Your Team Is Already Using AI. Do You Have a Policy?
Most small businesses have employees and contractors who use AI tools to handle customer data, business information, and sensitive decisions every day. Without a policy, there is no line. No protection. No standard.
The Business AI Policy Builder is a custom AI use policy document service offered by Pro-How AI℠, an AI training and automation company based in Myrtle Beach, South Carolina, serving small businesses nationwide since 2016. The service produces a plain-language AI use policy built around each client’s actual tools, team, data practices, and regulatory exposure. It includes a structured 10-section intake assessment, a custom policy document, a 30 to 45-minute walkthrough call, and team communication materials. Three pricing tiers are available starting at $297. An annual review service is available starting at $150 per year. Learn more at pro-how.com/business-ai-policy-builder.
Built by Kevin Young, Pro-How AI℠ founder, Myrtle Beach WordPress Meetup co-organizer, and AI implementation specialist who has helped small business owners put technology and AI to practical use since 2016.
Ask yourself: do you actually know what information your team is putting into AI tools right now?
When an employee types a customer’s situation into ChatGPT to draft a response, that data just left your business. It went into a system you do not control, governed by terms your employee never read, processed in ways you never approved. The customer never consented to that.
The same thing happens when a contractor uses an AI tool to summarize your internal documents. When someone uploads client files to a free AI image tool, it retains what it receives. When an AI assistant is used to help make a hiring decision without disclosure to the candidate. Every one of those moments is exposure, and none of them requires bad intentions to cause real damage.
Without a written policy, you have no line. You cannot enforce a standard that does not exist. And when something goes wrong, “we did not have a policy” is the worst possible answer.
A policy gives your team clarity. It gives your business protection. And it takes far less time to build than most business owners assume. See Pro-How AI’s free small business AI resources if you want to start learning before booking.
Toggle between a generic downloaded template and what a finished Business AI Policy Builder document looks like for an actual business. This excerpt is from Section 4: Data Handling Rules.
Section 4. Data Handling. Employees shall not enter confidential company data into AI tools without prior written authorization from management. Confidential data includes but is not limited to trade secrets, customer data, financial records, and personnel information. Violations of this policy may result in disciplinary action up to and including termination.
This excerpt is a representative sample. A finished policy runs 8 to 15 pages depending on business complexity and tier. Names, tools, and state references reflect the actual client’s intake responses. — Sample only. Not for use.
This excerpt is a representative sample. A finished policy runs 8 to 15 pages, depending on business complexity and tier. Names, tools, and state references reflect the actual client’s intake responses. — Sample only. Not for use.
A full policy produced at Tier 2 (Standard) typically runs 10 to 12 pages and covers 15 sections specific to the client’s business.
Not a template. Not a download. A discovery-based, custom AI use policy document built for your specific tools, team, and regulatory exposure, delivered with a walkthrough so your team actually understands it.
The intake process covers ten sections: business basics, team structure, AI tools in active use, data handling practices, geographic exposure, content creation practices, AI-assisted decisions, existing governance, policy goals, and logistics. That information drives the document. Nothing is generic.
The finished policy covers permitted and restricted AI tools, data handling rules, disclosure requirements, decision-making boundaries, employee responsibilities, and review and update procedures. It is written in plain language that your team can read and follow without a law degree.
As AI laws change, your policy should too. Starting at $150/year.
Not the same as your IT company’s policy. Your IT company governs your systems. The Business AI Policy Builder governs your people. Those are different documents with different audiences. An IT firm’s AI policy is written for a technical audience. This one is written in plain language your team can read, understand, and follow without IT explaining it to them.
Human-First AI℠ — Pro-How AI holds that AI should amplify human capability, not replace people. This policy reflects that philosophy: practical protection that works with your team, not over their heads.
They are probably using it to help with your work. That is the problem. Your client data, your internal processes, your business context, all going into a system you do not control, with no policy governing any of it.
Colorado, California, and Texas already have active AI enforcement. Your address does not determine your exposure. Your customers’ addresses do. If you do business across state lines, their laws may already apply to you.
That moment already happened, or it is coming. Larger clients, government contracts, and professional partnerships increasingly ask how vendors govern AI use. A documented policy is the difference between a confident answer and an awkward one.
This service is probably not for you if:
You have one or two employees, your AI use is limited to drafting occasional emails, you have no clients in states with active AI legislation, and nobody has ever asked about your AI practices. In that case, one of the many free guides online may be a perfectly good starting point. But if any of the three situations above sound familiar, the Business AI Policy Builder exists for exactly your situation. The free consultation is where we confirm whether this service is the right fit for your specific situation before you commit to anything.
