In every second company, employees are already typing confidential material into an AI tool that management never approved — and no one notices until it is too late. A corporate AI policy is the instrument that closes this gap: a binding internal set of rules governing which AI tools employees may use and how, which data is off-limits, and who is responsible for it. It matters in 2026 because AI is already in use — usually faster than rules and technology can keep up.
Note: This is a general guide, not case-specific legal advice. It does not replace individual counsel. As of: November 2025.
The real problem: most policies stay on paper. They prohibit “ChatGPT for confidential material” without anyone actually preventing it technically. This guide shows both — the legally sound rule and its technical enforcement.
What is an AI policy?
Three terms are often conflated:
- AI policy (AI usage policy): an internal set of target rules, issued by the employer under its right to direct (Direktionsrecht, the employer’s right to issue instructions under German labor law). Quick to implement, unilateral.
- AI works agreement (KI-Betriebsvereinbarung): a collective-law instrument concluded between the employer and the works council (Betriebsrat) — more legally binding, but subject to the council’s consent.
- AI Policy: simply the English term for the same document.
Anyone with a works council rarely avoids the question of a works agreement (more on this below). Anyone without one runs the unilateral policy — but should anchor it cleanly in the employment contract.
Is an AI policy mandatory?
In short: there is no rule that explicitly prescribes an “AI policy as a document.” The obligation arises indirectly from several sources:
- Art. 4 of the AI Act (EU AI Act): since February 2, 2025, deployers and providers of AI systems must ensure a sufficient level of AI literacy among their staff (ai-act-law.eu, Noerr).
- GDPR: accountability and responsibility (Art. 5, 24, 32) require documented measures.
- Secrecy and labor law: protection of trade secrets and professional confidentiality obligations (sec. 203 of the German Criminal Code, StGB).
There is also growing time pressure: since August 2, 2025, the AI Act’s obligations for general-purpose AI models (Chapter V), its governance structure (Chapter VII), and its penalty regime (Art. 99 et seq.) have applied — and the EU’s AI Office became operational on that date (artificialintelligenceact.eu). The supervisory architecture is therefore no longer a future prospect but live.
A written policy is the simplest means of fulfilling these obligations in a demonstrable way. It is therefore effectively required, even though no statute uses the word “policy.”
Beware of scaremongering: Art. 4 of the AI Act is not backed by a standalone fine in the sanctions provisions (Art. 99 of the AI Act). In practice, a lack of AI literacy tends to act as an aggravating factor in connection with other violations — and, conversely, a documented literacy strategy acts as a mitigating one (Kliemt). How to implement Art. 4 in concrete terms is covered in depth in AI Literacy as a Duty: Implementing Art. 4 of the AI Act.
What belongs in an AI policy? (the building blocks)
These ten building blocks should appear in any robust corporate AI policy:
| # | Building block | What it governs |
|---|---|---|
| 1 | Purpose & scope | Who does the policy apply to (employees, freelancers, external service providers)? |
| 2 | Approved & prohibited tools | By name: e.g., “Copilot Business” allowed, “ChatGPT Free” prohibited |
| 3 | Data classification & off-limits data | Which data may never go into AI: PII, trade secrets, sec. 203 data |
| 4 | GDPR & DPA obligations | Legal basis, data processing agreement (Art. 28), third-country transfers |
| 5 | Transparency & human final control | Labeling of AI output, no blind acceptance |
| 6 | Copyright & usage rights | Who owns outputs, what may be published |
| 7 | Training & AI literacy | Implementation of Art. 4 of the AI Act, documented |
| 8 | Roles & governance | AI officer, management, data protection |
| 9 | Reporting & incident process | AI register, what to do in case of errors/data leaks |
| 10 | Review cycle | Versioning, regular updates |
This list is the core. Anyone who works through it has 90% of an effective policy in place.
From paper to impact: technical enforcement
This is where the effective policy parts ways with the fig leaf. A rule like “no client data in AI tools” is worthless if every browser tab can circumvent it. Enforcing it technically means:
- Tool allowlisting / blocklisting: only approved tools are reachable; the rest is blocked at the network level.
- SSO + role-based access control (RBAC): access only via central sign-on, tiered by role.
- DLP (Data Loss Prevention): automatic detection when sensitive data is entered into an AI field.
- EU / on-premise hosting & data residency: sensitive processing stays in the EU or in-house.
- Logging & auditability: demonstrable record of who used what and when.
This very interlocking of law and technology is the gap most providers leave open: law firms explain the “what,” tool vendors deliver features — but hardly anyone thinks the two together.
A rule only takes effect once a technical control layer enforces it — allowlisting, SSO/RBAC, DLP, and logging turn the sentence “no client data in AI” into an enforceable boundary.
How do I prevent shadow AI?
