For Small Business & SMEs

AI governance without the enterprise overhead.

Practical AI governance for small businesses and SMEs — what regulations actually apply to you, what you can do in a day, and where your jurisdiction adds specific requirements.

Where to start Write an AI policy

What actually applies to small businesses

You don't need an enterprise governance programme. But these basics apply in most countries.

Data protection basics

Almost every country now has a data protection law. If you use AI tools with customer or employee data, you have obligations — even as a small business.

Consumer law

AI-generated product claims, automated pricing, and chatbot interactions are subject to consumer protection law in most jurisdictions. No size exemption.

An AI policy

A one-page policy documenting what AI tools your business uses, how they're used, and what data they touch is a defensible starting point almost everywhere.

Employee transparency

If you use AI that affects employee performance, monitoring, or decisions — in most countries you need to tell them. Consult before major changes.

Vendor due diligence

Your AI vendor contracts should cover data ownership, breach notification, and what happens to your data. Most off-the-shelf terms favour the vendor.

5 things you can do this week

List every AI tool your business uses and what data it touches — a simple spreadsheet is fine

Stop using free consumer AI tools (ChatGPT free tier etc.) with client or employee data — upgrade to a business plan

Name one person responsible for AI governance questions — even in a 10-person business

Check your privacy policy mentions how you use AI in customer-facing decisions

Download a free AI policy template and adapt it for your business — many regulators provide them

Guides for small businesses everywhere

Practical guidance that applies regardless of where your business operates.

Global

AI Governance for Small Business: Where to Start

Read guide

Global

How to Write an AI Policy for Your Organisation

Read guide

Global

What Is AI Governance? A Plain-English Guide

Read guide

Global

AI in Hiring: The Governance Risks HR Leaders Cannot Ignore

Read guide

Global

Writing an AI Policy for Your Small Business: A Step-by-Step Template

Read guide

Global

AI Governance for Startups: Building It Right Before You Scale

Read guide

Your country has specific rules for SMEs

Thresholds, obligations, and exemptions vary. Find what applies where your business operates.

🇦🇺

Australia

Privacy Act $3M turnover threshold, ACCC consumer law, AI6 Foundations — free NAIC resources

View guidance →

🇪🇺

European Union

EU AI Act SME support provisions, GDPR applies to all sizes, no SME exemption for high-risk AI

View guidance →

🇬🇧

United Kingdom

UK GDPR, ICO SME guidance, FCA consumer duty if in financial services

View guidance →

🇺🇸

United States

State consumer privacy laws (CCPA, VCDPA), FTC guidance on AI deception

View guidance →

🇨🇦

Canada

PIPEDA for private sector, Quebec Law 25 applies to SMEs, ISED SME AI guidance

View guidance →

🌏

Other countries

Singapore PDPA, India DPDP, Brazil LGPD — find your region

View guidance →

🇦🇺

Australian small businesses

The Privacy Act threshold ($3M turnover), ACCC consumer law obligations, and the free AI6 Foundations resources from the National AI Centre make Australia one of the better-resourced environments for SME AI governance.

🇦🇺 Australia

AI Policy for Australian Small Business: A One-Page Template and What the Law Requires

Read guide

🇦🇺 Australia

ACCC and AI: What Australian Consumer Protection Law Means for Businesses Using AI

Read guide

🇦🇺 Australia

Your First 30 Days of AI Governance: A Practical Plan for Australian Organisations

Read guide

🇦🇺 Australia

AI Startup Legal Requirements in Australia: The Founder's Complete Compliance Guide

Read guide

All Australian SME guidance