Docaro

AI Generated Acceptable Use Policy for use in the United Kingdom
PDF & Word - 2026 Updated

Generate a comprehensive AI-generated IT acceptable use policy tailored for UK businesses to ensure secure and compliant computer usage among employees.
Free instant document creation.
Tailored to United Kingdom law.
No sign up or monthly subscription.
Example of a Acceptable Use Policy for use in the United Kingdom</b> generated by our AI model.
Example Acceptable Use Policy Produced by Docaro

Docaro Pricing

Basic
Free
Document Generation
No Sign Up
No Subscription
Download Watermarked PDF
Premium
$4.99 USD
Document Generation
No Sign Up
No Subscription
Download Clean PDF
Download Microsoft Word
Download HTML
Download Text
Email Document
Generate your document for free. Only pay if you like the result and need an un-watermarked version.

When do you need an Acceptable Use Policy in the United Kingdom?

Protecting Company Assets
You need this policy when employees use company IT resources like computers and internet, to safeguard data and equipment from misuse.
Guiding Employee Behaviour
It sets clear rules on how staff should use technology, helping prevent inappropriate actions that could harm the business.
Reducing Legal Risks
A well-drafted policy outlines expectations and consequences, protecting your company from potential disputes or violations of UK laws.
Ensuring Data Security
It's essential for any organisation handling sensitive information, as it promotes safe practices to avoid data breaches.
Supporting Remote Work
With more people working from home, this policy is crucial to maintain standards when using personal or company devices outside the office.
Meeting Compliance Needs
UK regulations often require clear IT guidelines, and a strong policy helps demonstrate your commitment to responsible practices.

British Legal Rules for an Acceptable Use Policy

Data Protection
Your policy must ensure personal data is handled securely and complies with UK data protection laws like the Data Protection Act 2018.
Equality and Non-Discrimination
The policy should promote fair treatment and avoid any rules that discriminate based on protected characteristics such as age, gender, or race under the Equality Act 2010.
Privacy Rights
Employees have rights to privacy, so the policy must balance monitoring needs with respecting personal boundaries.
Health and Safety
Rules should support a safe working environment, including guidance on using IT to avoid physical or mental health risks.
Intellectual Property
The policy needs to protect company information and respect copyrights and trademarks when using digital resources.
Cybersecurity Basics
It must encourage practices that safeguard against cyber threats, aligning with UK standards for information security.
Clear Communication
The policy should be written in simple language and clearly explain rules, consequences, and employee responsibilities.
Important

Using an inappropriate structure for an IT acceptable use policy may fail to adequately protect the organization from data breaches or employee misuse of technology.

What a Proper Acceptable Use Policy Should Include

  • Purpose and Scope
    Clearly state the policy's goal to ensure safe and responsible IT use, and specify who it applies to in your organisation.
  • Permitted and Prohibited Activities
    List allowed uses of IT resources and ban harmful actions like accessing illegal content or sharing company data without permission.
  • Data Protection Rules
    Explain how to handle personal and sensitive information to comply with UK privacy laws and prevent unauthorised access.
  • Security Responsibilities
    Outline steps employees must take, such as using strong passwords and reporting suspicious activity, to protect against cyber threats.
  • Email and Internet Usage
    Set guidelines for professional communication and browsing to avoid distractions and risks like phishing or inappropriate content.
  • Software and Device Policies
    Define rules for installing software, using personal devices, and maintaining equipment to ensure compatibility and security.
  • Monitoring and Enforcement
    Describe how the company may monitor IT use and the consequences for breaking the rules, including disciplinary actions.
  • Reporting Incidents
    Instruct staff on how to report IT misuse or security issues promptly to allow quick resolution.

Generate Your Document in 4 Easy Steps

1
Answer a Few Questions
Our AI guides you through the info required.
2
Generate Your Document
Docaro builds a bespoke document tailored specifically on your requirements.
3
Review & Edit
Review your document and submit any further requested changes.
4
Download & Sign
Download your ready to sign document as a PDF, Microsoft Word, Txt or HTML.

Why Use Docaro?

