Skip to main content
← Back to blog

By Evoloop

/

11 July 2026

/

9 min read

/Shadow AI

Banning AI at work does not work. Here is what does.

When you find out that staff are pasting work into consumer AI tools, the first instinct is almost always the same: ban it. Block the domains, add a line to the handbook. It feels decisive, and for a day it feels like the problem is solved. It is not. The tools are free, genuinely useful, and reachable from any personal phone in the building. A ban does not remove them from the equation. It removes them from your view. This post is the sequel to an earlier one on this site about what shadow AI is and why regulated firms carry more of its risk, at /blog/shadow-ai-professional-services. That post made the case that the danger is not usage but the absence of visibility. This one takes the next step: why the obvious fix makes that absence worse, and what a policy that actually holds looks like instead.

Why the ban is the instinctive answer

The appeal of a ban is that it is legible. It draws a clear line, it assigns blame if the line is crossed, and it lets a business tell a client or a regulator that a rule exists. Those are real things. The trouble is that a rule against a tool only works if the tool is hard to reach. A ban on specialist software your company alone licenses is enforceable, because there is one door and you control it. A ban on tools that anyone can open in a browser tab or a phone app, for free, in under a minute, is a different kind of thing. You are not closing a door. You are asking people not to walk through one that stays wide open all day.

The evidence says people do not stop. They hide.

Start with how many people are already using these tools. Microsoft and LinkedIn's 2024 Work Trend Index, which surveyed 31,000 knowledge workers across 31 countries, found that 75% of knowledge workers already use AI at work, and that 78% of AI users arrive with tools of their own choosing, not ones the business picked. That second number is the important one. Adoption is not something you get to decide to begin. For most businesses it has already begun, from the bottom up, on tools nobody signed off.

Now look at what people do when the ground is uncertain. The same Microsoft and LinkedIn report found that 52% of people who use AI at work are reluctant to admit using it for their most important tasks. A larger study points the same way. KPMG and the University of Melbourne's global study "Trust, attitudes and use of AI", published in 2025 and covering more than 48,000 people across 47 countries, found that 57% of employees say they hide their AI use and present AI-generated work as their own, and that almost half admit using AI in ways that go against company policy, including uploading sensitive company information to free public tools. Read those together and the picture is uncomfortable: a workforce that already leans toward secrecy about AI, and that already breaks policy where policy exists.

The last piece is what people say they would do if you tried to stop them. Software AG's 2024 survey of 6,000 knowledge workers across the US, UK, and Germany found that half of employees use AI tools their company did not issue, and that 46% say they would keep using personal AI tools even under a complete ban. That is not a fringe of rule-breakers. It is close to half the surveyed workforce telling you in advance that the ban will not reach them.

The canonical ban, and what a ban structurally cannot do

The best-known example is Samsung. In May 2023, as reported by Bloomberg, engineers pasted internal source code into ChatGPT, and Samsung responded by banning generative AI on company devices, with disciplinary consequences for breaches. It is worth being fair about what that ban does and does not achieve. Restricting the tool on company devices genuinely closes one channel: the corporate laptop is no longer a route for pasting proprietary code into a public tool. That is a real control and the response was not unreasonable. The honest point is narrower. A ban on company devices addresses the leak channel it can see, and it pushes the usage it cannot see onto personal phones and home machines, where there is nothing to log and no way to know it is happening. The claim here is not that Samsung's ban failed. It is that a ban, by its nature, can only act on the surface it controls, and the surface it does not control is exactly where the hidden usage goes.

Why bans fail: the maths of visibility

Put the structural point plainly. Before a ban, some usage is known and some is hidden. A ban does not delete the usage. It moves the known part into the hidden part. What you are left with is a business where more AI use than before is happening on personal devices you cannot see, with no logs of what was asked, no data-handling contract behind the tool, and no way to answer the one question that matters when a client or the ICO asks it: what has been pasted where. Before the ban you at least had partial sight. After it you have a clean conscience on paper and less visibility in practice. The hiding figures make this worse, not better. A workforce where 52% already will not admit AI use on important tasks, and where 57% say they pass AI work off as their own, does not respond to a ban by stopping. It responds by getting quieter.

A ban does not reduce AI usage. It reduces the share of usage you can see. You trade a visibility problem you can manage for a blindness problem you cannot.

What works instead: a policy in three parts

The alternative to a ban is not a shrug. It is to make the safe path the easy path, so that the tool people reach for is one you can actually stand behind. That takes three things, and none of them is a large technology project.