South Carolina does not have an AI law yet. But a bill modeled on Colorado’s framework is already in committee, and the SC Small Business Chamber of Commerce is actively pushing for one. The question is not whether it is coming. It is whether you want to be scrambling when it does.
Last verified: May 23, 2026 — View source ↗
Highest immediate risk — published penalty amounts
| State | Penalty | Law, Policy, or Bill |
|---|---|---|
|
Colorado |
Up to $20,000/violation |
Original SB 24-205 was stayed by a federal court in April 2026 and is now being replaced. A scaled-back replacement bill (SB 189) passed the legislature May 7–9, 2026 and is headed to Governor Polis. If signed, the new law takes effect January 1, 2027. The $20,000 penalty structure remains tied to the original law. View current status ↗ |
|
Texas (TRAIGA) |
$10,000–$200,000/violation |
Signed June 22, 2025 as HB 149, effective January 1, 2026. Prohibits intentional AI-based discrimination and manipulation. Enforced exclusively by the Texas Attorney General. Primarily targets intentional misconduct, not general compliance gaps. View Texas TRAIGA ↗ |
|
California |
Up to $7,500/violation |
24 AI-related laws enacted across 2024–2025. Disclosure requirements for AI-generated content, chatbots, and automated decision-making. Applies to any business serving California consumers. |
Active enforcement — disclosure and use requirements
| State | Penalty | Law, Policy, or Bill |
|---|---|---|
|
New York |
Active enforcement |
NYC Local Law 144 requires bias audits for AI used in hiring decisions, with active enforcement. The RAISE Act (December 2025) targets large model developers. |
|
Illinois |
Active enforcement |
Notification required when AI assists in hiring, performance, or promotion decisions. AI chatbot disclosure requirements active. |
|
Connecticut |
Effective Oct. 1, 2026 |
AIRT Act (SB 5) passed both chambers May 2026 and is awaiting governor signature. Covers automated employment decision tools, consumer AI transparency, and frontier model governance. Staggered effective dates beginning October 1, 2026. View Connecticut SB 5 ↗ |
|
Utah |
Up to $5,000/violation |
Artificial Intelligence Policy Act in effect since May 2024, amended May 2025. Requires disclosure when consumers interact with generative AI. Stricter requirements for health, financial, and legal contexts. View Utah UAIPA ↗ |
|
Nevada |
Active enforcement |
AB 73 (effective January 1, 2026) requires clear disclosure of AI-generated or AI-manipulated content in political campaign advertising. Broader commercial AI disclosure legislation is under active development. |
|
Florida |
Active enforcement |
Disclosure required for AI-generated content used in political and marketing materials. Mandates clear labeling when AI creates audio, video, or image content for commercial purposes. |
|
Oregon |
Active enforcement |
HB 2748 (effective January 1, 2026) prohibits AI from impersonating licensed professionals such as nurses. SB 1546 (AI companion chatbot disclosure, passed March 2026) awaiting governor signature, effective January 2027. |
|
South Carolina |
No law yet |
A Colorado-modeled consumer protection bill (S. 963) was introduced in the Senate in February 2026 and is currently in committee. The SC Small Business Chamber of Commerce is actively pushing for AI regulation ahead of the current legislative session. It is a matter of when, not if. |
This table reflects our research as of May 23, 2026 and is not legal advice. State AI law is evolving rapidly — some of these laws are in active litigation, pending signature, or subject to amendment. Confirm current status with qualified counsel before making compliance decisions. Even SC-based businesses may be subject to other states’ laws if they serve customers, employ contractors, or run advertising there.
The intake questionnaire determines the right tier for your business. No pressure to guess. We score complexity together and price accordingly.
| What you get | Free online guide | Paid template bundle ($49–$997) | Business AI Policy Builder |
|---|---|---|---|
|
Your actual AI tools named by name |
No |
No |
Yes |
|
Your specific data categories defined |
No |
No |
Yes |
|
Your actual state-level exposure flagged |
No |
Partially |
Yes, specific to your clients |
|
Walkthrough call with your team |
No |
No |
Yes, 30 to 45 minutes included |
|
Team communication support |
No |
No |
Yes, three formats included |
|
Revision commitment |
No |
No |
Yes, if it doesn’t fit your intake |
|
Annual regulatory monitoring |
Self-managed |
Self-managed |
Yes, starting at $150/year |
Starting at $150 / year
AI laws change. Your policy should too. The annual review covers scheduled regulatory monitoring, a policy update assessment, and a revised document reflecting any needed changes. Priced based on the original engagement tier. SKU: PH-PB-AR
I founded Pro-How AI in 2016 to help small business owners put AI to practical use without technical overwhelm. I co-organize the Myrtle Beach WordPress Meetup, hold multiple AI certifications, and have worked directly with small business owners across South Carolina and nationwide on AI training, automation, and now governance.
