.png?width=772&height=434&name=BlogCase%20Study%20Images%20(14).png)
By Tim Butler, CEO, Innovation Visual
An AI policy for sales teams should be written by the people who understand the sales process, not delegated to HR or IT. That single decision is the difference between a policy that controls risk and a policy that gives the illusion of control while shadow AI usage quietly expands underneath it.
When I speak to sales and commercial leaders, I asked the same show-of-hands question.
Does your organisation have an effective AI policy?
Across rooms of fifty to a hundred-plus attendees, the hands going up have never exceeded 10%. What the other 90% almost always have is a document. A one-page statement about responsible AI use, lifted from a template, signed off at board level, filed somewhere nobody will ever look for it again. The gap between having a document and having an effective AI policy is where most of the governance risk in a sales organisation currently lives.
What Is Shadow AI and Why Does It Matter in Sales?
.png?width=784&height=491&name=BlogCase%20Study%20Images%20(15).png)
Shadow AI is the unsanctioned use of software, including AI, tools by employees on company work, typically through personal accounts, on personal devices, or with technologies that middle management have signed off on but IT don’t even know exits in the organisation. In a sales context, it usually looks like reps pasting prospect and customer information into a personal ChatGPT account to draft an email, dropping bulk sales data into Claude to analyse trends, running deal notes through a free summariser, or using a consumer-grade voice tool to transcribe calls.
Shadow AI matters because it sits entirely outside your governance, your data controls, and your quality assurance. The output feeds into customer-facing communication without ever being reviewed by the systems or people the organisation has put in place for exactly that purpose. Shadow AI is almost always a policy failure, not a personnel failure. It exists because the official policy has told people what they cannot do without telling them what they should do instead. They are using it because the personal gains of doing so outweigh what they see as their risk, but they not likely to be considering the full organisational risk.
Why HR Should Not Write Your AI Policy
HR should not own AI policy drafting for sales teams because HR is the custodian of employment risk, not operational effectiveness. HR is well set up to draft statements about acceptable use, confidentiality, data protection, and the consequences of misuse. Those things matter, but an AI policy that only covers those things is essentially a disciplinary framework. It tells your salespeople what will happen if they misuse the technology. It does not tell them how to use it well, which is the part that actually determines whether your AI investment returns anything.
A salesperson reading an HR-authored AI policy will walk away with a clear sense of what they are not allowed to do, and no guidance whatsoever on what they should be doing. That produces two outcomes:
-
The cautious reps do nothing, because doing nothing is never mentioned in the policy and therefore carries no risk.
-
The ambitious reps do what they were going to do anyway, on personal licences, on devices they are not meant to be using, on data the business never consented to share.
That is the shadow AI problem, and it is the direct and predictable consequence of policy written by people who do not know what good usage looks like.
Why IT Should Not Write It Either
IT should not own AI policy drafting for sales teams because IT treats AI as a set of tools to be evaluated for security, rather than a capability to be embedded in a workflow. The IT-authored policy will be heavy on approved-tools lists, security reviews, and controls over which models are allowed to see what data. All of that is necessary, and none of it is sufficient.
The IT policy answers the question "is this software safe to run" and leaves the more important questions untouched.
- What is the correct way to prompt for drafting a sales proposal?
- When must AI output be reviewed by a human before it goes to a customer?
- Who owns the quality of a prospecting agent's emails?
- At what point does an AI-generated call summary become the official record of the conversation?
IT cannot answer those questions, because IT does not do sales. The best they can do is defer them, which is how you end up with a policy that is technically compliant and operationally poor.
There is a further point worth making. The days when IT could sensibly act as the gatekeeper of enterprise technology have largely passed. AI is not a procurement category that lives inside a single system. It is now infused across CRM, marketing automation, communications, productivity, and everything in between. Asking the function that manages the network to dictate how revenue teams use the technology is, in most organisations, asking someone who does not know what you do to tell you how to do something new.
What Should an AI Policy for Sales Teams Include?
.png?width=820&height=513&name=BlogCase%20Study%20Images%20(13).png)
An effective AI policy for a sales team has three features that HR and IT versions tend to miss. It is written by people close to the work, it assigns ownership at the tool level, and it is built to enable rather than restrict.
