AI Usage Policy for the Workplace (ChatGPT, Copilot)

AI in the workplace: Between productivity and loss of control

ChatGPT, Microsoft Copilot, Google Gemini, GitHub Copilot, Midjourney, Claude, Perplexity — the list of AI tools employees use in their daily work grows monthly. And the usage is not theoretical. Studies show that a significant proportion of employees already use AI tools for professional purposes, whether or not the company knows about it.

The problem is not the usage itself. AI tools can create text faster, write code more efficiently, accelerate research, and automate routine tasks. The problem arises when usage happens without controls.

An employee feeds ChatGPT with a confidential contract draft to have it summarized. A developer enters proprietary source code into GitHub Copilot to find a bug. HR lets an AI tool evaluate job applications. The marketing department uses an AI image generator without clarifying the licensing of the generated images.

In each of these cases, company data flows to an external service provider without the organization having control over what happens to that data. Is it used for training? Is it stored? Can other users see it? The answers depend on the respective provider, the chosen plan, and the currently applicable terms of use. And they change regularly.

An AI usage policy brings order to this chaos. It defines clear rules that give employees guidance while safeguarding information security and data protection.

Why the policy is needed now

Information security

Every input into an AI tool is a data transfer to a third party. If the tool runs as a cloud service (and most do), data leaves the corporate network. This directly affects the confidentiality of information — a core aspect of your ISMS. Which data falls under which protection level is governed by your classification policy.

ISO 27001 requires in A.5.10 (Acceptable use of information and other associated assets) that the use of information and associated assets is regulated. AI tools are such assets, and the usage rules belong in a policy.

Data protection (DSGVO/GDPR)

When personal data is entered into AI prompts, data processing occurs. For this you need a legal basis (Art. 6 DSGVO/GDPR), possibly a data processing agreement (Art. 28 GDPR), and a review of whether data is transferred to a third country (Art. 44 ff. GDPR). Without a policy, all of this happens uncontrolled and undocumented.

EU AI Act

The EU AI Act, which is entering into force in stages, imposes requirements on the use of AI systems: transparency obligations, human oversight, risk classification. Organizations using AI tools must ensure that their use complies with the AI Act requirements. A documented policy is the first step.

NIS2

NIS2 requires appropriate technical and organizational measures in Article 21. Uncontrolled use of AI tools is an organizational gap that an auditor will flag. An AI policy as part of the ISMS demonstrates that you are managing this topic systematically.

Trade secret protection

Under the German Trade Secrets Act (GeschGehG), trade secrets are only protected if the organization takes appropriate confidentiality measures. Anyone who enters confidential information into AI tools without controls jeopardizes trade secret protection and thus also the legal protection.

Which AI tools the policy addresses

The policy should not regulate a single tool but define categories:

Generative text AI: ChatGPT, Claude, Google Gemini, Microsoft Copilot (Chat), Perplexity. Use cases: text creation, summaries, research, translations, brainstorming.

Code assistants: GitHub Copilot, Amazon CodeWhisperer, Cursor, Tabnine. Use cases: code completion, bug analysis, refactoring, documentation.

Image and media generators: Midjourney, DALL-E, Adobe Firefly, Stable Diffusion. Use cases: image generation, design drafts, presentation graphics.

Integrated AI features: Microsoft Copilot in Office 365, Google Duet AI in Workspace, AI features in CRM and ERP systems. Use cases: email summaries, meeting transcripts, data analysis.

Specialized AI tools: Industry-specific AI solutions for accounting, contract analysis, customer service chatbots, HR screening. Use cases: automation of domain-specific tasks.

For each category, the policy must define which specific tools are approved, under what conditions they may be used, and which are explicitly prohibited.

Approved and prohibited tools

The policy needs a clear division into three categories:

Category 1: Approved tools

These tools have been reviewed by the organization and are approved for defined use. The review includes:

• Data protection assessment (DPA available? Server location? Data usage?)
• Information security assessment (Encryption? Access control? Data retention?)
• Contractual provisions (Enterprise license with opt-out from training?)
• Licensing assessment (Usage rights for generated content?)

