If your team is already using AI at work, then you already have an AI system inside your business. The only question is whether you are managing it or just hoping nothing goes wrong.
That is the real issue behind the numbers. A large share of Filipino AI users bring their own tools to work. At the same time, research shows that many employees share confidential company data with AI tools without approval. That means client data, internal documents, financial details, proposals, and emails may already be flowing into tools your company never approved in the first place.
And yet in many businesses, there is still no written rule for AI use.
You probably already have a policy for tardiness. You likely have rules for company vehicles, who can use them, where they can go, and what happens if there is damage. Nobody finds those policies strange or excessive. They are simply clear rules so people know what is allowed and what is not.
An AI policy should work the same way.
It does not need to be a 20-page legal document. For most Filipino SMEs, a one-page AI policy is enough to create clarity, reduce risk, and make AI more useful across the company. If you structure it well, you can finish it this week.
Why a one-page AI policy matters now
AI has quietly become one of the most powerful tools in the office. Employees use it to draft emails, generate proposals, summarize notes, write marketing content, and speed up daily tasks. That is the upside.
The downside is simple: when there are no rules, people make up their own.
One employee uses ChatGPT. Another uses Gemini. Someone else finds a random AI app online and pastes sensitive information into it because it looked helpful. Without a written policy, there is no common standard for approved tools, protected data, quality control, or accountability.
There is also a broader compliance reality to consider. The National Privacy Commission issued AI-specific guidelines in December 2024 under the Data Privacy Act. This is not legal advice, but the direction is clear. AI governance is becoming a baseline expectation for businesses in the Philippines.
So if your company still has no written AI rules, this is the time to fix that.
The 5 sections every one-page AI policy should include
The goal here is not complexity. The goal is clarity. Your team should be able to read the policy quickly and understand exactly how AI works in your company.
1. Which AI tools are approved
This is the first section because it solves the most immediate problem: employees choosing their own tools.
Your job as a business leader is to decide which AI tools are allowed and write them down by name. Keep it direct.
- ChatGPT: yes or no
- Gemini: yes or no
- Claude: yes or no
- Copilot: yes or no
If a tool is not on the list, it is not allowed.
This matters because not all AI tools handle data the same way. In many cases, free versions and paid versions have different data practices. Some free tools may use inputs to help train their models. That means company information could end up feeding a system used by others, including competitors.
A simple way to think about it is the coffee shop test: if you would not say the information out loud in a crowded coffee shop, do not paste it into an unapproved AI tool.
Do not over-explain this section. A short list of three to five approved tools is enough. Your team does not need a memo. They need a rule they can check in five seconds.
2. What should never go into any AI tool
Approving tools is only the first layer of protection. The second layer is even more important: clearly defining what data is off-limits.
This is your never-paste list. Even in approved tools, some information should never be entered into a prompt.
Your policy should spell out items like these:
- Client names and contact details
- Financial records and pricing
- Passwords and login credentials
- Employee personal information
- Confidential contracts
- Legal documents
The test is simple. If that information leaked, would it hurt your business or your client? If the answer is yes, it should never go into AI.
This section must stay simple enough to remember. If employees need to debate whether something counts as confidential every time they write a prompt, then the policy is too complicated to work in real life.
3. What AI output needs human review
One of the biggest mistakes companies make is treating polished AI output as accurate output. Those are not the same thing.
AI can produce writing that sounds professional and confident while still including errors, made-up facts, wrong names, or claims that are simply not true. That is how businesses end up sending bad proposals, inaccurate reports, misleading social posts, or flawed client emails.
Your one-page AI policy needs one clear standard:
Anything generated by AI that goes to a client or gets published must be reviewed by a human first.
That includes:
- Client emails
- Proposals
- Reports
- Marketing content
- Financial calculations
- Social media posts
A useful review framework here is V-E-T:
- Verify the facts
- Evaluate the logic
- Test with a second source
That gives your team a simple standard for checking AI output before it leaves the company. In practice, this one section alone can prevent many of the common AI mistakes businesses make.
4. Who owns the AI policy
Every policy needs an owner. If nobody owns it, nobody enforces it. And if nobody enforces it, it becomes a document that exists only in theory.
Assign one person to be responsible for the AI policy. This does not have to be the most technical person in the business. It should be someone with sound judgment and enough authority to make decisions.
That person should be able to answer questions like:
- Can we use this new AI tool?
- Is this type of task allowed?
- Does this use case involve restricted data?
- Are we following the policy consistently?
Think of it the same way you would think about a vehicle policy. Someone controls access. Someone approves the use. Someone is accountable if there is a problem.
The same logic applies to AI.
5. Save the prompts that work
This final section is what turns your one-page AI policy from a defensive tool into a growth tool.
Most teams use AI in isolation. One employee writes a good prompt, gets a strong result, uses it once, and then it disappears. Another employee later faces the same task and starts from zero.
That is a waste.
If someone creates a prompt that produces a strong client proposal, a solid marketing email, or a useful report, save it. Label it. Share it.
This is the idea behind a prompt vault. Your best AI instructions become company assets instead of disposable experiments.
When you include this in your AI policy, your team gets faster over time. Good work becomes repeatable. New employees do not have to guess. Experienced employees do not have to reinvent the wheel every day.
The first four sections protect your business. This fifth section helps your business compound what it learns.
What a simple AI policy actually gives you
A good one-page AI policy gives your team five things:
- Clear approved tools
- Clear off-limits data
- Clear review rules for AI output
- Clear ownership and accountability
- Clear systems for saving what works
That means less guessing, fewer mistakes, and better consistency across the company. It also means that every employee, whether new or experienced, understands how AI should be used from day one.
The businesses that benefit most from AI will not just be the ones using it. They will be the ones using it with structure.
How to finish your one-page AI policy this week
You do not need a task force. You do not need a lengthy workshop. You need 30 focused minutes.
Open a simple document, spreadsheet, or even a blank sheet of paper and fill in these five sections:
- Approved AI tools
- Data that must never be pasted into AI
- Outputs that require human review
- The person responsible for the policy
- The rule for saving high-performing prompts
Then share it with your team. Print it if needed. Discuss it during your next Monday meeting. Make it visible. Make it real.
One page is often all that separates a business using AI carelessly from a business using AI intentionally.
FAQs:
Does an SME really need an AI policy?
Yes. If your employees are already using AI for emails, proposals, research, or content, then your business already has AI risk. A simple written policy helps protect confidential data, reduce mistakes, and create consistent rules across the team.
How long should a one-page AI policy be?
For many Filipino SMEs, one page is enough. The goal is not to create a complicated legal document. The goal is to create clear, practical rules that people will actually follow.
What is the most important part of an AI policy?
Start with approved tools and restricted data. If your team does not know which tools are allowed or what information should never be pasted into AI, the company is exposed from the beginning.
Should all AI-generated content be reviewed by a human?
Anything that will be sent to a client or published externally should be reviewed by a human first. AI can sound correct while still containing errors, hallucinations, or misleading claims.
Who should own the AI policy in a company?
Assign one person with good judgment and enough authority to approve tools, answer questions, and enforce the rules. This does not have to be a technical specialist, but it should be someone who can make decisions and be accountable.
What is a prompt vault?
A prompt vault is a shared collection of prompts that have already produced strong results for the team. Instead of starting from scratch every time, employees can reuse and improve prompts that work, turning AI usage into a repeatable company asset.
You already have policies for the routine parts of running a business. AI is no longer a side issue. It is now one of the most powerful tools your team touches every week.
So treat it that way. Build the one-page AI policy. Keep it simple. Keep it clear. Start this week.
