Resources · 11 June 2026

An AI acceptable use policy for UK accountancy practices

AI tools are spreading through accountancy and bookkeeping practices quickly, and for good reason. They draft client emails, summarise documents, explain rules, and sit inside the bookkeeping software your team already uses. The catch is the data involved. Client financial records are confidential and often personal, and your professional duties do not pause because a tool is convenient.

An AI acceptable use policy lets the practice use these tools while keeping client confidentiality and your professional obligations intact.

Why practices need to be careful

Accountants hold exactly the kind of data that should not flow into the wrong tool: client financials, personal details, tax information, sometimes sensitive personal circumstances. Three pressures meet here.

• Confidentiality. It is fundamental to the relationship and to your professional body’s expectations. Pasting client data into a free, consumer-grade AI tool that may use it to train its models sits very uneasily with that.
• UK GDPR. Much of what you hold is personal data, with the obligations that brings.
• Client expectations. Clients are beginning to ask how their data is handled when you use AI. A clear answer is becoming part of the service.

What the policy should cover

A practical policy for a practice is short and pointed:

• What client data may go into AI tools, and where. As a rule, client-identifiable or financial data only in approved tools with proper data terms, never free accounts.
• Approved tools. A named list, each cleared to a specific data sensitivity. This matters all the more as mainstream platforms like Xero, QuickBooks and Dext roll out built-in AI features. Your team may be using AI inside tools you already pay for, without realising those features still fall under your confidentiality and GDPR duties.
• Human review. AI output, whether a client email or a piece of analysis, is checked by a competent person before it is relied on or sent. The accountant is accountable, not the tool.
• Client confidentiality first. Where an engagement or your professional code imposes stricter limits, those win.
• Reporting. A simple, supportive route to flag mistakes early.

ChatGPT and client data: the question everyone asks

The most common question we hear is whether staff can use ChatGPT with client data. The honest answer has nuance, and we have given it a dedicated piece: Can accountants use ChatGPT with client data?. The short version: not in a free consumer account, and only in an approved tool with appropriate data terms, ideally with identifying details stripped out.

Putting it in place

You can build this from scratch, or start from documents written for practices. Our AI Safe-Use Pack for accountants and bookkeepers includes a practice-shaped acceptable use policy, an approved-tools matrix, a risk register, a one-page staff guide and a literacy tracker, all editable. There is a general edition too.

Used well, AI saves a practice real time. The policy is simply what lets you capture that without putting client trust at risk.

This article is general information, not legal or professional advice. Adapt it to your obligations and your professional body’s guidance.