Enterprise versions of Microsoft Copilot, GitHub Copilot Business/Enterprise, or ChatGPT Enterprise generally offer better data protection guarantees than the free versions. The policy should explicitly distinguish between enterprise and consumer versions.

Category 2: Restricted tools

These tools may be used for certain purposes but not with sensitive data. Typically, this includes free versions of AI tools that may be used for general research or creating non-sensitive text but must not be fed company data.

Category 3: Prohibited tools

These tools must not be used for professional purposes. Reasons may include: no DPA available, data processing in insecure third countries, known data protection violations, unclear terms of use regarding training data.

The list of approved tools is maintained by the ISO in coordination with IT and the data protection officer and is regularly updated. New tools must go through the approval process before use. In ISMS Lite, the tool list can be maintained as a versioned annex to the AI policy, so changes remain traceable and acknowledgment by all employees is documented.

What must never be entered into AI prompts

The heart of the policy: a clear definition of prohibited inputs. This list must be unambiguous.

Personal data: Names, email addresses, phone numbers, addresses, dates of birth, ID card data, health data, salary information. No personal data in AI prompts, even in approved tools, unless a specific approval from the data protection officer exists.

Credentials and keys: Passwords, API keys, certificates, SSH keys, tokens. Under no circumstances. Not even to get help with troubleshooting.

Trade secrets: Unpublished product strategies, price calculations, M&A information, patent applications, research results before publication.

Confidential customer data: Contract contents, project details, requirements documents, customer technical specifications, customer financial information.

Proprietary source code: Especially security-critical code, code with embedded secrets, code containing business logic. For approved code assistants (e.g., GitHub Copilot Enterprise), exceptions may apply that the policy explicitly names.

Internal security information: Network diagrams, firewall rules, vulnerability reports, penetration test results, incident details.

Legal documents: Ongoing litigation, attorney correspondence, unpublished compliance reports.

The policy should formulate as a rule of thumb: if you are unsure whether information may be entered, do not enter it and ask the ISO.

Prompt guidelines

In addition to prohibited inputs, the policy defines positive rules for working with AI prompts:

Anonymization: If you want to use an AI tool for a task based on real data, anonymize the data first. Replace names with placeholders, specific numbers with example values, company names with generic designations.

Context minimization: Enter only the information actually needed for the task. Do not copy an entire contract into the prompt when you only want to rephrase a clause.

No chaining of sensitive information: Individual data points may seem harmless, but in combination they can form a complete picture. Avoid addressing different sensitive aspects of the same topic in consecutive prompts.

Mind conversation history: Many AI tools store the conversation. What you enter in prompt 1 is still in context in prompt 10. Start a new conversation for sensitive topics and regularly delete old conversations.

Review obligation for AI-generated content

AI tools deliver plausible-sounding but not always correct results. Hallucinations (fabricated facts, non-existent sources, incorrect legal interpretations) are not a fringe phenomenon but a systemic issue of generative AI.

The policy must therefore define a review obligation:

Principle: Every piece of AI-generated content must be reviewed by a qualified human for accuracy, completeness, and appropriateness before use. Responsibility for the output lies with the person who uses it, not the AI tool.

Expert review: Legal texts are reviewed by lawyers, technical content by subject matter experts, financial figures by accounting. AI-generated content must not be published as the organization's expert opinion or incorporated into decisions without review.

Source verification: If the AI tool cites sources, these must be verified. AI tools regularly fabricate citations that sound credible but do not exist.

Labeling obligation: The policy specifies in which contexts AI-generated content must be labeled as such. Particularly for external publications, customer proposals, and legally relevant documents, labeling may be required. The EU AI Act requires transparency about AI use in certain cases.

