Resources · 11 June 2026

An AI acceptable use policy for UK training providers

If you run a training or apprenticeship business, your team is almost certainly using AI already. Tutors draft learner feedback with it, curriculum staff build materials, and the office uses it to answer routine queries. That is sensible. The problem is what happens when there is no policy: learner data ends up in tools nobody approved, and at your next audit you have nothing to point to when asked how you control any of it.

An AI acceptable use policy fixes that. It is not about banning AI. It is about letting people use it with clear lines they understand.

Why training providers are a special case

Two things make your sector different from a generic small business.

First, you hold a lot of sensitive learner data: names, assessment records, support needs, sometimes safeguarding information. That is exactly the kind of data that should never be pasted into a free, consumer-grade AI tool.

Second, you operate in a world of audit and quality review. Funding bodies, awarding organisations and inspectors expect to see that you manage data and risk deliberately. “We told staff to be careful” is not a control. A short written policy, an approved-tools list and a record of who has been briefed is.

What the policy should cover

A useful policy for a training provider does not need to be long. It needs to be clear on a handful of points:

• What data may go into AI tools. Public and general material, yes. Learner personal data and assessment records, only in approved tools, and never in free consumer accounts.
• Which tools are approved, and for what. A simple matrix naming the tools your team may use, with the highest data sensitivity each one is cleared for.
• Human review. Anything AI helps produce, from learner feedback to marketing, is checked by a person before it is used. The member of staff is accountable for the output, not the tool.
• Assessment integrity. Where and how AI may be used in producing or marking learner work. Pasting learner portfolios into AI to check them, or letting staff grade with AI, can breach the rules of Awarding Organisations such as City & Guilds, Pearson or NCFE, and put your approved-centre status at risk. The policy is your safeguard.
• Reporting. A simple route for staff to flag when something has gone wrong, handled supportively rather than punitively.

A note on the EU AI Act

If you deliver to any learners in the EU, the EU AI Act’s AI-literacy duty may apply to you. In short, it expects the people using AI on your behalf to have a reasonable level of understanding of what they are doing. A policy plus a short staff briefing, recorded in a simple tracker, is a practical way to show you take that seriously. We cover this in more detail in EU AI Act Article 4 for UK training providers.

Common mistakes

• Writing a policy and stopping there. A policy nobody has read does little. Pair it with a one-page staff guide and a quick briefing.
• Banning AI outright. Staff will use it anyway, just invisibly. You lose the control you were trying to gain.
• Copying a US template. Generic templates miss UK GDPR, the ICO’s expectations and the EU AI Act detail that actually matters here.

How to put one in place this week

You do not need a consultant or a long project. A workable baseline takes about an afternoon:

1. Adopt a clear acceptable use policy and fill in your details.
2. List the AI tools your team actually uses, and set each one a data ceiling.
3. Brief staff with a one-page guide, and record who has been briefed.

That is a defensible position you can show an auditor, and a safer day-to-day for your team.

If you would rather start from a ready-made set of documents written for this sector, our AI Safe-Use Pack for training providers includes the policy, the approved-tools matrix, a risk register, a staff guide and a literacy tracker, all editable and shaped for how providers work. There is also a general edition if you prefer the sector-neutral version.

This article is general information, not legal advice. Adapt any policy to your own circumstances and take professional advice where it matters.