles - for example, stricter controls for finance and legal teams handling sensitive data, while allowing more flexibility for marketing teams working with public information. This balanced approach prevents the policy from being either too restrictive or too permissive.

How does the acknowledgement tracking work?

We provide a simple sign-off mechanism (digital form or document-based) where team members confirm they've read and understood the policy. This creates a lightweight audit trail without complex systems. The tracking method is tailored to your organisation's size and technical capabilities - from a shared spreadsheet to integration with your HR system.

Ready to Enable Safe AI Use?

Get a practical, GDPR-compliant AI policy and SOP delivered in 3-5 working days

Book Your Free Consultation View All Services

Related Services

Discover other ways we can help transform your business with AI expertise

Strategic AI roadmap and implementation planning for your business

Strategy Blueprint

Find Your First AI Wins

5 working days
  • 3-5 prioritised use cases identified
  • 90-day roadmap with clear next steps
  • GDPR-ready governance included
Learn more
Prompt engineering and AI automation deployment for reliable business outcomes

AI Integration

Deploy AI That Actually Works

2-4 weeks
  • Reliable, on-brand AI outputs
  • Integrated into your existing tools
  • Break-fix warranty included
Learn more
View All Services