Special scenarios

AI in software development

GitHub Copilot and comparable tools are highly productive for developers but raise specific questions:

• Licenses: AI-generated code may originate from open-source projects whose license terms may not be compatible with commercial use.
• Security: AI-generated code may contain vulnerabilities. The secure development policy (code reviews, SAST) applies without restriction to AI-generated code as well.
• IP protection: Proprietary code provided as context to Copilot may be used for training (depending on plan and settings).

The policy recommends enterprise versions with opt-out from training and requires that AI-generated code undergoes the same review processes as human-written code.

AI in human resources

The use of AI in personnel decisions (application screening, performance evaluation, termination preparation) is particularly sensitive from a GDPR and AI Act perspective. The policy should specify that AI tools in the HR area may only be used after approval by the data protection officer and with a documented data protection impact assessment.

AI for customer interaction

Chatbots and AI-supported customer advisory must transparently indicate that the customer is interacting with an AI (AI Act transparency obligation). The policy specifies that AI-based customer communication is only deployed with executive management approval and that a human escalation option must exist.

AI for management decisions

When AI-generated analyses or recommendations feed into strategic decisions, human oversight must be ensured. The policy clarifies that AI is a tool for decision support, not decision-making.

Training and awareness

The AI policy is only effective if employees know and understand it. Given the dynamics of the topic, a one-time training is insufficient.

Introduction training: When the policy takes effect, all employees receive training on the principles, permitted and prohibited uses, and review obligations.

Regular updates: At least semi-annually, the ISO provides updates on newly approved tools, changed risk assessments, and current developments in AI security and regulation.

Department-specific training: Developers need different information than the marketing department. Training is tailored to the respective usage scenarios.

Point of contact: The ISO or a designated person serves as the contact for questions about AI usage. The threshold for asking must be low.

Example outline for an AI usage policy

1. Purpose and scope
2. Terms and definitions — AI tool, prompt, generative AI, LLM, hallucination
3. Regulatory framework — GDPR, AI Act, German Trade Secrets Act, NIS2
4. Principles — Personal responsibility, review obligation, data minimization, transparency
5. Categorization of AI tools — Approved, restricted, prohibited
6. Approved tools and conditions of use — List with purpose and restrictions
7. Prohibited inputs — Clear list of data content that must not be entered
8. Prompt guidelines — Anonymization, context minimization, conversation hygiene
9. Review obligation for AI-generated content — Accuracy, sources, labeling
10. Special scenarios — Software development, HR, customer interaction, management decisions
11. Data protection requirements — DPA, third-country transfer, legal basis
12. Copyright and licenses — Rights to AI-generated content
13. Training and awareness
14. Violations and consequences
15. Responsibilities — ISO, DPO, IT, business departments
16. Approval process for new AI tools
17. Review and update — At least semi-annually due to the dynamic developments
18. Effective date and approval

A policy that keeps pace with technology

What is special about the AI policy is the speed at which the topic evolves. New tools appear weekly, capabilities grow exponentially, and regulatory requirements become more concrete with the AI Act. An AI policy written today must be reviewed and adapted in six months.

That is why it is advisable to keep the policy lean and maintain the list of approved tools as a separate, more quickly updatable annex. The principles (no sensitive data in AI tools, review obligation, personal responsibility) remain stable. The specific tool approvals change with the market.

ISMS Lite maps exactly this dynamic policy lifecycle: you create the AI usage policy with AI support, automatically version every change, obtain digital acknowledgment from all employees, and have management approve it with a signature. When the tool landscape changes, you update the policy, and ISMS Lite ensures that all affected parties acknowledge the new version. This keeps the policy current and demonstrably effective.

Further reading

• AI and cybersecurity: Opportunities, risks, and what you need to consider
• Classification policy: Confidential, internal, public
• Creating an information security policy: Structure, content, and practice
• Secure development policy: Secure Development Lifecycle
• Policy lifecycle: From creation to retirement