This article covers two rules.
The first is the primary rule - it's created automatically when you enable the nudge toggle in the AUP playbook, and it sends the policy to AI users who haven't received it yet.
The second is a supplementary rule you can create yourself to follow up with users who sign up for additional AI tools and previously received the policy but haven't responded.
For setting up the policy itself, see Set up your AI acceptable use policy.
When to use these rules
Your organization has an AI acceptable use policy and you want to make sure every AI tool user has seen it
You want the policy delivered automatically at the point of signup rather than relying on annual training or manual outreach
You want to follow up with users who received the policy but haven't acknowledged it
You need a record of who has acknowledged the policy for compliance or audit purposes
Rule 1: Send the policy to AI users who sign up for an AI tool and haven't received it yet
This is the primary AUP delivery rule. When you enable the nudge toggle in the AI Acceptable Use Policy playbook (Playbooks > Enforce AI acceptable use), this rule is created automatically. It targets anyone who creates an account on an AI tool and hasn't been sent the policy yet - covering new signups as they happen.
You don't need to build this rule manually - the playbook toggle creates it for you. But if you want to understand or customize what it does, here's how it works:
Rule type: Account
Conditions:
Account Category is AI Tools
Acceptable Use Policy Accepted? is Not received yet
Action:
Nudge: Request Generative AI policy review (new)
The nudge action also includes two optional fields: Additional custom text (if you want to add context beyond the policy itself) and Policy Version Id (which ties the nudge to a specific version of your policy, so Nudge Security knows which version the user acknowledged). If the Policy Version Id is empty we will send the latest version of the AUP.
Rule 2: Follow up with AI users who haven't responded
This is an optional supplementary rule you create yourself. It targets users who have already received the policy but haven't acknowledged it (the "Awaiting response" state) and who continue signing up for additional AI tools.
Rule type: Account
How to set it up
Go to Automations β Rules in the left nav
Click Create New Rule
Select the Account tile
Click Add Condition and select Account Category, then choose AI Tools
Click Add Condition again and select Acceptable Use Policy Accepted?, then choose Awaiting response
Add your actions:
Click Add Action β Nudge
Select Request Generative AI policy review (new)
The user receives a follow-up nudge reminding them to review and accept the policy. Because this fires when they create a new AI account while already in "Awaiting response" status, the timing reinforces the message - they're actively adopting more AI tools without having acknowledged the policy.
Once you're all set, click the Save rule button.
How these rules work together
Rule 1 is your primary delivery mechanism - it's created by the playbook and ensures every AI user receives the policy.
Rule 2 is an optional follow-up that you create separately to catch people who are still signing up for AI tools without having accepted the policy they already received.
Together with the AUP playbook's browser nudge (which delivers the policy in the browser when someone visits an AI tool), these give you three layers of coverage:
Delivery method | Who it reaches | When it triggers |
Rule 1 - created by the playbook | AI users who haven't received the policy | On the first new AI account creation |
Rule 2 - created by you (optional) | AI users who received the policy but haven't responded, and who sign up for another AI tool | On subsequent new AI account creation when the user is already in "Awaiting response" status |
Browser nudge (AUP playbook) | Anyone visiting an AI tool's login/signup page who hasn't accepted the current policy | At the point of access, in the browser |
Considerations
Rule 1 is created by the playbook - you don't need to build it manually. When you enable the nudge toggle in the AUP playbook, this rule is created for you. You can view and customize it in Automations β Rules if needed.
Rule 2 is optional and created by you. The playbook doesn't create a follow-up rule automatically. Create Rule 2 if you want to nudge people who keep signing up for AI tools without having accepted the policy they already received.
Rule 1 catches existing users, not just new signups. Because the condition is "Not received yet" rather than just "new account," it also picks up anyone who already has an AI account but hasn't been sent the policy. This makes it useful for initial rollout - not just ongoing governance if you don't manually nudge existing AI users through the AUP playbook.
Acceptance is a record, not enforcement. The user's acknowledgment is logged, but the nudge doesn't block them from using the tool. If a user declines or doesn't respond after the follow-up, that's your signal to escalate - reach out directly or loop in their manager.
The three AUP acceptance states. The "Acceptable Use Policy Accepted?" condition has three values:
Not received yet - the user has never been sent the policy
Awaiting response - the policy was sent but the user hasn't acknowledged it
Accepted - the user has reviewed and acknowledged the policy.
Rule 1 targets "Not received yet" and Rule 2 targets "Awaiting response."
Tips
Pair these with the AUP browser nudge for the most comprehensive coverage - the browser covers people at the point of access, while these rules cover everyone else via email, Slack, or Teams after they've signed up for an AI app
Pair with the intervene on unapproved apps rules for a complete AI governance setup - these rules handle policy acknowledgment for approved tools, while that rule handles unapproved ones
If you're seeing a lot of "Awaiting response" users, consider adding Slack or Teams as a nudge delivery channel - messages in work chat tend to get faster responses than email. Configure this under Settings β Nudges
Review acceptation rates in the AI dashboard (Dashboards > AI > Apps) and the Users table (Identities > Users) to track progress and identify non-responders
Notify your team of nudge responses if you'd like to surface anytime a member of your workforce accepts the AUP through a nudge response