Your UK Compliance Policies, Personalised and Always Current

UK regulations do not stand still. Employment law, GDPR, the EU AI Act, and sector guidance change every year. When they do, your policies need to change with them, or your organisation is exposed.

CompanyPolicies.co.uk delivers personalised, legally grounded compliance policy documents for UK organisations. Answer a 15-minute questionnaire. Receive a complete suite of professionally formatted PDF policies, built around your specific organisation. Subscribe, and they stay current as UK law evolves.

No generic templates. No legal jargon to decode. No waiting weeks for a solicitor.

45Policies in the Standard Suite
Built in 15 Minutes
Kept Current with UK Law

Not ready for the full suite? Buy one policy from £59. No subscription.

or

Runs the full questionnaire using sample data for a fictional UK company. Generates real policy documents so you can see exactly what you receive before buying. No payment, no account required.

Have a beta code?

A product of AI-Si.com — UK specialists in AI governance, risk and compliance Policies aligned to UK GDPR, Employment Rights Act, Equality Act 2010, EU AI Act and ICO guidance Secure payment via Stripe

Why UK organisations cannot afford to run on outdated compliance policies

A disciplinary without a current disciplinary policy. A data breach without a documented data protection framework. An AI tool in production with no governance policy in place. These are not hypothetical situations. They happen to UK businesses every week, and when they do, the cost is not just financial.

Regulators, employment tribunals, and auditors do not accept 'we meant to update it' as a defence. They look for evidence that you had the right policies in place, that they reflected current law, and that your staff knew about them.

The problem is not that organisations do not care about compliance. The problem is that maintaining a current, personalised policy suite is time-consuming, expensive, and requires specialist knowledge most businesses do not have in-house.

A solicitor charges £200 to £400 per hour. A compliance consultant charges more. And neither of them will update your policies automatically when the law changes next quarter.

Most organisations discover this gap after a tribunal, an ICO inquiry, or a failed procurement audit. By then, the cost of not having the right policies in place is already being counted.

CompanyPolicies.co.uk exists to change that.

From questionnaire to personalised UK compliance policies in three steps

Answer a 15-minute questionnaire

Tell us about your organisation. Your sector, size, structure, and the specific circumstances that shape your compliance obligations. The questionnaire covers 11 sections. It takes most people 12 to 18 minutes. Every answer personalises your output.

Receive your personalised policy documents

Your responses generate a full set of compliance policies, written in plain English, personalised with your organisation's name, structure, and relevant details. Every policy is delivered as a professionally formatted PDF, ready to adopt and distribute.

Stay current with Compliance Currency

UK law changes. Regulations evolve. Subscribe and your policies are updated automatically when the legal landscape shifts. You receive a plain-English quarterly briefing telling you exactly what changed, which of your policies were affected, and what action, if any, is required.

How we compare to the alternatives

Feature Traditional Solicitor Template Download Site DIY CompanyPolicies.co.uk
Personalised to your organisation Yes No Partial Yes
Updated when UK law changes No No No Yes
Ready in under 30 minutes No Yes Partial Yes
45+ UK compliance policy areas covered Yes No No Yes
Plain English — no jargon to decode No Partial Partial Yes
Quarterly regulatory briefings included No No No Yes
Typical cost £5,000–£20,000+ £50–£200 Staff time only From £59

What UK compliance policies are included in your suite

Every policy is personalised to your organisation. Browse by category below to see exactly what you receive. Click any category to expand it and reveal each policy.

No policies found Try a different search term, or to see all policies.
HR and Employment Policies 12 policies

HR and Employment Policies

Employment law is the highest-risk area for most UK organisations. A single procedural failure in a disciplinary, a dismissal, or a grievance can result in an employment tribunal claim. These policies give HR managers, line managers, and senior leaders the framework to act consistently, fairly, and within the law.

Disciplinary and Grievance Policy

Disciplinary and Grievance Policy

A combined Disciplinary and Grievance Policy sets out the process your organisation follows when employee conduct or performance falls below the required standard, and gives employees a formal route to raise workplace concerns. It defines the stages of action from informal discussion through to formal warnings and dismissal, and sets timescales, decision-making authority, and appeal rights at each stage. Without a current policy aligned to the ACAS Code of Practice, any dismissal you make is vulnerable at tribunal. Delivered as a professionally formatted PDF, personalised to your organisation.

Performance and Capability Policy

Performance and Capability Policy

A Performance and Capability Policy sets out how your organisation identifies, addresses, and documents underperformance. It creates a clear framework for line managers, protects the organisation when performance-related dismissal becomes necessary, and demonstrates to regulators that decisions were fair, documented, and process-driven. Delivered as a professionally formatted PDF, personalised to your organisation.

