Why does your company need an AI policy now?
Because your people are already using AI — with or without permission. Shadow AI use is effectively universal: staff paste text into free chatbots to summarise it, developers run coding copilots on personal accounts, and AI features have quietly switched themselves on inside the email, CRM and office software the company already pays for. The question is not whether AI is being used in your business; it is whether anyone has decided which tools, on which data, with what review.
The incidents that follow are entirely predictable, because they are the same everywhere. Confidential data in prompts: client lists, draft contracts, financials and personal information pasted into consumer tools whose terms may permit training on the input — a POPIA problem, a confidentiality breach and, for professional firms, potentially a privilege problem in a single keystroke. Hallucinated output in client work: AI assistants fabricate citations, statutes, figures and references fluently, and unverified output has already reached South African court papers — courts have referred practitioners to the Legal Practice Council over fabricated AI-generated citations, and the professional-negligence exposure extends well beyond law firms to anyone delivering AI-assisted advice, reports or designs that a client relies on.
A policy is enablement, not a ban
The reflex response — prohibit everything — fails in practice, because the productivity gain is real and prohibition just moves usage onto personal devices where the company has no visibility at all. A working AI policy does the opposite: it names the approved tools, draws a hard line around the data that may never enter a prompt, and attaches human-review duties to anything that leaves the building. Guardrails, not gates.
What goes in a working AI policy? The ten sections
Strip away the boilerplate and a usable internal AI policy comes down to ten sections. Each one answers a question an employee will actually ask.
Scope + tool inventory and approval
Who the policy binds (employees, contractors, temps), what counts as an AI tool (general-purpose assistants, coding copilots, AI features embedded in everyday software like email and CRM), a living inventory of what is in use, and a defined route for getting a new tool approved instead of adopted quietly.
Data classification rules
The heart of the policy: what may NEVER enter a prompt — client personal information, privileged or confidential client material, trade secrets, unreleased financials, credentials and source code subject to NDA. Paired with what is safe (public information, properly anonymised data) so people know where the line actually sits.
Approved-tool tiers + account types
A tiered list: approved enterprise tools for sensitive work, approved consumer tools for low-risk work, and prohibited tools. Enterprise accounts matter because consumer tiers often reserve the right to train on your inputs; the policy should require enterprise or API accounts with data-training opt-outs for anything touching company data.
Human-review requirements
Any outward-facing output — client deliverables, contracts, marketing copy, published code, regulatory filings — must be reviewed by a competent human before it leaves the building. The policy should name the review standard and make clear that the human reviewer, not the tool, owns the output.
Citation and fact verification duties
AI assistants fabricate citations, statutes, case references and statistics with complete confidence. The policy must require independent verification of every authority, figure and factual claim in AI-assisted work before it is relied on or sent out — a duty SA courts have already shown they will enforce against professionals the hard way.
IP + attribution rules
Who owns AI-assisted work product (see the computer-generated-works rules below), how the company secures that ownership through employment and contractor terms, and licence compliance for code copilots — AI-suggested code can reproduce third-party licensed snippets, so the policy should require licence scanning where copilots are used on shipped code.
POPIA mapping
A lawful ground for any processing of personal information through an AI tool, operator terms with the vendor where it processes on your behalf, cross-border transfer treatment where the tool is hosted abroad, and section 71 controls wherever AI output feeds decisions with legal or similarly significant effect on a person — credit, hiring, claims.
Disclosure rules
When the company tells clients, counterparties or regulators that AI was used: contractual commitments that restrict AI use, professional-rule and tender requirements, and the judgement call where disclosure is not strictly required but silence would damage trust if discovered.
Incident reporting
A no-blame internal route for reporting AI incidents fast: confidential data pasted into a consumer tool, a hallucinated authority discovered after sending, suspected training-data leakage. Speed of reporting determines whether a POPIA section 22 notification or client disclosure can be handled properly.
Training + review cadence
Short, practical onboarding training (what the tiers are, what never enters a prompt, how to verify), refreshers when tools change, and a scheduled review of the policy itself — the tool landscape and the SA regulatory position are both moving.
The IP section deserves contracts behind it, not just policy text — for the ownership rules in detail, see who owns AI-generated code and AI-generated software and copyright.
Where is SA AI regulation actually headed?
South Africa's first formal step is the Draft National AI Policy, approved by Cabinet in March 2026 and gazetted in April 2026. It is a policy framework, not legislation: it signals a risk-based direction — heavier expectations for AI systems that affect people's rights and safety, lighter touch for low-risk uses — alongside themes of human oversight, transparency and capacity-building. It creates no binding obligations on companies today, and any eventual AI statute built on it is some distance away. What it does tell you is where the puck is going: companies that can already show governance — an inventory of AI use, risk tiers, human review, an accountable owner — will be positioned for whatever hardens into law, and an internal AI policy is precisely that evidence.
