Moving Average Inc.

Free Tool

Draft Your Company's AI Policy
In 10 Minutes

Answer twenty-five questions and walk away with a starter AI use policy your leadership team and counsel can refine. Built for CEOs of 10- to 500-person companies.

~10 minutes No email required Markdown + print ready
Start the Questionnaire

This is a discussion draft, not legal advice. Review with qualified counsel before adopting. Your answers persist in your browser between visits — you don't need to start over if you close the tab.

Why Most Companies Don't Have an AI Policy Yet

Your team is already using AI. Sales is drafting outbound with it. Marketing is generating images. Engineering is shipping Copilot code. Someone in finance just pasted a vendor contract into a free chatbot to summarize it. The policy that says what's OK and what isn't almost always lags the actual usage by months — sometimes years.

The hold-up is rarely intent. A policy that lands has to answer specific questions: Which tools do we fund? Where does our data go? Who's accountable when something breaks? What can a contractor do that an employee can't? Those are business decisions, and most AI policy templates skip them. So the template sits in a Google Doc and nothing ships.

Past thirty people, every company already has the situations a policy is supposed to govern. Someone in operations has decided AI is dangerous and quietly refuses to use it. Someone in engineering is convinced a colleague is letting AI do their job. Someone in product has shipped AI-generated work in a customer-facing feature. Those conversations are already happening — underground. A written policy brings them above ground, where leadership can weigh benefits against risks instead of arbitrating rumors after the fact.

This tool runs the decisions first. Twenty-five questions across tools, IP exposure, acceptable use, human review, governance, and incidents — then a draft policy that reflects what you actually chose. The output is plain English, copy-ready, organized in the sections your leadership team and counsel will expect. The draft makes the next meeting productive. Counsel makes it final.

The questionnaire is informed by the research behind how companies should protect IP when using generative AI, how to deploy AI in your company, and shadow AI usage in your company — plus the current regulatory landscape (EU AI Act, Colorado SB 24-205, NYC Local Law 144, EEOC guidance on AI in hiring). Sections that require licensed legal review — NLRA savings language, jurisdictional notices, vendor contract language — are flagged as placeholders rather than auto-drafted.

If you want a faster, IP-only assessment first, take the 3-minute AI IP Risk Assessment. If you want to skip ahead and work the policy out with help, the AI Workshop for CEOs dedicates a session to it.

Built on the research behind

Ready to start? Drafts save in your browser as you go.

Start the Questionnaire

Questions further down — read those first if anything's unclear.

Frequently Asked Questions

Does an AI policy template work for a small business?

A template gives you the structure, but the decisions inside it — which AI tools to fund, who owns governance, what data is off-limits, how to handle incidents — have to come from your leadership team. The wizard walks a CEO through those decisions and produces a draft policy that reflects your actual choices, not a generic template.

Is the generated AI policy legal advice?

No. The output is a starting point for discussion with your leadership team and counsel. AI policy intersects with employment law, IP law, privacy law, and sector-specific regulation. Sections that require licensed legal review — NLRA savings language, jurisdictional notices, hiring-AI clauses, vendor contract language — are flagged as placeholders in the draft.

How long does the AI policy generator take to fill out?

About 10 minutes. The questionnaire covers six areas: company scope, IP exposure, approved tools, acceptable use and human review, governance and incident response, and training. Your answers are saved in your browser, so you can step away and come back.

Does the AI policy generator save my answers anywhere?

Your policy answers are stored in your browser's localStorage between visits and are never sent to our servers. If you fill in the optional email field, your email plus your company name and size are sent so John can schedule a follow-up call. Anonymous analytics also fire on policy generation (a count grouped by company-size band). The shareable link you can email to counsel is built in your browser and embedded in a mailto — we never see it.

What sections does the generated AI policy cover?

Purpose and scope, governance and ownership, approved tools, acceptable and prohibited uses, data classification, IP guardrails, human review requirements, vendor assessment, incident reporting, training, policy review cadence, acknowledgment, and a curated list of references — legal sources tailored to your jurisdiction and data exposure, plus further reading from Moving Average.

AI Policy Questionnaire

Six sections • ~10 minutes • Your answers stay in your browser

0 of 18 answered 0%
1 · Company & Scope
Q1. What is your company's official name?

