AI Policy for SMMEs in South Africa: A Simple 1-Page Starting Point

SMMEs don’t need a 20-page AI governance document. They need a simple, practical AI usage policy that protects customers, protects the business, and sets a standard for quality and responsibility.

Here’s what a 1-page SMME AI policy should include.

1) What AI can be used for

• drafting emails and messages
• marketing content drafts
• proposal and document drafting (with review)
• SOP/checklist creation (with verification)
• summarising internal notes and meetings

2) What AI must NOT be used for (without escalation)

• final decisions on hiring, credit, or sensitive outcomes
• anything requiring legal/financial accuracy without expert review
• pasting personal/confidential customer data into public tools

3) Data handling rules

• anonymise inputs by default
• never paste IDs/bank details/confidential contracts
• keep sensitive information out of prompts

4) Quality and verification rules

• AI drafts; humans verify
• check facts and assumptions
• run a “review prompt” before sending
• maintain tone and professionalism

5) Template and consistency rules

• use shared templates for recurring workflows
• store approved prompts centrally
• update templates monthly based on what works

AIEISA includes these safe-use and verification habits as part of training because businesses don’t just need AI; they need responsible AI usage. This is about capability that sticks.

Related Articles:

• POPIA & AI Training in South Africa: Practical Guide – https://www.aieisa.ai/blog/popia-ai-training-south-africa-practical-guide/
• Responsible AI Training in South Africa – https://www.aieisa.ai/blog/responsible-ai-training-south-africa/