Most organizations have employees review AI policies at the time of hire and maybe again during annual training. The problem is that people forget. By the time someone is actually sitting in front of an AI tool six months later, they're unlikely to remember what the policy said - or even that they signed one.
Nudge Security's AI Acceptable Use Policy (AUP) playbook solves this by delivering your policy at the moment it matters: when an employee is actually accessing an AI tool. If they haven't already reviewed and accepted the policy in Nudge Security, they see it right then - not buried in an onboarding packet they reviewed months ago.
Prerequisites: Complete the Start Here setup guides first, especially Deploy the browser extension (for in-browser policy delivery).
Getting started
Go to Playbooks > Enforce AI acceptable use to open the playbook.
Step 1: Specify your policy
The playbook includes a policy editor where you can write your AI use policy from scratch, paste one you've already drafted, or link to your policy externally. This is the content employees will see when they're asked to acknowledge the policy.
If you don't have a policy yet, start with the basics: which AI tools are approved, what types of data employees should not share with AI tools (customer data, source code, financial records, etc.), and who to contact with questions. Even a short, clear policy is better than a long one nobody reads. Optionally, you can use our boilerplate policy available by default.
If you have a multi-page AUP keep the nudge lightweight - link to the full policy instead of embedding it.
In practice, pasting your entire AI policy into the nudge can work against the goal of getting people to actually read it. A wall of text inside a nudge tends to get scrolled past, not reviewed.
A better approach: host the full policy in your system of record (SharePoint, Google Drive, Confluence, or wherever you manage policy documents) and keep the nudge short.
Use the nudge to summarize the key points, link directly to the canonical policy document, and ask the user to confirm they've reviewed it. This way the nudge serves as the acknowledgment step, while the policy people are actually reviewing is the authoritative, version-controlled document. When the policy is updated, you update it in one place - and the nudge link always points to the current version.
Step 2: Deliver the policy to existing AI users
By the time you set up the AUP playbook, Nudge Security has already identified everyone in your organization who has an AI account. Your first move is to create a baseline and get the policy in front of those people - they're already using AI tools and may never have seen a formal policy for how to use them.
From the playbook, send a manual nudge to all existing AI users. This delivers the policy via email, Slack, or Microsoft Teams (depending on your nudge settings) and asks each person to review and acknowledge it.
You can track who has accepted and who hasn't in the AI dashboard and the Users table.
This is your baseline. Once existing users are covered, the next step is to set up ongoing delivery so that future AI users - and anyone who hasn't accepted yet - are nudged automatically.
Step 3: Configure ongoing delivery
You have multiple ways to get the policy in front of future AI users and people who haven't accepted yet, and they work well together.
Browser nudge (requires browser extension)
This is the most effective delivery channel. When an employee visits the login or signup page of an AI tool and hasn't yet accepted your policy in Nudge Security, the browser extension presents the policy and asks them to acknowledge it before continuing.
This means the policy reaches people at the exact moment they're about to use an AI tool - when the guidance is most relevant and most likely to stick. An employee reading "don't paste customer data into AI prompts" while they're literally about to access ChatGPT is very different from reading it in a training slide deck six months earlier.
The AUP browser nudge will not show for AI tools marked as โnot permitted.โ
Configure this browser nudge under Settings > Browser extension.
Automatic nudge on new AI signups
When Nudge Security detects that someone has created an account for an AI tool, a rule can automatically send them the policy via email, Slack, or Microsoft Teams.
This covers people who don't have the browser extension installed or who ignored the AUP browser nudge.
You can also set this up as a standalone rule - see Nudge AI users to review and accept your acceptable use policy for the rule-based setup.
Using both channels together
The browser nudge covers people at the point of access - the moment they're registering for or logging into an AI tool. The signup nudge catches people the browser misses (no extension installed, signup happened outside the browser). Together, they give you the broadest coverage with no manual effort.
Step 4: Re-deliver after policy updates
When your AI policy changes - new restrictions, updated data handling guidance, additional approved tools - you need people to review the updated version, not coast on an acknowledgment they gave months ago.
Manual nudge to all AI users after updating your policy
From the playbook, you can send a manual nudge to everyone who has an AI account, asking them to review and accept the updated policy. This is useful for significant policy changes where you want immediate, broad coverage - a new restriction on sharing customer data, a change to which tools are approved, or a shift in your data handling requirements.
Automatic re-delivery through the browser
After you update the policy in the playbook, the browser nudge will present the new version to employees the next time they access an AI tool - since their previous acknowledgment no longer applies to the current policy. This catches people organically as they use AI tools, without requiring a mass communication or an all-hands email.
For major policy changes, you'll probably want to do both: send the manual nudge for immediate coverage, and let the browser nudge pick up anyone who missed it.
Step 5: Track acknowledgment
Once the policy is live, you can track who has acknowledged it and who hasn't in several places:
AI dashboard (Dashboards > AI > Apps) - shows policy acceptance rates across your AI user base. This is your high-level view of how broadly the policy has been acknowledged.
The Enforce AI acceptable use playbook also gives you a similar high-level view.
Users table (Identities > Users) - filter or sort by AUP acknowledgment status to find people who haven't responded. This is where you go to identify specific non-responders.
User detail pages - each user's profile shows whether they've acknowledged the policy and when. This is useful for individual follow-up or for checking a specific person's status.
Following up with non-responders
A pattern of non-acknowledgment on a specific AI tool might mean employees don't realize the policy applies to it, or that they're not seeing the nudge. If you're seeing low response rates:
Check whether the browser extension is deployed to those users - the browser nudge provides a consistent follow-up nudge
Consider adding Slack or Teams as a nudge delivery channel if you're currently only using email - messages in work chat tend to get faster responses
For persistent non-responders, follow up directly or loop in their manager
Key features
Feature | Where to find it | What it does |
AI AUP playbook | Playbooks > Enforce AI acceptable use | Create, edit, and manage your AI use policy. Send manual nudges to all AI users after updates. |
AUP browser nudge | Settings > Browser Extension | Delivers your policy in the browser when employees access AI tools, if they haven't acknowledged the current version. |
Nudge settings | Settings > Nudges | Configure whether nudges are delivered via email, Slack, or Microsoft Teams. |
AI dashboard | Dashboards > AI > Apps | Policy acceptance rates and AI adoption metrics. |
Users table | Identities > Users | Filter by AUP acknowledgment status to find non-responders. |
Review AUP rule | Automations > Rules | Create a rule to automatically nudge users when they create a new AI account. |