Employee AI Onboarding Plan Template (For Small Teams)

Why AI Onboarding Is Different from IT Security Training

Standard IT onboarding covers passwords, phishing, and acceptable use for email and files. It was written before AI tools became a daily part of work.

At a glance: A structured onboarding plan for new employees covering AI policy acknowledgment, approved tool list, data handling rules, how to request new tools, and who to contact for an incident. Completes in the first week.

AI tools create a different risk profile: an employee can paste an entire customer database into a free-tier chatbot within minutes of starting a job, with no technical barrier and no system-level alert. The data leaves through the front door, not a breach.

AI onboarding fills the gap between "we have a policy" and "new employees actually know what it says before they start using AI."

The Onboarding Checklist

This is the minimum to complete before a new hire uses any AI tool for work.

Before Day 1 (HR / Manager)

• Add AI policy link to the onboarding welcome email
• Assign the new hire's department Tool Owner as their AI contact (see AI governance roles)
• Create accounts only for approved AI tools — do not let new hires self-provision on day one

Day 1 — 15-Minute AI Briefing

Deliver verbally (or by video call for remote hires). Cover these five points:

1. Here are the approved AI tools. Hand them the approved tool list (from your AI tool register). Name each tool and its approved use cases for this role.

2. Here is what must never go into an AI tool. Go through the data do-not-enter list explicitly: customer PII, credentials, confidential IP, financial records, legal documents. Name the categories. Give an example.

3. Here is what to do if you are unsure. If they are ever unsure whether something is safe to enter into an AI tool — ask [AI Governance Lead name] before entering it. No penalty for asking.

4. Here is how to report a mistake. If they accidentally enter something they should not have, they should report it immediately. Early reports allow for response. Delayed reports make things worse. No punishment for honest mistakes reported promptly.

5. Here is where the full policy lives. Link to the AI acceptable use policy. Tell them to read it this week.

Within Week 1

• Employee reads the AI acceptable use policy
• Employee signs policy acknowledgment (template below)
• Manager confirms employee can articulate the do-not-enter list

Policy Acknowledgment Template

Copy this into your onboarding documentation system. Collect a response (email confirmation or signed form) before week 1 ends.

AI Acceptable Use Policy — Acknowledgment

I confirm that I have read the [Company Name] AI Acceptable Use Policy (version dated [DATE]) and understand:

• The AI tools approved for use in my role
• The categories of data that must not be entered into AI tools
• How to report an AI-related incident or concern
• Who to contact if I have questions about AI tool use

I agree to comply with the policy and to ask before using any AI tool not listed in the approved tool register.

Name: ___________________ Role: ___________________ Date: ___________________ Manager: ___________________

Role-Specific Briefing Notes

Adjust the 15-minute briefing based on the hire's role. The risks differ significantly.

Engineers and developers

• Do not paste production code, credentials, or customer data into public AI tools
• Use only approved coding assistants (specify which)
• AI-generated code requires the same review as human-written code — it does not skip code review
• Check your IDE and editor for AI features that may be enabled by default

Sales and customer success

• Customer names, emails, and deal information are confidential — check the tool's data policy before entering
• Summarizing call notes is a common use case; confirm whether your meeting tool's AI feature is on the approved list
• AI-drafted outreach must be reviewed before sending — you are responsible for what goes out under your name

Finance and legal

• Restricted data category: financial records and legal documents must not enter unapproved AI tools
• If a tool requires a DPA or enterprise contract for these use cases, that must be in place first
• Flag any vendor that offers AI analysis of contracts or financials to the AI Governance Lead for review before use

Marketing and content

• AI-generated content must be reviewed for accuracy before publishing — AI tools hallucinate facts
• Customer testimonials and case study details are confidential; do not paste into public AI tools
• Images generated by AI may have IP implications — check your company's guidance on AI-generated assets

Refresher and Ongoing Training

Onboarding is a start, not a finish. Plan for:

• Annual policy re-acknowledgment — especially if the policy has changed
• Briefing when new approved tools are added — a short team update, not a full session
• Prompt review after any AI incident — share what happened (anonymized) and what the policy says
• Q&A in team meetings — normalize "is it okay to use AI for X?" as a question with a real answer

The teams that govern AI well are the ones where employees feel comfortable asking before acting — not where they guess and hope for the best.

Related Resources

• AI Acceptable Use Policy Template — the policy to hand to new hires
• AI Tool Register Template — the approved tool list to share
• AI Governance Roles and Responsibilities — who to contact for questions
• AI Incident Response Playbook — what to do when something goes wrong

References

1. National Institute of Standards and Technology — AI Risk Management Framework (AI RMF 1.0)
2. European Parliament and Council — EU AI Act
3. OECD — OECD AI Principles