Bass, Berry & Sims attorneys Emily Burrows and Joelle Hupp authored an article for Cyber Defense Magazine providing insight on how organizations should establish their enterprise artificial intelligence (AI) acceptable use policies (AUP). The attorneys highlighted how AUPs do not have to address every specific scenario that could potentially occur but should provide personnel with accountable guidance that reinforces ethical and responsible AI practices, while still encouraging use and innovation through AI.
Emily and Joelle stressed the importance of appropriately scoping the AUP, ensuring policy cohesion, defining key terms, requiring written acknowledgements of the AUP, and establishing a periodic review cadence. The authors also outlined strategies for establishing permitted uses, restrictions and prohibitions. Emily and Joelle discussed security considerations and the importance of understanding how AI may interact with regulated data. Heavily regulated industries such as healthcare, financial, and education sectors present additional considerations for establishing AUPs.
The attorneys also emphasized the importance of proper training as data security events and leaks often stem from accidents or ignorance and managing how vendors and other third parties present additional areas of risk.
“Championing an AI AUP represents an opportunity to guide your organization’s AI adoption initiatives and goals,” said Emily and Joelle. “We all know that humans are human – a good AI AUP takes this into account to facilitate AI adoption to augment an organization’s business rather than expose it to ever-increasing risk.”
The full article, “Humans Can Be Dumb, but So Can AI: Establishing Enterprise AI Acceptable Use Policies,” was published in the November 2025 issue of Cyber Defense Magazine and is available online.