Recruitment and Selection Policy

Recruitment and Selection Policy

A Recruitment and Selection Policy defines how your organisation attracts, assesses, and appoints candidates in a way that is fair, consistent, and defensible. It addresses equality obligations under the Equality Act 2010, data handling obligations under UK GDPR, and the practical steps that reduce the risk of a successful discrimination claim. Delivered as a professionally formatted PDF, personalised to your organisation.

Anti-Bullying and Harassment Policy

Anti-Bullying and Harassment Policy

Following the Worker Protection (Amendment of Equality Act 2010) Act 2023, employers now have a positive duty to take reasonable steps to prevent sexual harassment in the workplace. This policy sets out definitions, reporting routes, investigation procedures, and the organisation's zero-tolerance position. Delivered as a professionally formatted PDF, personalised to your organisation.

Absence and Sickness Policy

Absence and Sickness Policy

An Absence and Sickness Policy defines how your organisation manages short-term and long-term sickness, return-to-work processes, Statutory Sick Pay obligations, and the point at which capability procedures may begin. It gives line managers a consistent framework and protects the organisation from claims that sickness-related dismissals were unfair or discriminatory. Delivered as a professionally formatted PDF, personalised to your organisation.

Flexible Working Policy

Flexible Working Policy

Since April 2024, UK employees have the right to request flexible working from day one of employment. This policy sets out the process for making and responding to requests, the grounds on which requests can lawfully be refused, and the appeal rights available. Organisations without an updated policy are already non-compliant with current law. Delivered as a professionally formatted PDF, personalised to your organisation.

Maternity, Paternity and Family Leave Policy

Maternity, Paternity and Family Leave Policy

A Family Leave Policy covers maternity leave, paternity leave, shared parental leave, adoption leave, and parental bereavement leave. It sets out entitlements, notification requirements, return-to-work arrangements, and the interaction between statutory and enhanced leave provisions. This policy is frequently scrutinised during employment disputes and is expected by any regulated sector client or public sector commissioner. Delivered as a professionally formatted PDF, personalised to your organisation.

Whistleblowing Policy

Whistleblowing Policy

The Public Interest Disclosure Act 1998 protects workers who disclose information about wrongdoing. This policy sets out the categories of protected disclosure, the reporting routes available to employees, the protections against retaliation, and the process for investigating disclosures. It is a requirement for many regulated sectors and an expectation of good governance in all others. Delivered as a professionally formatted PDF, personalised to your organisation.

Code of Conduct

Code of Conduct

A Code of Conduct sets out the standards of behaviour expected of everyone in your organisation. It addresses conflicts of interest, gifts and hospitality, professional conduct, use of company resources, and conduct outside of work that may reflect on the organisation. Senior leaders use it to set the tone from the top; HR managers use it as the foundation for disciplinary action. Delivered as a professionally formatted PDF, personalised to your organisation.

Remote and Hybrid Working Policy

Remote and Hybrid Working Policy

Remote and hybrid working creates new obligations around health and safety, data security, equipment provision, and performance management. This policy defines the terms under which home and remote working is permitted, the responsibilities of the employer and employee, and the standards that apply regardless of location. Delivered as a professionally formatted PDF, personalised to your organisation.

Right to Work Policy

Right to Work Policy

A Right to Work Policy defines the process for checking and documenting that employees and contractors have the legal right to work in the UK before employment begins. It sets out the acceptable document types, the verification process, the record-keeping obligations, and the steps required when a right to work check cannot be completed. Non-compliance carries civil penalties of up to £60,000 per illegal worker. Delivered as a professionally formatted PDF, personalised to your organisation.

Employee Contracts Policy

Employee Contracts Policy

An Employee Contracts Policy sets out the terms and conditions of employment, the rights and obligations of employer and employee, and the process for varying contractual terms. It provides the foundation for all employment relationships within the organisation and is the first document examined in any employment dispute. Delivered as a professionally formatted PDF, personalised to your organisation.

Corporate Governance Policies 7 policies

Corporate Governance Policies

Governance policies define how your organisation makes decisions, manages risk, and accounts for its actions. They are the foundation on which regulators, auditors, investors, and commissioners base their trust. For senior leaders and boards, these policies are legal protection.

Corporate Governance Policy

Corporate Governance Policy

A Corporate Governance Policy sets out the composition, responsibilities, decision-making authority, and accountability mechanisms of the board or leadership team. It defines quorum, voting procedures, conflicts of interest management, and the boundaries between governance and operational management. It is the foundational document for any organisation seeking to demonstrate that it is governed, not just managed. Delivered as a professionally formatted PDF, personalised to your organisation.

