# AI Usage Policy Template

**Creative Intellectual Property Charity**
**Version 1.0 — May 2026**
**Format: Adaptable starter policy with square-bracket annotations**

---

*This template is written to be modified. Every clause carries a square-bracket annotation explaining its purpose and the considerations relevant to deciding whether it applies in the adopting organisation's context. Remove annotations before publishing internally.*

---

## [Organisation Name] — AI Usage Policy

**Effective date:** [Date]
**Owner:** [Role / department responsible for this policy]
**Review cycle:** [Annual / six-monthly — select based on how rapidly your AI usage is evolving]
**Version:** 1.0

---

### 1. Purpose

This policy sets out [Organisation Name]'s position on the use of artificial intelligence tools and systems in connection with creative content — whether content we own, content we manage on behalf of clients, or content we commission from third parties.

[ANNOTATION: This clause establishes the scope. If your organisation only uses AI internally (e.g., for productivity tools), the scope may be narrower. If your organisation trains AI models or operates AI-powered products, the scope should be broader to cover those activities explicitly.]

---

### 2. Scope

This policy applies to:

- All employees, contractors, and freelancers engaged by [Organisation Name]
- All AI tools, systems, and services used in connection with [Organisation Name] business
- All creative content owned by, managed by, or commissioned by [Organisation Name]

[ANNOTATION: Consider whether the policy should also cover personal use of AI tools when that use involves company content or client content. Many organisations extend the scope to cover this case explicitly.]

---

### 3. AI Training Use of Company-Owned Content

3.1. [Organisation Name] content shall not be submitted to any AI system for training, fine-tuning, or model improvement purposes without prior written authorisation from [designated role].

3.2. Where content is submitted to AI tools for inference (e.g., summarisation, editing assistance, image generation), employees must verify that the tool's terms of service do not grant the tool provider rights to use submitted content for training purposes.

3.3. All company-owned content shall carry a machine-readable TDM opt-out declaration in accordance with the UK Data (Use and Access) Act 2025 and EU AI Act Article 53.

[ANNOTATION: Clause 3.1 is the core protection — preventing company content from entering AI training pipelines without authorisation. Clause 3.2 addresses the common gap where employees use AI tools without reading the training-data clauses in the tool's ToS. Clause 3.3 implements the technical opt-out mechanism. If your organisation operates websites, this means deploying a cip.md file at each domain root.]

---

### 4. NILP Protections for Staff and Contractors

4.1. No AI system shall be used to clone, synthesise, or simulate the voice of any [Organisation Name] employee, contractor, or client without that individual's explicit written consent.

4.2. No AI system shall be used to generate images, video, or other visual content depicting the likeness of any [Organisation Name] employee, contractor, or client without that individual's explicit written consent.

4.3. Consent under clauses 4.1 and 4.2 must specify: the scope of permitted use, the duration of consent, the commercial terms (if any), and the right to withdraw consent.

4.4. [Organisation Name] shall maintain a NILP consent register documenting all active consents and their terms.

[ANNOTATION: NILP (Name, Image, Likeness, and Persona) rights are increasingly recognised in AI contexts. These clauses protect individuals whose voice or likeness could be used by AI systems. Consider whether your organisation's activities involve any of these use cases — if not, these clauses may be simplified but should be retained as a protective baseline.]

---

### 5. Output Disclosure Requirements

5.1. All AI-generated content produced by or on behalf of [Organisation Name] shall be labelled as AI-generated before publication or distribution.

5.2. Labelling shall include both machine-readable metadata (C2PA Content Credentials where technically feasible) and human-visible disclosure.

5.3. AI-assisted content (where AI was used as a tool but substantial human creative input was applied) shall be disclosed as AI-assisted, with the nature of the AI contribution described.

5.4. No AI-generated content shall be presented as entirely human-created.

[ANNOTATION: These clauses address EU AI Act Article 50 requirements and reflect good practice. The distinction between AI-generated and AI-assisted content (clauses 5.1 vs 5.3) is operationally important — most organisations use AI as a tool rather than generating content entirely through AI. Adjust the disclosure standard to match your regulatory environment.]

