AI Policy Template Library
for Public Safety
Copy-paste starting points for governing AI in a police, sheriff, fire, or dispatch agency. Eight policies, built on the frameworks agencies actually cite: the Policing Project's ten provisions, the NIST AI Risk Management Framework, and IACP guidance.
These are templates, not legal advice. AI law for public safety is moving fast and it differs by state. Before your agency adopts any of this, have your own counsel and your state statutes review it, and fill in every [bracketed] choice for your jurisdiction.
I wrote these to save you the blank page, not to replace your attorney. If they get your agency to a good conversation with your legal team, they did their job.
How to use these
Each policy is self-contained. Copy the ones you need, paste them into your own document, and adapt the bracketed sections. Start with the Master AI Use Policy; it is the umbrella the rest hang from. The tool-specific policies (report writing, facial recognition, license plate readers) sit on top of it for the systems that carry the most risk. Building an AI product for public safety? These work as an internal governance checklist too. That is exactly how I use them at SWORN.
Foundation
Every agency should have both.Master AI Use Policy
The umbrella every other policy hangs from. If your agency adopts nothing else, adopt this. It follows the Policing Project's ten provisions, the closest thing the field has to a consensus starting point.
Purpose
This policy governs the [AGENCY NAME]'s use of artificial intelligence (AI) so that AI supports public safety while protecting civil rights, civil liberties, and public trust.
Scope and Definitions
"AI" means a machine-based technology that infers from the input it receives how to generate outputs, including content, decisions, predictions, or recommendations.
This policy covers AI used to (a) investigate, detect, deter, or respond to criminal activity or other public safety incidents, or (b) create or help create police reports or investigative records. It does not cover purely administrative tools such as scheduling or spell-check. Covered examples include facial recognition, person-based predictive systems, automated license plate readers, and threat-detection systems.
Chief AI Officer
The Agency shall designate a Chief AI Officer (CAIO), who advises leadership on AI use; oversees compliance with this policy; ensures each AI system is evaluated before deployment, including available evidence of accuracy and impact on civil rights and civil liberties; ensures personnel are trained, including how to verify system outputs; responds to grievances from people who believe an AI system harmed them; and manages and can revoke personnel access. The role may be assigned to an existing member or shared among several.
Human Oversight
AI may inform decisions. It does not make them. An AI output is a lead or an aid, never the sole basis for an arrest, a search, a use of force, or any other enforcement action. A trained person reviews and verifies AI output before it is relied upon.
Prohibited Use
No personnel shall use an AI system to target a person or group based on race, ethnicity, religion, or other protected characteristic, unless that characteristic is part of a specific suspect description; or based on expressed or perceived beliefs, absent a plausible basis that the person or group advocates conduct threatening public safety. Any decision to target a geographic area for AI deployment must rest on a sound, nondiscriminatory, evidence-based justification.
Data: Collection, Use, and Retention
For each AI system that collects or analyzes personally identifiable information (PII), the Agency shall document whose data is collected and the conditions under which personnel may access or query it, including any required predicate such as reasonable suspicion or probable cause. The Agency shall retain such data for the shortest practicable period consistent with operational needs and applicable law.
Data Sharing
Before sharing AI data with another agency, the CAIO shall execute a written agreement specifying the data shared, the purpose, the retention period, and any use limits. In exigent circumstances involving a threat to life or serious bodily harm, data may be shared without a prior agreement if the disclosure is documented.
Transparency and Disclosure
The CAIO shall publish an annual AI Inventory (see the Community Transparency policy). When an AI system within scope contributes to an investigation that results in a prosecution, its use shall be disclosed in the casefile submitted to the prosecutor, including the system name and a brief description of its role, so prosecutors can meet their obligations under Brady v. Maryland and state discovery law.
Generative Content
Any report or investigative record created in whole or in part by a content-generating AI system shall carry a disclaimer that it contains AI-generated content and a certification by the submitter that they reviewed it for accuracy (see the Generative AI Report-Writing policy).
Training
No member shall operate a covered AI system before completing training on its proper use, its limits, and how to verify its output.
Auditing and Enforcement
The CAIO or designee shall audit AI system logs at least annually for compliance. Any use of an AI system, or data derived from it, in violation of this policy shall be referred to [Internal Affairs / the head of the Agency] and may result in sanctions up to and including termination.
Review
This policy shall be reviewed at least annually and updated as technology, law, and best practices change.
Adapted from the Policing Project's "Police AI Policies: Ten Key Provisions to Include" (NYU School of Law). Verify against your state law before adopting.
AI Procurement & Vendor Evaluation Standard
Most AI problems are bought, not built. This is the gate: what you demand before a tool ever touches a case.
Purpose
To ensure the [AGENCY NAME] evaluates any AI system for accuracy, bias, security, and civil-liberties impact before acquisition, and holds vendors to enforceable standards.
Scope
Applies to the purchase, trial, pilot, donation, or renewal of any AI system covered by the Master AI Use Policy. No covered AI system, including free trials or donated pilots, may be deployed operationally without review under this standard.
