The policy is being written right now, by your associates, one paste at a time
Picture a 35-person accounting and advisory firm on a Tuesday in March. A second-year is behind on a client memo, so she drops three pages of the client's trial balance into a public chatbot and asks it to summarize variances. It works. It's fast. She does it again the next day with a different client. Nobody told her not to. By the time a partner notices, the firm has an undocumented practice involving client financial data and a third party with terms of service nobody read.
That is the real shape of the problem in professional services. Your people handle privileged, regulated, or contractually restricted material as their daily raw input. Lawyers have draft pleadings, accountants have workpapers, consultants have client strategy decks, agencies have unreleased campaigns. The RSM middle-market AI survey shows leaders pushing past one-off experiments into routine use, and the San Francisco Fed analysis of AI and small businesses shows the same adoption pressure hitting smaller firms. The tools spread faster than the rules.
So the acceptable-use policy is not a compliance memo you file and forget. It is the work instruction that decides whether that associate's instinct on Tuesday is a sanctioned shortcut or a client-confidentiality incident. Write it as if it will be read mid-task by someone who is busy and means well, because that is exactly who reads it.
Sort by the document, not by the abstract risk category
Generic policies fail because they say "do not input sensitive data" and leave every employee to decide what counts. In a services firm, the answer is concrete: you can name the documents. Build the policy around the actual artifacts that cross people's desks, then attach a rule to each.
A workable cut for a mid-market firm has four lanes. Green: a public model is fine — anonymized internal training notes, first-draft outlines with no client identifiers, summarizing your own published thought leadership. Yellow: only inside an approved, contracted tool with logging — client research that names the client, meeting summaries, proposal support. Orange: requires named partner sign-off before any tool touches it — workpapers, draft deliverables, anything tied to an active engagement letter. Red: never, in any tool — privileged communications, material non-public information, PII covered by a client confidentiality agreement. The OECD report on AI adoption by small and medium-sized enterprises is a reminder that tool access is not the same as readiness; the lanes only work if your data is organized enough that people can tell which one a file falls into.
Then borrow structure, not bureaucracy. The NIST AI Risk Management Framework gives you the govern-map-measure-manage spine so the four lanes are defensible rather than arbitrary, and the CISA AI Data Security Best Practices supply the part most firm policies skip entirely: where the data goes, whether it trains a third-party model, what gets logged, and how long anything is retained. For a firm that owes clients confidentiality, the retention-and-training question is the whole ballgame.
Prove it on one engagement before you roll it out firm-wide
Do not launch the policy with an all-hands and a signature sheet. Pick one recurring workflow — say, the way your team turns a client interview into a first-draft findings memo — and run the policy against it for a month. Document the approved sources, name who reviews the AI-touched output before it leaves the firm, and measure three things: how long the memo takes, how much partner rework it needs, and how many times someone hit a lane boundary and had to ask. That last number tells you where the policy is unclear. The Deloitte State of AI report makes the point that value shows up only when the work itself changes, not when a tool is merely available.
Resist the urge to skip to autonomous agents drafting client deliverables. The Gartner agentic AI project forecast warns that a large share of agentic projects get scrapped, and the firms that get burned are usually the ones that automated before they had named ownership, a human review gate on client-facing work, and a way to roll back a bad output. In a services business, a wrong number in a client deliverable is not a bug ticket — it is a malpractice conversation.
Your Monday move: open a doc, list the five document types your firm actually handles, and assign each to a lane. That single page is more policy than most firms have. From there, the next step is AI Governance and Training to turn it into a standing cadence, and the AI policy template to capture approved uses, restricted data, review rules, and escalation paths in one place your people will actually open.