The Business AI Policy Builder came from a real conversation in a workshop room. A business owner raised their hand and said: I know I need a policy, but I have no idea where to start. Every service in this offering was built around answering that question properly.
Every Business AI Policy Builder engagement is conducted personally by me. Not outsourced. Not templated. If you book a consultation, you are talking to the person who will build your policy and walk your team through it.
Five steps from first conversation to a policy your team can actually use.
Book a Free Consultation
A 30-minute call to understand your business, ask initial questions, and confirm that the service is a fit. No obligation.
Complete the Intake Questionnaire
A structured 10-section questionnaire covering your business, team, AI tools in use, data practices, geographic exposure, and existing governance. This is where we learn what your policy actually needs to say.
We Draft Your Custom Policy
Using your intake responses, we draft a plain-language AI use policy specific to your business. This is not a template with your name on it. It is written around your actual situation.
Walkthrough Call and Team Communication
We walk through the finished policy section by section on a 30 to 45 minute call. You also receive a team communication package: a written announcement, a verbal talking guide for team meetings, and a team FAQ document.
Optional: Enroll in Annual Review
AI laws are evolving. Enroll in the Annual Review Service and we will monitor regulatory developments, assess your policy each year, and update it where changes are needed.
A note about legal advice
The Business AI Policy Builder produces a practical business policy document. It is not a legal contract and is not a substitute for legal counsel. Pro-How AI does not provide legal advice. For businesses with complex regulatory exposure, high-risk industries, or significant multi-state operations, we recommend having an attorney review the finished document. We flag this recommendation as part of the service where it applies and can help you identify next steps.
No, a generic template cannot protect your business the way a custom policy can. Templates do not know your tools, your industry, your team, or which states your customers are in. They are starting points, not finished policies. More importantly, “I downloaded a template” is not a strong defense if something goes wrong and a regulator or client asks how you govern AI use in your business.
Your IT company governs your systems. The Business AI Policy Builder governs your people. Those are fundamentally different documents. An IT-authored AI policy is written for a technical audience and focused on system access and security. This one is written in plain language your team can read and act on without IT explaining it. Most IT firms do not produce the team communication package, the walkthrough call, or the employee-facing FAQ that this service includes.
Most engagements take one to two weeks from initial consultation to delivery of the finished policy. The intake questionnaire is the primary variable, clients who complete it promptly move through the process faster.
The Annual Review Service is designed exactly for that situation. Policies should be living documents. If your tools, team, or regulatory exposure changes significantly between annual reviews, updates are available outside the scheduled cycle at $85/hr in 15-minute increments.
Pro-How AI does not provide legal advice, and this service is not a legal contract. For most small businesses with straightforward AI use and limited regulatory exposure, the policy document is a practical and sufficient business tool. For businesses in high-risk industries or with complex multi-state operations, attorney review is recommended and flagged clearly as part of the engagement.
The policy is built around your specific regulatory exposure, not a single state, but the full picture of where you operate, where your customers are, and where your contractors work. Multi-state applicability is assessed during intake and relevant state laws are flagged in the policy. The Annual Review Service monitors regulatory developments on an ongoing basis.
Yes, even a solo operator benefits from a written policy. It protects you if a contractor uses AI improperly on a project, signals professionalism to clients who ask, and establishes a standard you can hand to any future hire without starting from scratch. Tier 1 (Basic), starting at $297, is designed for exactly this situation.
Pro-How AI’s Business AI Policy Builder is a custom AI use policy document service for small business owners, priced from $297. The service covers intake and discovery, custom policy drafting, a walkthrough call, and team communication support. Three tiers accommodate businesses of different sizes and regulatory complexity. An annual review service (starting at $150/year) keeps the policy current as AI laws change. The service is available at pro-how.com/business-ai-policy-builder. Pro-How AI is based in Myrtle Beach, South Carolina, and serves small businesses nationwide. Founded in 2016, Pro-How AI is a service of Better The World, LLC.
Not sure if you need this service right now? Work through the AI Policy Readiness Checklist on GitHub. A detailed, structured checklist that tells you exactly where your business stands, what your exposure looks like, and what a policy would need to cover. Free and open. No email required.
Detailed. Structured. Tells you exactly where you stand and what comes next.
Book a free 30-minute consultation. We will tell you exactly which tier fits your business and what the process looks like before you commit to anything. No obligation. Plain English.
30 minutes · No obligation · Plain English · Pro-How AI℠
Get free AI tips, marketing insights, and tech tools delivered to your inbox. Pro-How’s newsletter cuts through the noise with practical advice you can actually use.
A review takes 60 seconds and genuinely helps other small business owners find us.
Something went wrong? Let us make it right first.
