In 2024 IFORI published a free template: Policy on the Acceptable Use of Generative AI. It defines scope, sets requirements at the prompt and output stages, prohibits the input of confidential information or unauthorised personal data, requires traceability of the exchange, and keeps the user responsible for the quality of the output.
A policy of this kind has a known weakness: it only governs behaviour insofar as the user reads it, recalls it, and applies it at the moment of use, typically while typing into a chatbot, with no reminder in sight. That distance between the rule and the act is where compliance tends to fail. However, there is a practical way to shorten this distance.
Code as law, law as code
Most Generative AI assistants now let an organisation set standing instructions that apply to every conversation. In Claude (Anthropic), this feature is Organization Instructions: instructions that “apply to every conversation across your org and take priority over users’ personal preferences.” The filled-in policy is translated from legal prose into operational instructions the model can act on, such as refuse confidential or client data and unauthorised personal data, prompt the user to retain a record, and require human review before output leaves the organisation. These are then entered in the settings. The policy then intervenes during the conversation, before the work is done.
Policy-as-code-ish: what it is, and what it is not
The approach is not unique to one tool, the lever is increasingly standard and most organisations already have it. For the SME in particular, it is a low-effort way to give a policy some bite: the document stops being a reference consulted only after something has gone wrong and starts acting as a constraint at the moment the work is done.
But this is instruction-following, not enforcement. Compliance is probabilistic, not deterministic. It shapes the default path and raises friction and awareness, but it is not a hard control like an access restriction or a DLP rule that cannot be bypassed. A determined user can circumvent it through how a request is phrased, and it governs only the tool in which it is configured, not a second assistant opened under a personal account, which is precisely where prohibited use is most likely to occur.
Hence policy-as-code-ish as the more accurate label: the instruction occupies the position of architecture, built in and applied up front, but carries only the force of a norm. Its value varies inversely with the infrastructure already in place.
Practical conclusion
A policy alone does not produce compliant AI use, and neither does a single entry in a settings field. Compliance is layered: the policy as the record and basis for accountability; standing instructions to make it operative at the point of use; technical measures (access management, DLP, …) for what instruction cannot enforce; and an AI-literate workforce as the layer that holds when the others are bypassed.
