Legal Services National Technology Assistance Project

AI Policy Builder

yellow, green, and blue angled lines

Explore This Toolkit

How to Use the AI Policy Builder

Last Updated: 4/21/26

How to Build Your Own Policy
 

You will build your AI Policy one section at a time.

For each section:

  1. Read the Guidance paragraph to understand the section’s purpose and key considerations.
  2. Choose your stance — Laissez-Faire, Intermediate, or Restrictive — based on your organization’s comfort level with AI use and data risk.
  3. Select one version within your chosen stance — Short, Medium, or Robust — that best fits your organization’s tone and detail level.
  4. Fill in any placeholders such as names of responsible roles, approval requirements, or review frequency.
  5. Repeat for all 13 sections, ensuring that each includes one completed policy piece.

Tip: You can mix and match across the Builder. For example, your organization might choose an Intermediate stance overall, but Restrictive for Data Protection or Disclosure and Transparency, and Laissez-Faire for Acceptable Use.
 

Quick Chooser


If you’re not sure which stance to pick, use this as a guide:

  • Laissez-Faire: Your team primarily creates internal materials and does not handle sensitive or regulated data. Choose Laissez-Faire for most sections and include basic quality assurance and transparency guidelines.
  • Intermediate: Your organization values innovation but must balance it with accountability and compliance. Choose Intermediate for most sections, with added approvals or oversight for higher-risk use cases.
  • Restrictive: Your organization handles client data, confidential information, or operates under regulatory or professional standards. Choose Restrictive for sections such as Acceptable Use, Data Protection, Disclosure, and Oversight.


Crosschecking

After completing your selections, do these quick consistency checks before finalizing your draft:

  • Policy Alignment: Confirm that your AI policy is consistent with existing organizational policies such as privacy, data management, cybersecurity, or legal ethics.
  • Compliance: Ensure your draft reflects applicable laws, ethical rules, and professional obligations.
  • Practicality: Verify that assigned roles, named tools, and training expectations are realistic and clearly defined.

Tip: Having an additional reviewer from your IT, data, or compliance team can help ensure your crosschecks are accurate.
 

Publish, Train, and Update


Once your draft is complete:
 

  • Publish: Post your final policy in your organization’s official policy library, shared drive, or handbook.
  • Train: Offer short training sessions before or immediately after rollout—especially if adopting Intermediate or Restrictive policies—to help staff understand expectations.
  • Review and Update: Set a recurring review schedule (e.g., quarterly or annually). Because AI technology and best practices evolve quickly, ongoing policy review helps your organization stay current and compliant.
     

Tip: Schedule the first review at least six months after launch to capture early lessons learned.
 

Contents