Congratulations. You have an AI usage policy. So does roughly every Fortune 1000 company and a lot of the mid-market. Statistically, this means almost nothing.

A policy with no telemetry is theatre. ISO 27001 auditors know it. ICO inspectors know it. Your CFO does not — yet.

And yes, this is where a certain class of vendor arrives with a polished PDF template, a stock photo of diverse professionals near a whiteboard, and a claim that your AI governance problem is solved. Amazing. The folder on your intranet is apparently your new control plane.

That fantasy is getting harder to defend. On 20 December 2024, Italy's Garante said it had fined OpenAI €15 million after concluding ChatGPT processing breached transparency and related obligations under EU privacy law. The signal matters more than the press cycle: regulators are testing for substance, not paperwork.

If your staff are pasting personal data into ChatGPT, Gemini, Claude, or whatever new browser tab appeared this week, your policy is not the thing regulators will care about first. Your evidence is.

The audit test that exposes the gap

Most AI policies can survive the first 30 seconds of an audit. The next five minutes are where the trouble starts.

A competent auditor usually asks three questions:

  1. Show me the policy.
  2. Show me the evidence employees have read and acknowledged it.
  3. Show me the log of violations and remediations from the last 12 months.

Most teams pass question one. Some pass question two. Almost none pass question three for AI.

That gap matters because ISO/IEC 27001:2022 is not asking you to publish a nice document and hope for the best. Annex A control A.5.1 covers policies for information security and expects review at planned intervals and when significant changes occur. Annex A control A.5.10 covers acceptable use of information and other associated assets.

Acceptable use without monitoring is just optimism with branding.

SOC 2 lands in the same place. CC6.1 is about logical and physical access controls. CC7.2 is about monitoring the system and detecting anomalies, failures, and other events. A PDF on the intranet is none of those. A town-hall slide is also not a control, despite heroic efforts by some executives to manifest one.

This is what audit-grade evidence starts to look like when you stop pretending acknowledgements are enough:

!Prytive dashboard showing the gap between policy claims and actual paste-into-AI events

The point is not the screenshot. The point is that a control leaves a trail.

Policy text versus employee behaviour

The fastest way to spot compliance theatre is to compare policy language with what employees actually do in the browser.

You already know the script.

Policy line: "Employees must not paste customer data into public AI tools."
Reality: 14 employees do exactly this every week. Your telemetry: none.
Policy line: "Approved AI tools are Microsoft Copilot and ChatGPT Enterprise only."
Reality: 9 unsanctioned tools show up in DNS logs you have not checked

There is usually no malice here. Your team is trying to get work done. A salesperson wants help drafting a renewal email. A claims analyst wants a summary. A junior lawyer wants a first pass on a clause comparison. They paste too much. The browser does what browsers do. Your policy remains deeply committed to being unread after page two.

A lot of 2025 developer and workplace AI surveys point in the same direction: usage outruns governance. That should surprise no one. Adoption is easy. Instrumentation costs money.

So the market produced a familiar masterpiece: consultants charging £40,000 for a one-page AI policy and calling it maturity. Not control design. Not evidence collection. A one-page policy.

If you want a policy baseline, fine. Start there. Then move straight to enforcement. If you need the document itself, the one-page AI usage policy template is useful as a starting point, not an endpoint.

What the standards actually force you to prove

The common dodge is to treat AI as if it sits outside your existing control environment. It does not. Employees are using information assets, often through a browser, often with personal data, financial data, or confidential material in scope. That drops you straight back into your existing obligations.

Under ISO 27001:2022 Annex A.5.1, a policy needs review. Under Annex A.5.10, acceptable use needs rules that can be applied in practice. In plain English: if your policy says staff cannot paste customer account numbers into public models, you need some way to know whether that happens.

SOC 2 is less interested in your intentions than many board decks are. CC6.1 asks whether access-related controls exist and operate. CC7.2 asks whether you monitor and detect.

Auditors do not need philosophical certainty. They need evidence. Logs. Alerts. Exceptions. Remediation records. A blocked event on 14 March. Coaching on 15 March. Repeat offence escalated on 2 April.

That kind of thing.

If you cannot produce detection evidence, you are left with attestation theatre. Someone says they trained staff. Someone else says the policy was circulated. Everyone nods. The risk remains in the browser tab.

That is why browser-layer controls matter. CASB and email DLP were built for different traffic patterns. Prompt leakage happens in a place your old controls often do not inspect cleanly. CASB won’t save you from prompt leakage is the short version if you need to make that case internally.

Four enforcement primitives every AI policy needs

If you want the policy to mean something, you need four primitives underneath it.

1. Detection at the point of use

See prompts before they leave the browser. Not a weekly spreadsheet. Not quarterly assurance theatre. Real-time inspection where staff actually paste data into ChatGPT, Copilot, Gemini, or Claude.

2. Risk-based intervention

Not every event needs a block. Some need a warning. Some need redaction. Some need escalation. High-risk prompts with PII, financial account data, or confidential deal terms should not glide through because the policy was very clear about expectations.

3. Evidence-grade logging

You need a redacted audit trail of what happened, when, by whom, and what action the control took. Logs should support review without storing raw sensitive content. Otherwise your monitoring tool becomes the next incident.

4. Remediation workflow

A violation log without follow-up is just better-organised disappointment. You need owner, date, action taken, and repeat-offender visibility over a 12-month period.

Stop running the play

Use the three-question test:

  1. Show me the policy.
  2. Show me the acknowledgements.
  3. Show me the violations and remediations from the last 12 months.

Then build the four enforcement primitives:

That is the difference between AI usage policy enforcement and AI usage policy enforcement compliance theatre.

The policy authors are not the problem. Most are doing the best they can with thin budgets, fast adoption, and senior stakeholders who think one all-hands slide counts as operational control. It does not.

Stop running the play. Instrument the policy with a 7-day discovery and see if reality matches your PDF.