Fast Generation
Quickly generate a comprehensive Acceptable Use Policy, eliminating the hassle and time associated with traditional document drafting.
Guided Process
Our user-friendly platform guides you step by step through each section of the document, providing context and guidance to ensure you provide all the necessary information for a complete and accurate Acceptable Use Policy.
Safer Than Legal Templates
We never use legal templates. All documents are generated from first principles clause by clause, ensuring that your document is bespoke and tailored specifically to the information you provide. This results in a much safer and more accurate document than any legal template could provide.
Professionally Formatted
Your Acceptable Use Policy will be formatted to professional standards, including headings, clause numbers and structured layout. No further editing is required. Download your document in PDF, Microsoft Word, TXT or HTML.
Tailored to British Law
Our AI model considers the latest legal standards and regulations of the United Kingdom during the drafting process.
Cost-Effective
Generate and download a watermarked version of your document for free. Pay only if you want to remove the watermark and gain full access to your document. No monthly subscriptions or hidden fees. Pay once and use your document forever.
No Sign Up or Monthly Subscription Required
No payment or sign up is required to start generating your Acceptable Use Policy.
Need to Generate a Acceptable Use Policy in a Different Country?
Choose country:

Free Example Acceptable Use Policy Template

Below is a free template example of a Acceptable Use Policy for use in the United Kingdom generated by our AI model.

The clauses in your actual Acceptable Use Policy will vary from this example as they will be entirely bespoke to your requirements as set out in the questionnaire you complete.

Acceptable Use Policy

1
EMPLOYEE RIGHTS AND CONSENT

1.1

The Company shall obtain explicit consent from employees for any monitoring activities in accordance with the Data Protection Act 2018 and UK GDPR Article 6 and Article 9 where applicable. Such consent must be freely given specific informed and unambiguous.

1.2

Employees have the right to access their own personal data processed by the Company under this Policy in accordance with UK GDPR Article 15 and the Data Protection Act 2018. Requests for access shall be responded to within one month without undue delay.

1.3

Employees have the right to object to the processing of their personal data for monitoring purposes under UK GDPR Article 21. The Company shall cease such processing unless it can demonstrate compelling legitimate grounds that override the employee\’s interests rights and freedoms.

1.4

The Company shall conduct Privacy Impact Assessments (Data Protection Impact Assessments under UK GDPR Article 35) for any high-risk monitoring activities prior to implementation. These assessments shall be documented and reviewed regularly.

1.5

The Company shall fulfil its transparency obligations by providing clear information to employees about the nature purposes and extent of monitoring via this Policy privacy notices and other appropriate communications in line with UK GDPR Article 12 and 13 and ICO guidance.

1.6

This Policy forms part of the employment contract. Any monitoring or data processing shall be conducted in accordance with the Employment Rights Act 1996 and relevant employment contracts. Employees\’ rights under this section do not affect their contractual rights and remedies.

2
INCIDENT RESPONSE AND DATA BREACHES

2.1

All Users must report any suspected personal data breach or security incident to the Data Protection Officer or designated incident response lead without undue delay and in any event within 24 hours of becoming aware of the incident.

2.2

Upon notification the Company shall take immediate steps to contain the breach including isolating affected systems and preserving evidence. Recovery procedures shall follow the Company\’s Incident Response Plan to restore normal operations securely.

2.3

The Company shall notify the Information Commissioner\’s Office (ICO) of any personal data breach without undue delay and where feasible not later than 72 hours after becoming aware of it in accordance with UK GDPR Article 33 and the Data Protection Act 2018. Affected individuals shall be notified where the breach is likely to result in a high risk to their rights and freedoms in line with UK GDPR Article 34.

2.4

Following any incident the Company shall conduct a post-incident review to identify root causes evaluate the effectiveness of the response and implement any necessary improvements to prevent recurrence.

2.5

This section integrates with and forms part of the Company\’s broader Incident Response Plan which shall be tested annually and updated as required to ensure alignment with this Acceptable Use Policy.

2.6

All activities under this section shall comply with the Computer Misuse Act 1990 (as amended) and the Data Protection Act 2018. Unauthorised access modification or interference with computer systems may constitute criminal offences under these laws.

3
PROHIBITED USES

3.1

Users shall not engage in any Prohibited Activities including any actions that violate UK laws such as downloading copyrighted material without permission sending threatening emails or using company IT systems for gambling.

3.2

Users shall not access illegal content using Company Resources.

3.3

Users shall not engage in harassment using Company Resources.

3.4

Users shall not install unauthorised software on Company Resources.

3.5

Users shall not engage in excessive personal use of Company Resources.

3.6

Users shall not use Company Resources for any activity that could constitute discrimination harassment or victimisation under the Equality Act 2010 including but not limited to creating or distributing content that discriminates on the basis of age disability gender reassignment marriage and civil partnership pregnancy and maternity race religion or belief sex or sexual orientation.

3.7

Users shall not use Company Resources for political campaigning or lobbying activities in violation of Company rules or that may breach the Political Parties Elections and Referendums Act 2000 or other applicable regulations.

3.8

Users shall not use Company Resources for crypto-mining cryptocurrency trading or any other resource-intensive personal activities that may impair system performance or increase costs to the Company.

3.9

Users shall not bypass security controls attempt to gain unauthorised access to systems or use Virtual Private Networks (VPNs) to access unauthorised content in breach of this Policy or applicable law.

