
Your employees may already be using artificial intelligence at work: drafting emails, summarising meetings, researching competitors, preparing proposals or creating marketing content.
Some may be using approved business accounts. Others may be copying information into free public tools without telling anyone.
Used well, AI can save time and improve productivity. Used carelessly, it can expose confidential information, produce inaccurate advice and damage customer trust.
The answer is not to ban it.
Employees will find ways to use tools that make their jobs easier. A blanket ban may simply drive AI use underground, where it becomes harder to manage.
Instead, business owners need a small number of clear rules.
Start by finding out what is already happening
Many businesses begin their AI journey by choosing a new tool. A better starting point is to ask your team:
- Which AI tools are you using?
- What work are you using them for?
- What information are you entering?
- How do you check the output?
- Where has AI saved you time?
- Where has it produced poor or misleading results?
The purpose is not to catch people out. It is to understand what is already happening.
You may discover useful experiments that can be shared across the company. You may also find risks that need to be addressed quickly.
UKBA members recently identified several common problems being brought to business advisers. These included inaccurate AI-generated legal documents, poor-quality marketing, confidential information being entered into public tools and staff using AI without proper training or supervision.
An open conversation is the first step towards responsible use.
Rule one: Do not enter confidential information without permission
Employees need to understand what they can and cannot share with an AI system.
Information that should not be entered into an unapproved public tool may include:
- customer names and contact details
- employee information
- commercially sensitive prices or margins
- contracts and legal correspondence
- intellectual property
Removing a customer’s name may not be enough. A combination of other details could still make the customer identifiable.
Where AI involves personal data, UK data protection law may apply. The Information Commissioner’s Office says organisations must consider fairness, security, transparency, data minimisation and people’s rights when using AI.
Employees do not need to become data protection experts. They do need one clear instruction:
Do not put confidential, personal or commercially sensitive information into an AI tool unless the business has approved both the tool and the purpose.
Rule two: A person remains responsible for the result
AI can produce an answer that sounds confident, detailed and completely plausible.
That does not make it correct.
It may invent facts, misunderstand context, use outdated information or overlook an important exception. This is particularly dangerous when it is used to draft contracts, employment documents, financial advice or technical instructions.
Every AI-assisted piece of work should have a named person responsible for checking it.
The level of checking should reflect the level of risk. An internal brainstorm may need only a quick review. A customer proposal, legal document, safety instruction or public claim needs much greater scrutiny.
The person approving the work should be able to explain:
- where the information came from
- what assumptions were made
- whether important facts were checked
- whether professional advice is required
- why the final output is suitable
Rule three: Protect the quality and voice of your business
AI makes it easy to produce more content. It does not automatically produce better content.
Without clear direction, employees may create long proposals, repetitive articles and generic customer emails. Different people may use different prompts and produce material that sounds as if it came from several unrelated businesses.
The result is often more output but less clarity.
Set basic standards for AI-assisted communication:
- use plain language
- keep proposals proportionate
- check every factual claim
- adapt the material to the individual customer
- make sure it sounds like your business
Your brand is not simply your logo and colours. It is the experience customers have when dealing with your people.
AI should help employees communicate more clearly. It should not remove judgement, personality or genuine interest in the customer.
Rule four: Approve tools, not just uses
Not all AI services handle information in the same way.
Free consumer tools, paid business accounts and systems integrated into existing software may offer different controls over security, access, storage and the use of submitted data.
Decide which tools employees may use and for what purposes.
Your review should consider:
- how accounts are controlled
- whether business data is used to train the provider’s models
- where information is stored
- what happens when an employee leaves
- whether access can be removed centrally
The National Cyber Security Centre warns that AI systems can create or amplify security risks. Its guidance stresses the importance of considering security throughout the design, deployment and operation of AI-enabled systems.
Employees should not connect unapproved AI tools to company email, customer databases or internal systems simply because the connection is easy to activate.
Rule five: Use AI to solve a defined business problem
There is a danger that AI becomes an endless experiment.
Employees try tools because they are interesting. Managers launch projects because competitors are talking about them. Time is spent creating demonstrations that never improve a customer outcome or business result.
Start with a problem. For example:
- proposals take too long to prepare
- customer enquiries are not classified quickly enough
- meeting actions are regularly missed
- product information is difficult to find
- routine reports take several hours to compile
Define the current cost, delay or error rate. Test whether AI improves it. Then measure the result.
A successful pilot should produce a clear benefit such as time saved, fewer errors, faster service or increased sales.
If the benefit cannot be explained, the business may have found an interesting tool rather than a useful solution.
Create a one-page AI policy
Most SMEs do not need a 40-page artificial intelligence manual. They need a short, practical policy that people can understand.
It should state:
- Which AI tools are approved
- What information must never be entered
- Which tasks require additional permission
- How outputs must be checked
- Who is accountable for the final work
- How concerns or mistakes should be reported
- When the policy will be reviewed
Support the policy with practical training. Use examples from your own business rather than abstract warnings.
The aim is not to stop employees using AI. It is to help them use it safely, confidently and productively.
AI needs management, not magic
Business owners have a choice.
They can ignore informal AI use until a problem appears. Or they can establish clear expectations now and turn scattered experimentation into a managed business capability.
Your employees are probably already using AI.
The important question is whether your business is helping them use it well.
