Skip to content

Governance

The AI Coding Policy Template

Last updated: 2026-07-026 min read

An AI coding policy needs eight sections: sanctioned tools, data rules per classification, task rules for agent runs, verification duties per change, evidence, agent permission limits, exceptions, and ownership with a review cadence. The complete template is on this page – ungated, ready to adapt. The design principle behind it: every rule carries its enforcement mechanism, because a rule that depends on memory becomes optional under deadline pressure.

Contents

Why a policy - and why this one is short

The numbers behind the need are stark in their mismatch: 84% of developers use AI tools, while only 48% consistently verify what those tools produce – in most teams, the rules exist as folklore. Our governance overview covers the full control picture; this page carries the one artifact everything else hangs on. It is deliberately short. Policies fail by length: the forty-page version gets signed once and never opened, and its authors mistake the signature for adoption.

The eight sections, and why each earns its place

  1. Tools & accounts. What is sanctioned, on which account tier – because consumer logins are the classic data-protection violation.
  2. Data rules. What may reach which tool, by classification level – the section your DPO and clients will read first.
  3. Task rules. Agent runs get written intent with boundaries before the run – the anchor for everything checkable.
  4. Verification. What must pass per change, and that validation is not authored by the generating model.
  5. Evidence. A record per run, stored with the code – your audit trail growing as a byproduct.
  6. Agent permissions. Advisory by default, no auto-commit, no production access – the section incidents have made non-negotiable.
  7. Exceptions. How to request one, who approves, where it is logged – because a policy without an exception path gets bypassed instead of amended.
  8. Ownership & review. One named owner, quarterly review – unowned policies are rediscovered after incidents, not before.

The template

ai-coding-policy.md

Example – adapt to your team
# AI Coding Policy · <team> · v1.0 · owner: <name> · review: quarterly

## 1 Tools & accounts
Sanctioned: <Claude Code, Cursor, Copilot> on company accounts only.
Consumer/free tiers: prohibited for work. New tools: ask <owner>.

## 2 Data rules
Public/internal code: allowed in sanctioned tools.
Confidential (client code, infra/secrets/*, prod data): local
processing only - never into cloud prompts or context.
Personal data in prompts/fixtures/logs: prohibited (see DPO note).

## 3 Task rules (agent runs)
Every agent run has a written task BEFORE it starts:
goal · boundaries (files/dirs it may touch) · acceptance criteria.
No task, no run - "quick fixes" included.

## 4 Verification (per change)
Must pass before review: build · types · tests relevant to the change.
Validation must not be authored by the generating model/session.
Change is checked against the task (scope + criteria).

## 5 Evidence (per run)
A run record is stored with the code: task, tool+version, diff scope,
validations + results, skips, approver.

## 6 Agent permissions
Agents are advisory by default: propose, never apply unattended.
No auto-commit. No direct writes to protected branches.
No production systems, credentials, or customer data access.

## 7 Exceptions
Request to <owner> with reason + expiry date. Logged in <register>.
Expired exceptions auto-revert to policy.

## 8 Incidents
AI-attributed defect or data slip: report to <channel> within 24h.
Blameless review; policy gap check is part of every postmortem.

Adaptation notes: a five-person team can merge sections 7 and 8 into two lines; a regulated team extends section 2 with its classification scheme and section 5 with retention rules. What should survive every adaptation is the structure of section 4 and 6 – verification per change and advisory-by-default agents are the two rules that carry the most risk when they erode.

Common failure modes

  • The forty-page policy. Completeness feels responsible and reads as noise. Every section that does not change behavior dilutes the ones that must.
  • Ban-everything. With 84% adoption, prohibition does not stop usage – it stops disclosure. The BSI/ANSSI line – enable with rules, verify output – is both safer and enforceable.
  • Rules without mechanisms. “Developers should carefully review AI code” is a wish. A gate that runs per change is a rule. Write only rules you can back with a mechanism, and name the mechanism in the policy.

Where Reality Graph fits

Sections 3 through 6 of the template describe, almost line by line, what Reality Graph mechanizes: written tasks with boundaries, verification of each run against them, an evidence report per run, advisory-by-default with no auto-commit as architecture rather than promise. The policy stands on its own without any specific tool – Reality Graph turns its middle sections from manual discipline into defaults.

This template gives you

  • Eight sections with the reasoning per section
  • The full document in-page - no download gate
  • An enforcement mechanism named per rule
  • Adaptation notes for small and regulated teams

It does not give you

  • Legal review - your counsel reads it before it binds anyone
  • A policy that works unadapted - the placeholders are real work
  • Enforcement by itself - mechanisms must actually be wired up
  • Coverage of AI beyond coding - scope it or extend it deliberately

If these boundaries fit how your team wants to ship:

FAQ

What belongs in an AI coding policy for development teams?
Eight sections cover the working cases: sanctioned tools and accounts; data rules per classification level; task rules (written intent before agent runs); verification duties per change; evidence and audit trail; agent permission limits (no auto-commit); exceptions and how to request them; and ownership with a review cadence. Everything else - philosophy, tool tutorials, legal essays - belongs somewhere else. A policy that fits on two screens gets read; one that fills forty pages gets signed and ignored.
How is this different from your AI coding governance article?
The governance article is the overview: why control matters, the building blocks, how to introduce them, with a one-screen mini policy as illustration. This page is the deep dive on one building block - the policy document itself: a full section-by-section template with the reasoning per section and the adaptation notes for team size and regulation level. Read the overview first if governance is new territory; start here if you already know you need the document.
Do small teams really need a written policy?
A five-person team does not need a policy department - it needs the same eight decisions made once and written down, which takes about an hour with the template. The written form matters even at small scale for three reasons: onboarding stops being oral tradition, client and auditor questions get a document instead of a shrug, and the rules survive the person who invented them. Scale the ceremony down, not the decisions.
How do we introduce a policy without triggering resistance?
Write it with the people it binds, not for them - a one-hour session where the team fills in the template beats a decree from above. Anchor every rule to a failure mode people recognize (secrets in prompts, unreviewed agent merges) rather than to authority. And keep the enforcement mechanical where possible: a verification gate that runs per change enforces itself, while a rule that depends on manual vigilance becomes optional under deadline pressure.
How often should the policy be reviewed?
Quarterly is the honest default in 2026 - tool capabilities, vendor terms and the legal frame all move fast enough that an annual cycle guarantees staleness. The review is small: does the tool list still match reality, did any incident or near-miss expose a gap, did vendor terms or regulation change. Assign one named owner; policies without an owner do not get reviewed, they get rediscovered after an incident.
What makes a policy enforceable instead of decorative?
Every rule needs a mechanism, and the template forces that question per section: tool rules enforce through managed accounts, data rules through filters and local processing, task rules through the agent workflow, verification rules through a gate that runs per change, evidence rules through reports generated as a byproduct. The test: if every developer forgot the policy tomorrow, which rules would still hold? Those are your enforced rules - the rest is documentation of intent.

Keep reading

Sources

Want to follow the beta, or test it when it opens?

Join early access