3.10

Users shall not engage in any activities that could compromise network and information systems security in violation of the Network and Information Systems Regulations 2018 including the introduction of malware unauthorised scanning of networks or any form of cyber attack.

3.11

Users shall not engage in any other activities that contravene UK cyber security best practices Company policies or any other applicable laws and regulations.

4
EQUALITY, DIVERSITY AND INCLUSION

4.1

The Company is committed to non-discrimination in the allocation and access to IT resources in full compliance with the Equality Act 2010. No User shall be denied access to Company Resources or subjected to less favourable treatment on the basis of a protected characteristic.

4.2

All Company systems and digital resources shall meet appropriate accessibility standards including the Web Content Accessibility Guidelines (WCAG) 2.2 at Level AA or equivalent standards to ensure equal access for all Users in line with the Equality Act 2010.

4.3

The Company shall provide mandatory training to all Users on the inclusive and equitable use of technology including awareness of accessibility requirements bias in AI tools and the impact of digital communications on diversity and inclusion.

4.4

Users shall report any equality-related issues or barriers concerning IT resources via the designated reporting mechanisms outlined in the Reporting Violations section of this Policy or directly to the HR Department. All such reports shall be investigated promptly and confidentially in accordance with the Equality Act 2010 and Company procedures.

5
SCOPE AND APPLICABILITY

5.1

This Acceptable Use Policy applies to all employees contractors vendors and other third parties who use or have access to Company Resources regardless of their location or place of work.

5.2

This Acceptable Use Policy applies to all activities involving Company Resources including but not limited to use at Company premises remote working home working and use of Bring Your Own Device (BYOD) equipment.

5.3

This Acceptable Use Policy covers all company-owned or managed IT systems networks data email services internet access mobile devices and any other Company Resources whether accessed from within the United Kingdom or internationally.

5.4

Where Company Resources involve the processing or transfer of personal data outside the UK the Company shall ensure appropriate safeguards are in place in compliance with the UK GDPR including adequacy decisions standard contractual clauses or other approved transfer mechanisms.

5.5

This Policy applies to all Users wherever located when using Company Resources and Users must ensure their use complies with this Policy and all applicable UK laws.

6
GOVERNING LAW

6.1

This Acceptable Use Policy shall be governed by and construed in accordance with the laws of England and Wales. The parties agree to submit to the exclusive jurisdiction of the English courts in relation to any dispute arising out of or in connection with this Policy.

7
INTELLECTUAL PROPERTY RIGHTS

7.1

Users must comply with all software license agreements and terms of use. Only licensed software approved by the Company may be installed or used on Company Resources.

7.2

The use of unlicensed pirated or illegally obtained software on Company Resources is strictly prohibited and may constitute a criminal offence under the Copyright Designs and Patents Act 1988.

7.3

Where open source software components are used Users must ensure full compliance with the relevant open source license terms including appropriate attribution notices and any modifications being made available under the same license where required.

7.4

All requests for new software must be submitted to the IT Department for approval. The Company shall maintain procedures to verify licensing compliance before acquisition or installation.

8
SECURITY RESPONSIBILITIES

8.1

Users must create strong passwords that include a combination of uppercase letters lowercase letters numbers and special characters and that are at least 12 characters in length.

8.2

Users must report any security incidents such as data breaches or suspicious activity within 24 hours.

8.3

Users must undergo regular training on recognising and avoiding phishing attempts.

8.4

Users must install and maintain up to date anti malware software on all company devices.

8.5

All devices handling sensitive information must employ full disk encryption and network level encryption for data in transit.

8.6

Users must contact the IT Security Team Lead to report any security incidents.

8.7

Users must report all suspected vulnerabilities or weaknesses in Company systems to the IT Security Team immediately upon discovery to align with the Network and Information Systems Regulations 2018 and ISO 27001 principles.

8.8

Multi-factor authentication (MFA) must be enabled and used on all User accounts and systems in line with Cyber Essentials requirements and Company security standards.

8.9

Users must not connect unauthorised removable media or USB devices to Company systems without prior approval. All such media must be scanned for malware before use.

8.10

Hardware that is no longer in use must be securely disposed of in accordance with ISO 27001 and data protection requirements including secure wiping of all data and certification of destruction where appropriate.

8.11

Users must follow password management best practices including not sharing passwords with anyone using a password manager where provided changing passwords only when directed by the Company or upon suspected compromise and not reusing passwords across multiple systems.

This example shows approximately 70% of a typical document and is provided for illustrative purposes only. The remaining content has been omitted.

Every document generated by Docaro is tailored to your specific circumstances, jurisdiction and the information you provide. The completed document includes all applicable clauses and provisions required for your situation.