Drafted by the People Close to the Sales Workflow
The sales function, the revenue operations team, and the people who actually operate the CRM need to be in the room when the policy is drafted. They are the only ones who can distinguish between useful AI use and risky AI use in a specific sales context. HR and IT are consulted and co-sign. They are not delegated to.
Named Ownership at the Tool Level
Every AI tool or agent in the sales stack needs a named owner. Not a department, a person. That person is responsible for configuration, for sampling the output, for deciding when to unwind the guardrails, and for pulling the plug if something goes wrong. Without named ownership, tools drift. The output degrades quietly, and nobody notices until a customer does.
Written to Enable, Not Only to Restrict
The useful parts of an AI policy are not the prohibitions, they are the encouragements. A sales-fit AI policy should set out:
-
The best tools to get the best results
-
The standard prompt library used for pre-call research, proposal drafting, and post-call summarisation.
-
The custom GPTs or agents the business has built, and how each one is configured.
-
The data each tool is allowed to see, and the data it is not.
-
The review process that sits between AI output and customer-facing communication.
-
The named owner for each tool, agent, and prompt asset.
-
The escalation path when something behaves unexpectedly or goes wrong.
A policy built this way is a description of how good AI work is done in this organisation, and compliance becomes a side effect of doing the work properly, rather than a separate overhead.
The Question Worth Asking Before You Publish
Before your organisation publishes its next AI policy update, ask a straightforward question. If a new sales hire joined next Monday and read this policy as their introduction to how we use AI here, would they know what to do, or would they only know what not to do?
If the honest answer is the second one, the policy is not governing anything. It is performing governance. That is a useful thing to file away for a compliance audit, and a dangerous thing to rely on for actual operational control.
Frequently Asked Questions About AI Policy for Sales Teams
Who should write an AI policy for a sales team?
An AI policy for a sales team should be drafted jointly by sales leadership, revenue operations, and the CRM owner, with HR and IT consulted for employment and security input rather than delegated to as authors. The drafting team needs to understand the sales process end to end so that the policy governs real usage rather than theoretical risk.
What should an AI policy for sales teams include?
A sales-fit AI policy should include:
- a standard prompt library,
- a list of approved tools and agents with their configurations,
- the data each tool is allowed to access,
- the human review process that applies to AI output before it reaches a customer,
- named ownership for each tool,
- and a clear escalation path when something goes wrong.
- It should describe what good usage looks like, not only what is prohibited.
What is shadow AI?
Shadow AI is the unsanctioned use of AI tools by employees on company work, usually through personal accounts, on personal devices, or with company data that has not been cleared for external use. It sits outside organisational governance and is almost always caused by a policy that tells people what they cannot do without telling them what they should do instead.
Does a generic AI policy template work for a sales team?
A generic AI policy template rarely works for a sales team because it focuses on acceptable use and data protection without addressing sales-specific questions like prompt standards, prospecting agent governance, call intelligence review, and proposal generation oversight. A template is a reasonable starting point, but it has to be rewritten against the actual sales workflow before it becomes operationally useful.
How often should an AI policy for sales teams be reviewed?
An AI policy for sales teams should be reviewed at least quarterly in the current pace of change, and any time a new AI tool or agent is introduced into the sales stack. The underlying technology, the available tools, and the regulatory position are all moving fast enough that annual review is no longer sufficient.
Next Steps
Workshops on Using AI Strategically in Sales
Innovation Visual's AI for Leaders Workshop
Writing a sales-fit AI policy is not a legal exercise and it is not an IT exercise. It is an operating-model exercise, and it works best when the people designing the policy are the same people who understand the sales process end to end. If that is not a skill set you have in-house, our Using AI Strategically in Sales workshop is where sales leaders get their first concrete view of what effective governance looks like inside a working AI-enabled sales function. We run it across London, Bristol, Reading, Manchester, Brighton and Birmingham.
For wider reading, see our guide on how to ensure your AI project fails and our companion piece on mapping AI to your marketing functions.
.png?width=250&height=141&name=BlogCase%20Study%20Images%20(14).png)
