Firm AI Acceptable-Use Policy, TEMPLATE
How to use this template. This is a starting point for an AI policy your firm can adopt, not a finished legal document. Replace every
[BRACKET], delete what doesn't apply, and have it reviewed by your own counsel and matched to your firm's WISP before adopting. The substance is built on, and cross-referenced to, Regulatory Foundation. This is not legal advice.
[FIRM NAME], Artificial Intelligence Acceptable-Use Policy
Effective date: [DATE] · Owner: [NAME / TITLE, e.g., Qualified Individual under the WISP] ·
Version: [1.0]
1. Purpose & scope
This policy governs how [FIRM NAME] personnel may use artificial-intelligence tools (including
generative AI such as Claude, ChatGPT, Gemini, Copilot, and any tax-research or workflow AI) in
firm work. It exists to let us capture AI's benefits while meeting our legal and professional
obligations, IRC §7216/§6713, the FTC Safeguards Rule and our WISP, the AICPA Code (including
the Confidentiality Rule) and SSTS, Circular 230, applicable SSARS/GAAS, and our state board's
rules. It applies to all partners, employees, and contractors, on any device or account used
for firm work.
Guiding principle: AI drafts, organizes, and accelerates. A licensed professional reviews, decides, and signs. The license and the signature are ours, not the AI's.
2. Key definitions
-
Tax Return Information (TRI), information furnished to us for return preparation, plus anything we derive or generate from it. (Broad, includes source docs, workpapers, and outputs.)
-
Confidential Client Information, any non-public client information, whether or not it is TRI.
- PII, names, SSNs, EINs, account numbers, addresses, and other identifying detail.
- Approved AI Tool, a tool the firm has vetted and authorized per Section 4.
- Public/Personal AI, any consumer, free, or personal-account AI tool not under a firm-level agreement.
3. The core rule
Client TRI or Confidential Client Information may be entered into AI only through a firm-Approved AI Tool, used solely to prepare/assist the client's engagement or for permitted auxiliary services. Public or personal AI accounts may never be used with client-identifiable or return-derived information. Any use outside these limits requires §7216 review and, where applicable, valid written client consent and/or a confidentiality agreement with the vendor.
When in doubt, anonymize the information (remove identifiers; use "the client," "$X," "[STATE]") or don't use the tool.
4. Tool tiers, what's approved, restricted, and prohibited
| Tier | Examples | Allowed with client data? |
|---|---|---|
| Approved | [List firm-approved enterprise/business tools, e.g., Claude Team, firm ChatGPT Enterprise, [tax-research AI]] |
Yes, only for the uses in Section 5 and only after the Section 6 diligence is met |
| Restricted | Enterprise tools not yet vetted; new features/endpoints of an approved tool | No until reviewed and added to "Approved" by [OWNER] |
| Prohibited | Personal/free ChatGPT, Claude, Gemini, Copilot; any public AI; browser plug-ins/connectors that send data to unvetted providers | Never with client-identifiable or return-derived information |
Remember (per the Foundation doc): "enterprise" is not a magic word. Sending TRI to any third-party tool is still a disclosure under §7216, approval makes it defensible, by confirming the tool fits a permitted-use lane and is contractually controlled.
5. Permitted vs. prohibited uses
Generally permitted on an Approved Tool (low-level support to prepare this client's work):
- OCR / data extraction from source documents
- Summarizing, classifying, or organizing client-provided information
- Drafting workpapers, checklists, or client communications for our review
- Formatting, spreadsheet help, and document cleanup
Requires §7216 consent and/or is prohibited (outside the prep/auxiliary lane):
- Putting client info into public/personal AI
- Any tool/vendor that may train on, reuse, or share our inputs
-
Offshore access to TRI (including foreign remote access to U.S.-stored data), special SSN limits apply; do not send SSNs offshore
-
A tool making substantive tax determinations (interpreting/applying law to set the client's liability), a person reviews and owns every such conclusion
-
Any non-preparation use (e.g., marketing analytics) on client-identifiable data
No client data at all is fine anywhere: generic tax research, non-client proofreading, and generic template/workflow drafting don't implicate §7216 because no TRI is used or disclosed.
6. Vendor approval, minimum diligence before a tool handles client data
[OWNER] must obtain written confirmation of all of the following before adding a tool to
"Approved" (mirrors the 10-point standard in the Foundation doc and the FTC Safeguards Rule
§314.4(f) service-provider duty):
- No training / model improvement on our prompts, files, outputs, embeddings, or feedback.
- Zero or minimal retention for the specific endpoints/features we use (not a marketing line).
-
No persistent application state unless necessary and approved (files, threads, assistants, vector stores, batch jobs, custom-GPT knowledge, project memory).
-
U.S.-only processing and access (absent valid §7216 consent for offshore).
- No third-party/downstream tool calls with client data unless each is separately vetted.
- Confidentiality and subprocessor terms appropriate for TRI (a DPA/BAA-equivalent).
- Vendor human-access restrictions.
- §7216/§6713 contractor-notice mechanics where vendor access to TRI is possible.
- Use limitation, vendor uses our data only to provide the service to the firm.
- Security controls consistent with our WISP (encryption in transit/at rest, access control, incident notification).
Approved tools and their approval basis are logged in [WISP / tool register location] and
reassessed at least annually.
7. Consent & confidentiality
-
IRC §7216: Where a use/disclosure falls outside a §301.7216-2 exception, obtain a compliant written consent (see the §7216 consent template) before the data is used/disclosed.
-
AICPA Confidentiality Rule (ET §1.700.001): Independently, before Confidential Client Information reaches a third-party AI vendor, the firm must have client consent or a confidentiality agreement/DPA with that vendor. (This applies even if a §7216 exception means no tax-consent form is required.)
-
State law:
[If GA: Rule 20-12-.11 imposes an independent confidentiality duty; Rule 20-12-.19 incorporates AICPA standards into licensure.][Adjust for your state.] -
Good practice: consider disclosing our general use of AI to clients in the engagement letter.
8. You are the reviewer of record
No AI output goes to a client, a taxing authority, or a workpaper/attest file without competent human review. Specifically:
-
Verify every authority. Treat any Code section, regulation, case, ruling, or figure from general AI as unverified until checked against primary source. AI is not a source of law.
-
Own the judgment. Under SSTS §1.4 you remain fully responsible for the work product whether or not you used AI.
[Attest work: under AU-C 500, AI output is audit evidence to be evaluated, same reliability, documentation, and skepticism duties.]
9. Incident response
If client information may have been exposed through an AI tool (wrong tool used, data pasted into
public AI, suspected vendor breach), report it to [OWNER] immediately. The firm will follow
its WISP incident-response procedures, including breach assessment and any client/authority
notification.
10. Acknowledgment
I have read and agree to comply with this AI Acceptable-Use Policy.
Name: __________________________ Signature: __________________________ Date: ____________
Template maintained with the AI Lab for Accountants library. Built on Regulatory Foundation and Guardrails. Customize and obtain legal review before adopting. Not legal advice.