Pre-Acquisition Review
Before acquisition, the Chief AI Officer shall document:
- The specific problem the system is meant to solve and the use cases authorized.
- Available independent evidence of the system's accuracy and error rates, including performance across demographic groups.
- A civil rights and civil liberties impact assessment.
- Whether a less intrusive alternative would meet the need.
Required Vendor Disclosures
The vendor shall provide, in writing:
- A description of the system's function, its training data at a general level, and its known limitations.
- Independent or third-party testing results where they exist; for facial recognition, results from NIST testing.
- Documented error rates and the conditions under which accuracy degrades.
- Notice of material model changes or updates before they take effect.
Contract Requirements
Every contract shall require:
- Audit logging of all system activity, with logs accessible to the Agency.
- Agency ownership of its data, and a prohibition on the vendor using Agency data to train models without written consent.
- Security controls meeting the FBI CJIS Security Policy wherever criminal justice information is involved.
- Breach notification within [X] hours.
- Return or verified deletion of Agency data on termination.
Ongoing Monitoring
The Chief AI Officer shall reassess each system at least annually for accuracy, misuse, and continued fit, and shall suspend any system that fails to meet the standards in this policy.
Approval
No covered AI system shall be acquired or deployed without the written approval of the Chief AI Officer.
Informed by the NIST AI Risk Management Framework and OMB acquisition guidance (M-25-21, M-25-22). Verify against your procurement rules and state law.
Tool-Specific
For the systems that carry the most risk.Generative AI Report-Writing Policy
The one moving fastest, and the one a defense attorney will ask about first. California and Utah already require disclosure and an audit trail. Write it down before you turn it on.
Purpose
To govern AI systems that draft or help draft police reports or investigative records, for example tools that generate a narrative from body-worn camera audio or officer notes, so reports stay accurate, verifiable, and admissible.
Scope
Applies to any AI system that generates or drafts the content of a report or investigative record.
Authorized Use
A member may use an approved generative AI tool to produce a draft narrative. The draft is a starting point, not a finished report.
Mandatory Review and Certification
Before submitting, the member shall read the entire report, correct every error and omission, and confirm it reflects their own account of events. The member shall certify in the record that they reviewed it for accuracy. The submitting member is fully responsible for the report's content, exactly as if they had written every word.
Disclosure
Any report created in whole or in part by generative AI shall include a disclaimer stating that it contains AI-generated content.
Prohibited Use
- Submitting an AI-drafted report without full review and correction.
- Using AI to draft reports for [use-of-force incidents, officer-involved shootings, or other categories the Agency designates], which shall be written by the member unaided.
- Entering information into the tool that the member cannot personally verify.
Records and Audit Trail
The Agency shall retain the source material, for example the body-worn camera audio and the initial AI draft, and a record that AI was used, for at least as long as the report itself is retained, so the process can be audited and disclosed in discovery.
Training
No member shall use a generative report-writing tool before training on its use, its failure modes, and this policy.
California and Utah require AI-use disclosure and an audit trail for AI-assisted reports; other states are following. Confirm your state's current law. Based on the Policing Project generative-AI provision.
Facial Recognition Governance Policy
The highest-stakes tool in the building. The rule that keeps agencies out of the headlines is simple: a match is a lead, never the arrest.
Purpose
To govern the [AGENCY NAME]'s use of facial recognition technology (FRT) so it supports investigations without producing wrongful stops or arrests.
Scope
Applies to any use of FRT to identify or attempt to identify a person.
Authorized Use
FRT may be used only to generate an investigative lead in connection with [a specific case or reasonable suspicion of a crime]. An FRT result is a potential lead and nothing more.
An FRT Result Shall Never Be
- The sole basis for an arrest, detention, search, or any enforcement action.
- Treated as a positive identification or as probable cause on its own.
An FRT lead must be independently corroborated through traditional investigation before any enforcement action.
Human Review
Every candidate result shall be reviewed by a trained examiner. Personnel shall be trained that FRT accuracy can vary across demographic groups and that a returned candidate may be wrong.
Prohibited Use
- Real-time or live mass surveillance of public spaces [unless separately authorized and lawful].
- Identifying people engaged in First Amendment-protected activity based on that activity.
- Immigration enforcement [absent a specific lawful basis and written authorization].
- Personal, harassing, or non-case use.
Logging and Disclosure
Every FRT query shall be logged with the user, date, associated case number, and purpose. FRT use in an investigation leading to prosecution shall be disclosed in the casefile.
Vendor Standards
Systems should be independently tested, for example through the NIST Face Recognition Vendor Test, and the Agency shall document known accuracy and error rates.
Reflects the emerging consensus across IACP, the Policing Project, and state facial-recognition statutes. Several states restrict or ban specific FRT uses; verify your state and local law.
Automated License Plate Reader (ALPR) Data Policy
Cameras that read every plate that passes build a map of where people go. The policy is mostly about how fast you forget.
Purpose
To govern the collection, use, retention, and sharing of automated license plate reader (ALPR) data.