In the meantime the operative constraints are the laws that already exist. POPIA does the heaviest lifting: a lawful ground is needed before personal information enters any AI tool, operator and cross-border rules apply to the vendors hosting it, and section 71 restricts decisions with legal or similarly significant effect on a person that are based solely on automated processing — guidance from the Information Regulator on section 71 is expected but has not been issued, so companies must apply the section's own terms directly for now. Sector regulators are also paying attention: the FSCA and Prudential Authority have shown clear interest in how financial institutions govern AI and model risk within existing operational-risk and outsourcing frameworks. For the wider governance picture, see our AI governance guide; for the POPIA fundamentals, POPIA for tech companies.
Sector notes: where the policy needs more teeth
Law firms and professional practices
Client privilege and confidentiality make the data-classification section non-negotiable: privileged material in a consumer AI tool is a breach the firm cannot un-ring. And SA courts have shown zero tolerance for fabricated AI citations in court papers, referring practitioners to the Legal Practice Council — so the citation-verification duty needs to be absolute, named, and enforced. A firm's policy should also cover counsel and correspondents working on its matters, not just its own staff.
Financial services
FSCA and Prudential Authority supervision means AI use lands inside existing operational-risk, outsourcing and conduct frameworks: model governance for anything feeding credit, advice or claims decisions, vendor due diligence on AI providers, and section 71 controls wherever automated processing touches customer outcomes. The policy should plug into the institution's risk-management framework rather than standing alone.
Healthcare
Patient confidentiality plus POPIA's stricter regime for health information — special personal information processed under narrower conditions — means clinical notes, records and identifiable patient data sit firmly in the never-in-a-prompt category outside properly contracted, compliant tools. Human review of anything AI-assisted that informs clinical or patient-facing decisions is the second hard rule.
Frequently asked
Is an AI policy legally required in South Africa?
No statute mandates one — South Africa has no dedicated AI legislation, and the Draft National AI Policy gazetted in April 2026 is policy, not binding law. But the duties an AI policy manages are already binding: POPIA applies the moment personal information enters a prompt, confidentiality and privilege duties apply to client material, and professional and negligence standards apply to AI-assisted output. A written policy is how a company shows it discharged those existing duties deliberately rather than by accident — which is why it is practically necessary even though it is not formally required.
Can employees be disciplined for breaching the AI policy?
Yes — once the policy has been properly communicated and employees have been trained on it, it forms part of the workplace rules like any other conduct policy, and breaches can be dealt with through the ordinary disciplinary process. The usual fairness principles apply: the rule must be clear and known, applied consistently, and the sanction proportionate to the breach. Pasting a client database into a consumer chatbot after explicit training sits very differently from a first-time slip on an ambiguous rule, and the policy should leave room for that distinction.
Can we just ban ChatGPT and similar tools entirely?
You can try, and some firms do for narrow categories of work — but blanket bans have a predictable failure mode: usage moves to personal phones and personal accounts where the company has no visibility, no enterprise data protections and no audit trail. Tiered enablement works better in practice: approved enterprise tools for real work, clear never-in-a-prompt data rules, and a fast approval route for new tools. People use AI because it makes them faster; a policy that acknowledges that and channels it is followed, while one that pretends otherwise is bypassed.
Who owns AI-generated work product?
Under the Copyright Act, the author of a computer-generated work is the person who undertook the arrangements necessary for its creation — in a workplace setting, that points at the employee or contractor driving the tool rather than the AI vendor. Where the person is an employee creating the work in the course of employment, section 21(1)(d) vests copyright in the employer. The gaps appear with contractors and agencies, where nothing vests automatically and a written, signed assignment is needed. The policy should state the company's ownership position and the contracts should back it up — see our guide on who owns AI-generated code.
Do we have to tell clients we use AI?
There is no general statutory duty to disclose AI use. The duty arises situationally: where a contract or mandate restricts AI use or requires disclosure, where professional rules or tender conditions demand it, or where the client is paying for personal expertise and would regard undisclosed AI drafting as material. The policy should set a default — typically: disclose where asked, where contractually required, and where AI did substantive work on a deliverable a client reasonably assumes was human-crafted — so individual staff are not improvising the judgement call.
What should we check in AI vendors' terms?
Three things first: whether your inputs are used to train the vendor's models (consumer tiers often default to yes; enterprise and API tiers typically offer opt-outs or exclude training by default), where the data is processed and stored for POPIA cross-border purposes, and whether the vendor will sign operator/data-processing terms where it processes personal information on your behalf. The policy's approved-tool tiers should be built on these answers — a tool only reaches the "approved for company data" tier on an enterprise account with training opt-out and acceptable data terms.
How often should the policy be reviewed?
Every six to twelve months as a baseline, plus on trigger events: a new class of tool entering use (autonomous agents are the current example), an AI incident, a material vendor-terms change, or a regulatory development — the Draft National AI Policy maturing into legislation, or the Information Regulator issuing the expected guidance on automated decision-making under section 71. The review cadence belongs in the policy itself so it actually happens.
What does AI policy drafting cost?
Fixed fee R8,500–R15,000 depending on company size, sector sensitivity (regulated sectors need sector-specific provisions) and how much tooling is already in use. The fee includes the policy document tailored to your actual tool stack and risk profile, the supporting contract clauses (employment and contractor IP provisions), and rollout guidance — a training outline and communication plan so the policy lands as enablement rather than a ban memo.