Shadow AI is uncontrolled, private AI use in the workplace. According to a 2025 Bitkom survey (604 companies with 20 or more employees), it is widespread at 8% of firms and a reality in isolated cases at 17% — trending upward compared to 2024 (Bitkom).
Pure prohibitions fail because the tools are useful. What works:
- Provide good, approved tools — according to Bitkom, 26% of companies already do this, and another 17% plan to.
- Educate rather than threaten — those who understand the rationale are more likely to comply.
- Back it up technically (see above).
Only prohibit what you simultaneously replace with a better alternative. How to curb shadow AI systematically is covered in detail in Shadow AI in the Company: Risk and Solution.
Does the works council have a say?
Where a works council (Betriebsrat) exists, the answer is usually yes. With AI tools, sec. 87 (1) no. 6 of the Works Constitution Act (BetrVG) regularly applies (technical equipment suitable for monitoring employee behavior or performance). The decisive point: the mere suitability for monitoring is enough — the tools need not actually monitor, and it does not matter whether the system is classified as “high-risk” AI (CMS). With centrally provided accounts that keep usage logs, this suitability is practically always present.
On top of that, sec. 98 BetrVG applies to in-house training. In many cases, an AI works agreement (Betriebsvereinbarung) instead of, or in addition to, the unilateral policy is therefore the cleaner route.
Note: How the rule applies in a given case depends on the specific tool configuration — please have it reviewed individually.
Rolling out an AI policy — in 7 steps
- AI inventory: Which tools are in-house, official and unofficial?
- Risk assessment: Which data, which processes, which risks?
- Select & approve tools: by name, with a data processing agreement and an EU nexus.
- Draft the rules: along the ten building blocks above.
- Involve the works council & data protection: early, not at the very end.
- Train & communicate: implement Art. 4 of the AI Act in documented form.
- Review & update: at least annually, and immediately when new tools are added.
If you want to tackle the AI Act systematically beyond the policy, you will find the overview in The AI Act: What Companies Need to Do Now.
Template, sample, or custom? (+ costs)
| Option | Effort/cost | Suitability | Risk |
|---|---|---|---|
| Free template | free | first overview, micro-teams | high — rarely fits your own tool & data landscape |
| Adapted template | low–medium | SMEs with a clear tool list | medium — co-determination/sec. 203 often unresolved |
| Fully custom | medium–high | regulated industries, works council, sensitive data | low — tailored to reality |
A free template is a good start. But the tool landscape, your industry, sec. 203 data, and co-determination are individual — and that is exactly where liability risks arise. Templates govern the “general,” not your specifics. If you want a policy that covers law and technical enforcement from a single source, the AI consulting for a custom AI policy page is the place to start — ideally with a no-obligation initial call.
FAQ
Which data should never be entered into AI tools? Personal data without a legal basis, trade secrets, professional confidentiality data under sec. 203 StGB (e.g., client or patient data), and anything contractually subject to confidentiality — unless the tool guarantees contractually secured, GDPR-compliant processing.
Who in the company is responsible for the AI policy? Management bears ultimate responsibility. Operationally, a designated role (AI officer or AI governance) is advisable, coordinated with data protection and, where applicable, the works council.
Is a free template enough? As a starting point, yes; as a robust set of rules, usually no. Templates do not know your specific tools, data types, and co-determination situation — and that is precisely where the risk lies.
How does the AI policy relate to the GDPR and the EU AI Act? The policy is the document in which you operationally implement and demonstrate GDPR obligations (legal basis, data processing agreement, data residency) and AI Act obligations (above all, AI literacy under Art. 4).
What does it cost to create an AI policy? From €0 (template) up to a manageable advisory budget for a custom policy that is co-determination-proof and enforceable. The honest answer depends on the number of tools, the industry, and the works council.
Conclusion
An AI policy is only effective once the legal rule and its technical enforcement come from a single source. Paper alone offers no protection — enforced rules do. Anyone who thinks about inventory, law, technology, and training together turns a compliance document into a genuine shield.
As of: November 2025. General guide, not case-specific legal advice — please have the application of any rule reviewed individually. Author: Leon Lotz, business lawyer (Wirtschaftsjurist) & developer.
Sources — as of 25.11.2025
- ai-act-law.eu — Art. 4 of the AI Act
- ai-act-law.eu — Art. 99 of the AI Act (sanctions)
- artificialintelligenceact.eu — implementation timeline (August 2, 2025)
- Noerr — Art. 4 of the AI Act: obligations and opportunities
- Kliemt — AI literacy in the company: a duty
- Bitkom — Employees increasingly use shadow AI (2025 survey)
- CMS — Introducing AI: involving the works council
Leon Lotz
Leon Lotz is a business lawyer and founder of MusketierSoftware. He combines legal depth with real software craft.