To generate the full, personalised document, answer a short series of questions and your document will be created instantly.

Useful Resources When Considering a Acceptable Use Policy in the United Kingdom

Acceptable Use Policy - MoJ Security Guidance - Justice.gov.uk
JSP 740 Acceptable Use Policy (AUP) for Information and ...
Information Security policy
NALC publishes new IT policy template to support parish ...
Show All Resources

United Kingdom Reference Legislation

The following legislation is relevant to the generation of a Acceptable Use Policy in the United Kingdom:
Governs the processing of personal data, requiring organizations to have policies ensuring secure and lawful use of IT resources to protect personal information.
Retained EU regulation on data protection and privacy, mandating safeguards in IT policies to prevent unauthorized access or misuse of data via corporate IT systems.
Criminalizes unauthorized access to computer systems and data, requiring IT acceptable use policies to prohibit hacking, unauthorized software use, and related activities.
Incorporates the European Convention on Human Rights, influencing IT policies on privacy (Article 8) and freedom of expression (Article 10) in workplace monitoring and use.
Show All Reference Legislation

Acceptable Use Policy FAQs

An IT Acceptable Use Policy (AUP) is a formal document that outlines the rules and guidelines for how employees and users should access and utilise an organisation's IT resources, such as computers, networks, internet, and software, in a UK corporate setting. It ensures compliance with UK data protection laws like GDPR and promotes secure, efficient use of technology.
Show All FAQs

Document Generation FAQs

Docaro is an AI-powered legal and corporate document generator that helps you create fully formatted, legal contracts and agreements in minutes. Just answer a few guided questions and download your document instantly.
Show All FAQs
You Might Also Be Interested In
A Document Outlining Company Policies, Procedures, Employee Rights, And Expectations In The Workplace.
A Formal Document Outlining Expected Standards Of Behavior, Ethical Principles, And Professional Conduct For Individuals Or Organizations.
A Corporate Document Outlining Commitments To Fostering Diversity, Ensuring Equity, And Promoting Inclusion In The Workplace.
A Corporate Policy Outlining Guidelines For Employees Working Remotely, In Hybrid Setups, Or In The Office, Including Eligibility, Expectations, And Support.
A Corporate Policy Outlining How Long Data And Records Are Kept, How They Are Managed, And When They Are Securely Disposed Of To Comply With Legal Requirements.
A Corporate Policy Outlining Procedures For Employees To Report Misconduct, Wrongdoing, Or Legal Violations Internally Without Fear Of Retaliation.
A Corporate Policy Document Outlining Procedures For Addressing Employee Misconduct And Handling Workplace Complaints.
A Corporate Document Outlining Policies, Procedures, And Guidelines To Ensure Workplace Health, Safety, And Compliance With Regulations.
A Document Outlining The Responsibilities, Duties, And Requirements Of A Specific Job Role.
A Formal Document Outlining Steps To Help An Employee Improve Performance And Avoid Dismissal.
A Corporate Document Outlining The Principles And Approach To Employee Compensation, Including Pay Structures, Incentives, And Alignment With Business Goals.
A Corporate Document Outlining Reasons And Evidence For Recommending An Employee's Promotion.
A Documented Set Of Instructions Detailing The Routine Steps To Perform A Specific Task Or Operation Consistently Within An Organization.
A Corporate Document Outlining Procedures For Detecting, Responding To, And Recovering From Security Incidents.
A Strategic Document Outlining Procedures To Maintain Essential Functions During And After Disruptions, Ensuring Organizational Resilience.
A Formal Document Outlining An Organization's Rules, Guidelines, And Procedures For Protecting Information Assets From Cyber Threats.
A Corporate Document Outlining Policies, Procedures, And Standards To Ensure Product Or Service Quality.
A Corporate Document Outlining A Company's Performance And Initiatives In Environmental, Social, And Governance Areas.

Related Articles

Acceptable Use Policy Clause Library
United Kingdom clause library for acceptable use policies, helping you draft clear, compliant IT usage rules.
UK Acceptable Use Policy Compliance Considerations
UK acceptable use policy compliance tips covering key legal, security, and workplace considerations for organisations.
IT Resources Covered by Acceptable Use Policies
Learn which IT resources are covered by acceptable use policies in the United Kingdom and why they matter for compliance.
United Kingdom IT Acceptable Use Policy Scope Decision Tree
United Kingdom IT acceptable use policy scope decision tree for deciding coverage, users, systems, and workplace technology risks.
United Kingdom Acceptable Use Policy Sign-Off Decision Tree
United Kingdom guide to acceptable use policy sign-off decisions, helping teams identify the right reviewers and approvers.
 
COID:184CID:106