---

### 6. Supplier Obligations

6.1. All suppliers providing AI-powered services to [Organisation Name] shall be required to confirm in writing:

   (a) Whether content submitted by [Organisation Name] is used for model training
   (b) What data retention policies apply to submitted content
   (c) Whether the supplier holds CIP certification (and if so, at what level)
   (d) Whether the supplier maintains GIPL insurance coverage

6.2. New supplier agreements shall incorporate the seven CIP AI contract clauses where applicable:

   - TDM Opt-Out clause
   - NILP Scope Definition clause
   - Biometric Data clause
   - GIPL Insurance Obligation clause
   - Revenue Waterfall and Attribution clause
   - Agentic Execution clause
   - AI Disclosure clause

6.3. Existing supplier agreements shall be reviewed within [timeframe — e.g., 12 months] of this policy's effective date to identify agreements requiring AI-specific amendment.

[ANNOTATION: Clause 6.1 covers the due diligence gap — many organisations use AI suppliers without understanding their data practices. Clause 6.2 references the CIP AI contract clauses, available at creativeip.org/policy-library. Clause 6.3 sets a timeline for reviewing legacy agreements. Seek legal advice from a qualified practitioner before amending existing agreements.]

---

### 7. Prohibited Uses

The following uses of AI are prohibited at [Organisation Name]:

7.1. Submitting confidential client information to any AI system without the client's written consent.

7.2. Using AI to generate content that infringes the copyright, moral rights, or neighbouring rights of any third party.

7.3. Using AI to generate deepfake content of any individual without their explicit consent.

7.4. Using AI to circumvent TDM opt-out declarations or other rights restrictions.

7.5. Using AI outputs in any context where they could be mistaken for professional advice (legal, medical, financial) unless reviewed and approved by a qualified professional.

[ANNOTATION: This is a baseline set of prohibitions. Organisations in regulated sectors (financial services, healthcare, legal) should add sector-specific prohibitions. Organisations handling children's content should add safeguarding-specific prohibitions.]

---

### 8. Governance and Compliance

8.1. [Designated role] is responsible for maintaining this policy, monitoring compliance, and reporting to [board / management committee] on AI usage across the organisation.

8.2. All AI usage incidents (including unintended disclosure of confidential content, generation of infringing content, or breach of NILP protections) shall be reported to [designated role] within [timeframe].

8.3. This policy shall be reviewed [annually / six-monthly] and updated to reflect changes in law, regulation, technology, and organisational practice.

8.4. Board minutes recording AI governance decisions shall comply with the CIP Governance Minimum Dataset (Reference Clause 9 of CIP Classifications v1.0).

[ANNOTATION: Clause 8.4 is optional but recommended for organisations pursuing CIP certification or GIPL insurance coverage. The CIP Governance Minimum Dataset specifies the 10 items a governance record should contain to qualify as CIP-aligned.]

---

### 9. Training and Awareness

9.1. All employees and contractors whose work involves AI tools shall complete [Organisation Name]'s AI awareness training within [timeframe] of joining.

9.2. Training shall cover: this policy, the distinction between subsisting and registered rights, NILP protections, TDM opt-out obligations, and output disclosure requirements.

9.3. [Organisation Name] encourages relevant staff to complete the CIP CPD course (Level 1 is free at creativeip.org/courses).

---

### Appendix A: Approved AI Tools

[ANNOTATION: Maintain a register of AI tools approved for use at your organisation. For each tool, record: the provider, the intended use case, whether the tool uses submitted content for training, the data retention policy, and any contractual protections in place.]

| Tool | Provider | Use case | Training use? | Approved by | Date |
|------|----------|----------|--------------|-------------|------|
| [Tool name] | [Provider] | [Use case] | [Yes/No/Opt-out available] | [Name] | [Date] |

---

### Appendix B: NILP Consent Register

| Individual | Scope | Duration | Commercial terms | Consent date | Withdrawal right |
|-----------|-------|----------|-----------------|--------------|-----------------|
| [Name] | [Voice / Likeness / Both] | [Until date / Indefinite] | [Terms] | [Date] | [Process] |

---

*Creative Intellectual Property Charity — creativeip.org*
*This template is provided for educational purposes. Seek qualified legal advice before adopting for your organisation.*