1. One approved tool on a business contract

Pick one tool and put it on a proper footing: a paid tier or an API agreement where the provider commits contractually not to train on your data, a data processing agreement is in place, and data residency can be chosen. This is the part that most often gets misunderstood. The difference between a consumer free tier and a business contract tier is not the quality of the answers or a nicer interface. It is contractual. The free tier and the paid tier can be the same model behind the glass, but only one of them comes with a written promise about what happens to what you type. Giving staff an approved tool is not about generosity. It is about having somewhere safe for them to go, so that "do not use AI" stops being the only official answer and stops being the thing everyone quietly ignores.

2. Written rules staff can actually follow

A policy that cannot be remembered is not a policy. The core of a good one is a short never-paste list: the categories of information that must never go into any AI tool, approved or not.

  • Client personal data and contact details.
  • Pricing, supplier terms, and anything commercially sensitive.
  • Contracts and draft contracts.
  • Credentials, passwords, and access details.
  • Anything with a regulatory obligation attached to it.

Alongside the never-paste list, name the allowed uses clearly, so the document is permission as well as restriction: drafting and rewriting, summarising public material, first-pass translations, and similar low-stakes work on information that is not confidential. The whole thing should fit on one page, and staff should sign it. A one-page rule that people read and remember beats a ten-page policy that lives unread in a shared drive.

3. Training, plus visibility that is proportionate

The third part is teaching people what the tool is good at, what it is bad at, and why the rules exist. People follow rules they understand and route around rules they were only handed. An hour that covers where the tool tends to be confidently wrong, why pasting a client file is different from pasting a public web page, and what the never-paste list is protecting will do more than any block list.

On monitoring, the right posture is set by the ICO's Employment practices: monitoring workers guidance, published in October 2023. It holds that monitoring must be necessary and proportionate, that workers must be told what is monitored and why, and that covert monitoring is justifiable only in exceptional circumstances. Applied here, that means seeing usage patterns and policy breaches at the level of the approved tool, not reading everyone's prompts over their shoulder. You want to know that the approved tool is being used and roughly how, and to be alerted to a breach of the rules. You do not need, and should not want, to read the content of individual staff conversations unless there is specific cause, and then only through a named person following a defined process. Visibility is the goal. Surveillance is a different thing and a worse one.

This is a fix a business can make in weeks

None of this is a build. A one-page policy, one approved tool on a business contract, and an hour of training is a modest, mostly organisational change that a business can put in place in weeks rather than months. The UK gap here is not appetite, it is follow-through. The CIPD's Labour Market Outlook for Autumn 2025 found that 61% of UK organisations allow staff to use generative AI for work, but only 31% had developed a formal generative AI policy in the past 12 months, up from 16%. Permission is racing ahead of the rules that should sit under it. Closing that gap is not expensive and it is not slow.

It also does something quieter. A business that already has an approved tool, a rule staff sign, and a proportionate sense of what visibility means has had the hard conversations. If it later builds tools or agents of its own, the habits are already in place: approved routes, clear rules, and a log of what happened.

The honest caveats

Three things need saying plainly, or this reads as a sales pitch rather than advice. First, an approved tool does not make every use of it safe. The never-paste list still applies inside the approved tool, because a business contract governs what the provider may do with your data, not what your staff should be sharing in the first place. Second, a policy without training becomes shelf-ware. The document is the smaller half of the job; the hour explaining it is what makes it real. Third, none of this is legal advice. A firm with specific regulatory obligations should check its own regulator's guidance, because the rules that bind a law firm, an accountancy practice, or a healthcare provider go beyond anything a general policy can cover.

The instinct to ban comes from a good place: a wish to protect the business and the people who trust it with their data. The problem is only that a ban protects the paperwork while leaving the practice untouched. An approved tool, a rule people can follow, and a proportionate view of how it is used protects the practice. That is the trade worth making.

If you are staring at shadow AI in your business and a ban is the only option on the table, a short call is a good place to pressure-test that. Thirty minutes is enough to talk through what an approved tool, a one-page rule, and proportionate visibility would look like for your firm, and where your regulatory obligations change the answer.

Ready to explore AI for your business?

Three ways to get started:

  • Book a Workflow Review - 30-minute assessment of where AI fits your practice
  • Get in touch - Evoloop responds within one working day
  • See Evoloop's services - structured scoping and builds