Purpose and how to use this policy template

Purpose

This is a policy template to guide the use of GenAI within a council or equivalent public sector organisation. It focuses specifically on GenAI due to its widespread adoption and accessibility. It is currently one of the most commonly used forms of AI across councils, the wider public sector, and the general public.

The template is available to download as a Microsoft Word document and can be adapted to suit organisational needs. It has been designed in line with:

• ICO guidance on what an AI usage policy or procedure should cover.
• UK national guidance and playbooks including the AI Playbook for the UK Government, the Scottish AI Playbook and Digital Public Services Wales guidance on using artificial intelligence in the public sector. 
• International guidance and good practice, including UNESCO’s four ethical values for AI systems.
• Desk research into existing AI and GenAI governance policies from councils or integrated care boards such as but not limited to Central Bedfordshire’s draft AI ethics policy, Dorset Council’s Policy for the use of AI, Automation & Algorithmic Data Processing, Kent County Council’s AI policy [PDF] and Northeast and North Cumbria’s Use of AI and approval Policy [PDF].
• And subject to peer review and sign off.

ALGIM and Socitm originally developed a GenAI usage policy in 2023 in response to the rapid rise in interest following the launch of ChatGPT.

We anticipate building on this template in future versions to extend beyond GenAI and cover AI usage more broadly. This will be necessary to reflect ongoing advancements in AI technologies, and increasing use and familiarity across the public sector.

For now, version two of this GenAI policy template aims to:

• Enable organisations across the public sector to establish GenAI governance quickly and increase AI maturity.
• Provide a ready-made template to reduce the need to develop documentation from scratch.
• Support responsible, safe, secure, ethical, and transparent use of GenAI.
• Reduce risks associated with unauthorised GenAI usage.

How to use this policy template 

This policy template is designed to be used by a wide range of roles within a council. Not all sections will be relevant to every reader. Users should focus on the parts of the policy that relate to their responsibilities, decision‑making authority and level of involvement in the use, commissioning, oversight or governance of GenAI. The policy is intended to support shared understanding and joined‑up working, while providing clarity on where different roles should look for guidance.

Elected members

If you are an elected member, this policy is intended to help you:

• Understand how GenAI is being used, or proposed to be used, within the council.
• Be confident that appropriate safeguards, oversight and accountability are in place.
• Scrutinise decisions, risks and benefits associated with GenAI use in services.

You may find the following sections particularly useful:

• Policy purpose and objectives and Policy rationale, to understand why the policy exists and what it seeks to achieve.
• Ethical and responsible use, including bias, fairness, equality and human oversight.
• Transparency, explainability and accountability, including disclosure and public communication.
• Monitoring and enforcement, to understand how compliance is assured.

Chief officers, senior leaders and executives (including CIOs, CTOs and digital or IT leaders)

If you are a chief officer or senior leader, this policy supports you to:

• Set clear direction and expectations for GenAI use aligned to organisational values and risk appetite.
• Ensure appropriate governance, accountability and assurance arrangements are in place.
• Balance innovation and efficiency with legal, ethical and reputational considerations.

You are likely to want to focus on:

• Policy ownership and Roles and responsibilities, to understand governance structures and accountabilities.
• Use of GenAI, including permitted and prohibited uses.
• Procurement (working with vendors or suppliers), to understand lifecycle and assurance expectations.
• Safety and risk management, including pre‑deployment and monitoring requirements.
• Training and awareness, to ensure the organisation has the right skills and capability.

Service leaders, commissioners and project leads

If you are responsible for designing, commissioning or managing services that use GenAI, this policy helps you to:

• Assess whether GenAI is appropriate for a specific use case.
• Put proportionate safeguards in place before deployment.
• Manage risks, impacts and performance over the lifecycle of the system.

Key sections for this role include:

• Use of GenAI, including approval and notification requirements.
• Equality impact assessment (EqIA), Human oversight, and Ethical and responsible use.
• Safety and risk management, including pilots, testing and withdrawal conditions.
• Documentation and audit logs, to support transparency and assurance.

Procurement, legal, information governance, data protection and assurance roles

If you support or oversee procurement, compliance, data protection or assurance, this policy provides:

• A shared framework for embedding ethical, legal and governance requirements into GenAI procurements and contracts.
• Clear expectations for DPIAs, EqIAs, auditability, transparency and vendor assurance.

You may wish to focus on:

• Procurement (working with vendors or suppliers).
• Data governance, privacy and security, including DPIAs and data sovereignty.
• Legal and regulatory compliance.
• Monitoring and enforcement.

Staff, contractors and other authorised users

If you are a member of staff, contractor or other authorised user, this policy explains:

• What GenAI tools you are allowed to use for work purposes.
• What you must not do when using GenAI.
• Your responsibility to apply human judgement, protect data and disclose GenAI use where required.

The most relevant sections are:

• Tools and services.
• Permitted and prohibited uses.
• Human oversight and disclosure.
• Training and awareness.

Using the policy in practice

Please note: This policy template is not a universal or stand-alone GenAI policy. Organisations should adapt it to their local context and ensure it aligns with existing policies, standards and procedures. It should not be developed or implemented in isolation, but used alongside wider organisational frameworks such as data protection, information security, procurement, HR, equality and diversity, and digital governance.

Organisations may wish to adopt a layered or risk-based approach to GenAI use, recognising that risks increase with higher-sensitivity data and that different controls may be required for low- and high-risk scenarios.

The template provides guidance and prompts rather than a definitive checklist. It does not replace professional judgement, legal advice, or statutory duties, and should be treated as a living document, updated as technologies, services and regulatory expectations evolve.

ALGIM and Socitm accept no responsibility for any loss or detriment arising from use of this document. Any use must be appropriately attributed and the content may not be used for commercial purposes.