Scope
Applies to all ALPR systems operated by or accessed by the [AGENCY NAME].
Authorized Use
Personnel may query ALPR data only in connection with [a specific investigation, active case, or legitimate law enforcement purpose with a documented nexus]. Each query shall record the user, the case or reason, and the date.
Prohibited Use
- Querying or tracking a person based on race, religion, or First Amendment-protected activity.
- Personal use, or use to monitor any person absent a legitimate law enforcement purpose.
Retention
Detection data that is not linked to an active investigation or a hit shall be retained no longer than [30 / 60 / 90] days, then purged. Data tied to an investigation follows the applicable evidence-retention schedule.
Access and Audit
Access shall be limited to trained, authorized personnel. All queries are logged and audited at least annually by the Chief AI Officer.
Data Sharing
ALPR data shall be shared with another agency only under a written agreement specifying the data, purpose, retention, and use limits. [The Agency does not share ALPR data with federal immigration authorities absent a lawful basis and written authorization.]
Built on the Policing Project data-collection, retention, and sharing provisions. ALPR retention limits are set by statute in several states; verify yours.
Staff Generative AI Use Policy
Your people are already pasting things into ChatGPT. This decides what they can, and what would put case data on someone else's server.
Purpose
To govern personnel use of public or commercial generative AI tools, for example ChatGPT, Copilot, or Gemini, for work other than official report writing.
Scope
Applies to all [AGENCY NAME] personnel using any generative AI tool that is not hosted and controlled by the Agency.
Approved Tools
Personnel shall use only generative AI tools approved by the Chief AI Officer. [List approved tools.]
Prohibited Inputs
Personnel shall never enter the following into a public or commercial AI tool:
- Criminal justice information (CJI) or criminal history record information, as defined by the FBI CJIS Security Policy.
- Personally identifiable information about victims, suspects, witnesses, or officers.
- Case facts, investigative details, or evidence, including body-worn camera content.
- Anything sealed, protected by law, or otherwise non-public.
Treat anything entered into a public tool as if it were posted publicly and stored permanently.
Acceptable Use
Approved tools may be used for general, non-sensitive work such as drafting training material, summarizing public documents, or general research, provided the member verifies all output before relying on it. AI output is a draft, not a source of truth.
Accountability
Members are responsible for anything they produce with an AI tool. Violations are handled under [the Agency disciplinary policy].
Anchored to the FBI CJIS Security Policy. Confirm your state CJIS requirements and any commercial tool's data-handling terms.
Governance
The parts that make the rest real.Community Transparency & Public AI Inventory
Trust is cheaper to keep than to rebuild. Tell the public what you use before someone files a records request and tells them for you.
Purpose
To maintain public trust by disclosing what AI the [AGENCY NAME] uses and why.
Annual Public AI Inventory
At least annually, the Chief AI Officer shall publish a public AI Inventory listing, for each covered AI system:
- The vendor and product name, if any.
- A brief description of its function and capabilities.
- A brief description of the data it collects or analyzes.
- The purposes for which its use is authorized.
Annual Report
The Agency shall publish an annual summary including aggregate usage, the results of the yearly audit, and the number and disposition of AI-related complaints.
Notice Before Adoption
Before deploying a new high-impact AI technology [such as facial recognition, predictive systems, or real-time surveillance], the Agency shall [provide public notice and an opportunity for community input / seek approval from its governing body], consistent with local law.
Point of Contact
The Agency shall publish a way for the public to ask questions or raise concerns about its AI use, directed to the Chief AI Officer or designee.
Built on the Policing Project AI Inventory provision and community-oversight models such as CCOPS. Some jurisdictions mandate surveillance-technology approval; verify local law.
AI Audit & Accountability Policy
A policy no one checks is a press release. This is the part that makes the rest real.
Purpose
To verify that the [AGENCY NAME] uses AI in compliance with policy and law, and to correct and disclose failures.
Logging
Every use of a covered AI system shall be logged, capturing at minimum the user, the date and time, the system used, the associated case or purpose, and the disposition of the output.
Annual Audit
At least annually, the Chief AI Officer or designee shall audit AI logs for compliance, review a sample of uses to confirm human verification occurred, and monitor for accuracy and disparate impact across demographic groups.
Incident Disclosure
Errors, misuse, or breaches involving an AI system shall be documented and reported to the Chief AI Officer. Where an AI error may have affected a person's rights or a legal proceeding, the Agency shall disclose it to [the prosecutor and affected parties, as required by law].
Enforcement
Violations shall be referred to [Internal Affairs / the head of the Agency] and may result in sanctions up to and including termination, and revocation of AI system access.
Grievance and Redress
Any person who believes an AI system harmed them may file a complaint with the Chief AI Officer, who shall investigate and take appropriate action. Complaints and their disposition are recorded and reflected in the annual report.
Recordkeeping
Audit records shall be retained for [X years] consistent with the Agency's records-retention schedule.
Built on the Policing Project auditing provision and the NIST AI RMF "Manage" function. Verify against your records-retention schedule and disclosure obligations.