The AI Governance Toolkit for UK Small Businesses — Policies, Checklists & Rollout Plan
Your team is already using AI. Your rules for it don't exist yet.Right now, someone in your business is pasting something into ChatGPT. Maybe it's harmless. Maybe it's a client contract, into a free account that trains on whatever it's fed. You'd never know — this risk is invisible until it's a client phone call, an ICO letter, or a fabricated statistic in a proposal with your name on it.Most organisations now use AI. Far fewer have any rules around it. The fix isn't banning AI — your best people will use it anyway, just silently. The fix is 8 documents and a 30-day plan.WHAT'S INSIDE1. AI Usage Policy — the core policy: approved tools, forbidden data, human review rules. Fill in the brackets, adopt it this week.2. Staff AI Guidelines — a one-page do/don't sheet your whole team will read, with the 10-second test that prevents most data leaks.3. AI Vendor Assessment Checklist — 18 questions that catch data-hungry AI tools before you buy them, including the deal-breakers most SMEs never check.4. AI Risk Register — 12 pre-scored, pre-populated AI risks with mitigations. Delete what doesn't apply, assign owners, done.5. Data Protection & AI Mapping Guide — UK GDPR for AI use in plain English, with a DPIA-lite worksheet and breach scenarios.6. Leadership Briefing — a ready-to-present 8-slide board briefing that gets your policy and budget approved in one meeting.7. 30-Day Rollout Plan — day-by-day implementation: decide, brief, embed, review. About 2 days of total effort.8. Regulatory Quick Reference — the EU AI Act and the UK position in plain English, plus a 15-minute six-monthly check.All delivered as editable Word documents plus PDFs, with a Read Me First covering your licence and how to start.WHO IT'S FORUK businesses of 5-250 people without in-house compliance or legal teams. Ops managers, HR leads, and directors who've been told "sort out our AI position." Consultants and fractional executives who need governance materials for clients (single-business licence included; multi-client licence available on request).WHO IT'S NOT FOREnterprises with legal departments, regulated firms needing sector-specific compliance (FCA, CQC), or anyone wanting AI strategy consulting. This is the governance layer, done for you.THE MATHSAn AI governance consulting engagement runs £5,000-£15,000. A data incident costs more. This toolkit is a fraction of that, and the rollout plan needs about two days of internal time.ABOUT THE AUTHORBuilt by Daniel Holt, founder of Holt Advisory Services, an independent AI and technology consultancy. These are the working documents used in real client engagements, generalised for any UK SME.FAQIs this legal advice? No. These are professional templates for you to adapt; have your solicitor or DPO review your final policy. It'll take them an hour instead of a week.Does it cover the EU AI Act? Yes — a plain-English summary, key dates, a three-question self-classification, and what applies if you serve EU markets.Format? .docx (editable) + PDF, delivered instantly as a zip.
Get it → holtadvisory.gumroad.com