Back to the blog

AI Acceptable Use Training: What It Should Cover

Most AI acceptable use training is generic policy theatre. Here's what a custom course should cover, and why a PDF won't cut it.

Your AI policy is a PDF nobody read. The training fixes that.

Your legal team wrote an AI acceptable use policy. It went out as an all-staff email. The CEO mentioned it once at town hall. Three months later, half your people are pasting client contracts into ChatGPT and the other half are quietly using Claude on personal devices because IT blocked the web version.

This is the situation nearly every mid-sized Australian organisation finds itself in by mid-2026. The policy exists. The behaviour it was meant to govern does not match it. And the gap between the two is where the next data breach, the next IP leak, or the next Fair Work complaint quietly grows.

AI acceptable use training is how you close that gap. Not with a webinar nobody watches. With a custom course that uses your policy, your tools, and your examples, and takes ten minutes to complete.

This post is for the person in HR, P&C, risk, or L&D who has been told to “do AI training” and is now staring at quotes from compliance vendors and the vague suspicion that none of it will actually change how anyone behaves.

Why off-the-shelf AI training fails

Generic AI awareness courses have a structural problem. They are built to be sold to thousands of organisations, which means they cannot mention any specific tool, policy, or workflow. So they teach the abstract concept of “be careful with data” and leave every actual decision to the learner.

That is not training. That is a quiz on common sense.

The decisions your staff actually face look like this:

  • “Can I use Copilot to summarise this client email thread?”
  • “The vendor’s chatbot is asking for my employee number, is that fine?”
  • “I built a custom GPT to help with our induction process. Do I need to tell anyone?”
  • “My team is using Gemini in their personal Gmail to draft work emails. Is that a problem?”

None of those questions have answers in a generic course. All of them have answers in your AI policy, if the policy is any good. Custom training is the bridge.

What a good AI acceptable use course actually covers

A custom AI acceptable use course should do five things. If yours does fewer, it is policy theatre.

1. Translate your policy into decisions

The policy says “do not input confidential information into public AI tools.” Fine. The course should show learners what “confidential” means in your context: client data, salary information, draft contracts, internal strategy decks. It should also show what “public AI tools” means in your context: the free tier of ChatGPT, yes; the enterprise Microsoft 365 Copilot licence your IT team rolled out last quarter, probably not.

Real examples beat abstract principles every time. The course should walk learners through five or six realistic scenarios from their actual job and ask them to make the call.

2. Name the tools

Generic courses will not name ChatGPT, Claude, Copilot, Gemini, Perplexity, or Notion AI because the vendors that sell them want their content to age. Custom courses can and should. Your staff are using these tools. Pretending otherwise makes the training feel like it was written by someone who has never opened a browser.

Name the tools. Show screenshots. Tell people which ones your organisation has licensed, which ones are tolerated on personal accounts, and which ones are out of bounds entirely.

3. Cover the Privacy Act angle

The 2024 amendments to the Privacy Act 1988 and the Australian Voluntary AI Safety Standard changed the risk picture for any organisation handling personal information. Your staff probably do not know this. They do not need to become privacy lawyers, but they do need to understand why pasting a CV into a free AI tool is materially different from pasting it into a vetted enterprise platform.

This is also where your training intersects with your existing Privacy & Data Protection training regime.

4. Address shadow AI without being condescending

Shadow AI, staff using personal accounts for work tasks, is the single biggest source of AI risk in most organisations. Treating it as a discipline problem makes it worse. Most shadow AI happens because the sanctioned tools are slower, clunkier, or blocked entirely.

Good training acknowledges this. It tells people what to do instead: which approved tools exist, how to request access, who to talk to when an approved tool does not do the thing they need. The goal is to make the right path the easy path, not to threaten anyone.

5. Tell people where to go when they are unsure

The single most useful slide in an AI acceptable use course is the one that says: “If you are not sure, ask [specific person/inbox].” This is the slide that prevents the bad decision. Generic courses cannot include it. Yours should.

How long should the course be?

Ten to fifteen minutes. Maybe twenty if you have a particularly complex policy environment.

Anything longer and completion rates collapse. AI acceptable use is not a topic that benefits from depth. It benefits from clarity. Your staff need to understand the rules, recognise the situations where the rules apply, and know who to ask when in doubt. That is a fifteen-minute job, not a one-hour one.

If your existing compliance vendor has quoted you for a forty-five-minute AI course, ask them what is in the extra thirty minutes. It is almost certainly padding.

What it should cost

The Australian market for custom AI acceptable use training currently sits between $5,000 and $25,000 depending on who you ask. The high end is agency pricing for courses that take twelve weeks to produce. The low end is freelancers who will deliver something that looks like a PowerPoint export.

We build AI acceptable use courses in three weeks at fixed prices: $5,500, $7,500, or $10,500 plus GST depending on complexity. Our Tier 1 is built for exactly this kind of content: policy-driven, scenario-based, low on custom interactivity. Most AI acceptable use courses fit here.

If your policy is genuinely complex, if you need branching scenarios that differ by role, or if you want assessment that goes beyond knowledge checks, that is Tier 2 territory.

What you should not pay for: $20,000 and a five-month wait for a course that will be out of date by the time it launches.

When to commission it

The honest answer: as soon as your AI policy is finalised, not before.

Training without a policy is just opinion. We have seen organisations try to build acceptable use courses before they have decided what is actually acceptable, and the result is always the same: vague content that does not commit to anything, because the people commissioning it cannot commit to anything either.

If you do not have a policy yet, get one. The Voluntary AI Safety Standard is a reasonable starting point. The DTA’s policy for the responsible use of AI in government is the benchmark if you are public sector.

Then, and only then, commission the training.

What to brief your developer on

When you come to us, or to anyone else, for AI acceptable use training, bring:

  1. Your AI policy. The actual document, not a summary.
  2. A list of the AI tools your organisation has licensed. This determines what gets named in the course.
  3. The contact point for AI questions. Person, team, or inbox. The course needs to point somewhere.
  4. Three to five real examples of AI use cases that have come up in your organisation. Even anonymised. These become the scenarios.
  5. Your existing compliance training catalogue. So the new course does not duplicate or contradict what is already there.

That is enough for us to scope the course on a single fifteen-minute call. Three weeks later, you have a finished course in your LMS.

The bigger picture

AI acceptable use training is the first piece of a broader AI capability stack that most Australian organisations will need over the next eighteen months. After acceptable use comes AI training for managers, then function-specific training for the teams that are using AI most heavily, then governance-level content for compliance and risk teams.

Start with acceptable use. It is the cheapest, fastest, and highest-impact piece. It is also the one your auditors, your insurers, and your board are going to start asking about, if they have not already.

When you are ready, get in touch. Three weeks from kickoff to launch. Fixed price. No drama.

Need help with eLearning?

We can build it
in three weeks.

Custom eLearning courses with transparent pricing starting at $5,500 + GST.

Get a quote View pricing