Use the legal name as it appears on contracts. This goes in the policy title and signature line.

Q2. Roughly how many people work here?
Heads up: at 500+ employees, you likely need more than a starter draft. The output here is still useful as a starting point, but plan to bring in employment counsel and an AI governance consultant. The Workshop includes a dedicated policy working session.
Q3. Who should this policy cover?

Check all that apply.

Q4. Where are your people based?

Check all that apply. Drives jurisdictional notes.

EU/UK exposure triggers EU AI Act notes in your policy — Art. 4 (AI literacy training, in force since Feb 2025) and Art. 50 (transparency obligations for AI-generated content). We flag these; we don't draft EU-specific clauses for you.
2 · IP Exposure
Q5. Does your business depend on copyrighted work you create?

Code, written content, designs, video, music, etc. Why this matters →

Q6. Does your business depend on patents or patentable inventions?

AI cannot be listed as an inventor under USPTO guidance — every AI-assisted invention still needs a human inventor whose conception is documented. Why this matters →

Q6a. What guardrails do you want around using AI in R&D or invention work? (Optional)

Q7. Does your business rely on trade secrets?

Customer lists, algorithms, formulas, unreleased designs. Why this matters →

Q8. Does your company handle sensitive third-party data?

Check all that apply.

Q9. Have you updated employment and contractor agreements with AI assignment language?

Work-made-for-hire doctrine doesn't automatically cover AI-generated output. Why this matters →

3 · Approved Tools
Q10. Which AI tools are approved for use under this policy?

Check the tools employees may use for company work. Anything not on the list is treated as not-approved by default. John's tool recommendations →

Enterprise / business tier — data not used for training

Acceptable with caveats

Always prohibited by the generated policy

Listed for transparency — these are written into §3 of your draft as default-deny categories regardless of what you check above.

Personal Subscription Reimbursement

You selected a personal subscription tier. Will the company reimburse the cost?

Any limitations on reimbursement? (Optional)

Q11. What's your default stance on embedded AI features?

AI baked into existing software — Jira, Notion, Slack, Salesforce, CAD packages, Adobe, Google Workspace. Why this matters →

Q12. How can an employee request a new AI tool be added to the approved list?
4 · Acceptable Use & Human Review
Q13. What kinds of work do you expect AI to help with?

Check all that apply. Frames the policy as a green-light document, not just a list of bans.

Q14. What do you want to explicitly prohibit?

Reasonable defaults pre-checked — uncheck anything that doesn't fit your business.

Anything else to prohibit? (Optional)

Q15. Which AI-touched work products must have human review before they ship?

Check all that apply. Includes both external deliverables and internal tools that other people depend on.

Anything else that needs human review before it ships? (Optional)

Q16. Do you use AI in hiring, performance review, promotion, or termination decisions — or plan to?

Heavily regulated. The policy generates default-deny language unless you choose otherwise.

Counsel territory. AI used in employment decisions triggers NYC Local Law 144, IL HB 3773, CA FEHA, CO SB 24-205, and EEOC guidance under Title VII / ADA. The generated policy will mark this section as "work with employment counsel" rather than drafting custom language.
Q17. Do you want to disclose AI involvement on customer-facing deliverables?
Disclosure regs: EU AI Act Art. 50 requires disclosure for AI-generated content shown to EU users; California SB 243 covers companion chatbots. If you sell to those markets, the policy will flag this.
5 · Governance & Incident Response
Q18. Who owns AI policy and governance?

Why this matters →

Q19. How often will leadership review this policy?
Q20. Who audits the AI tools actually in use?

Quarterly inventory of every AI tool — including embedded AI inside other software.

Q21. If an employee puts confidential data into an unapproved tool, who do they tell?
6 · Training & Wrap-up
Q22. Who will get trained on AI use, and how?

Defaults pre-checked. John's training framework →

Q23. Do you want an anonymous channel for employees to flag AI misuse?
Q24. What happens if someone violates the policy?
Q25. Anything else you want named in the policy? (Optional)

Appended as a "Company-specific provisions" section.

Optional — want John to follow up?

The policy generates either way. Drop your email here and John will reach out.

This is a discussion draft, not legal advice. Review with qualified counsel before adopting.