Risk Management Policy

Risk Management Policy

A Risk Management Policy establishes how your organisation identifies, assesses, prioritises, and mitigates risk. It defines the risk appetite of the organisation, the ownership of risk registers, the escalation process for material risks, and the reporting obligations to the board. Any UK organisation without a current risk management policy is operating below the governance standard expected by insurers, commissioners, and regulators. Delivered as a professionally formatted PDF, personalised to your organisation.

Conflict of Interest and Gifts Policy

Conflict of Interest and Gifts Policy

A combined Conflict of Interest and Gifts Policy defines what constitutes a conflict, how it must be disclosed, who holds the register, and what happens when a conflict is identified. It also defines the thresholds, approval processes, and recording obligations that apply when employees give or receive gifts, entertainment, or hospitality. It is a requirement under the Companies Act 2006 for directors and under the Bribery Act 2010 for all organisations. Delivered as a professionally formatted PDF, personalised to your organisation.

Anti-Bribery and Corruption Policy

Anti-Bribery and Corruption Policy

The Bribery Act 2010 creates criminal liability for UK organisations that fail to prevent bribery, including bribery by associated persons acting on their behalf. This policy demonstrates the adequate procedures defence the Act requires. Without it, a conviction is possible even if senior leaders had no knowledge of the bribery. Delivered as a professionally formatted PDF, personalised to your organisation.

Financial Management Policy

Financial Management Policy

A Financial Management Policy sets out the authorisation levels, segregation of duties, procurement thresholds, and oversight mechanisms that govern how money moves in and out of the organisation. It is a foundational requirement for audit readiness, a key signal of governance maturity for investors and lenders, and a practical protection against fraud. Delivered as a professionally formatted PDF, personalised to your organisation.

Document Retention and Management Policy

Document Retention and Management Policy

UK law requires organisations to retain certain categories of document for defined minimum periods and to dispose of them securely when those periods expire. This policy maps those obligations, assigns ownership, and sets the process for secure disposal. It is a prerequisite for UK GDPR compliance and a practical requirement for any organisation subject to Freedom of Information obligations or litigation risk. Delivered as a professionally formatted PDF, personalised to your organisation.

Internal Audit Policy

Internal Audit Policy

An Internal Audit Policy defines the scope, authority, independence, and reporting obligations of the internal audit function. It sets out how the organisation assesses the effectiveness of its controls, identifies compliance gaps, and reports findings to the board. For regulated sector organisations and public bodies, an Internal Audit Policy is a standard governance requirement and is reviewed by external auditors and inspectors as evidence of assurance activity. Delivered as a professionally formatted PDF, personalised to your organisation.

Data Protection and Privacy Policies 4 policies

Data Protection and Privacy Policies

UK GDPR is not optional, it is not aspirational, and it is not something you can address after a breach. The ICO enforces it. Employment tribunals consider it. Commissioners require it. These policies give your organisation the documented framework to demonstrate compliance and to respond effectively when something goes wrong.

Data Governance Policy

Data Governance Policy

A Data Governance Policy sets out your organisation's commitment to processing personal data lawfully, fairly, and transparently, in accordance with the UK General Data Protection Regulation and the Data Protection Act 2018. It defines the roles of data controller and data processor, the lawful bases your organisation relies upon, the rights of data subjects, and the obligations of staff. The ICO expects every organisation that processes personal data to have a current, documented policy. Delivered as a professionally formatted PDF, personalised to your organisation.

Data Breach Notification Policy

Data Breach Notification Policy

A Data Breach Notification Policy defines how your organisation detects, contains, assesses, and reports data breaches. Under UK GDPR, breaches likely to result in a risk to individuals must be reported to the ICO within 72 hours of discovery. Without a documented response process, organisations frequently report late, report incorrectly, or fail to report at all. All three outcomes carry regulatory risk. Delivered as a professionally formatted PDF, personalised to your organisation.

Compliance Framework Policy

Compliance Framework Policy

A Compliance Framework Policy defines how your organisation identifies its regulatory and legal obligations, assigns ownership for compliance activities, monitors adherence, and reports compliance status to the board. It is the structural document that brings together your data protection, employment, health and safety, financial, and sector-specific obligations into a single, governed framework. Delivered as a professionally formatted PDF, personalised to your organisation.

Confidentiality and Trade Secrets Policy

Confidentiality and Trade Secrets Policy

A Confidentiality and Trade Secrets Policy defines what information your organisation considers confidential, the obligations of employees to protect that information, the permitted and prohibited uses of confidential data, and the consequences of breach. It underpins non-disclosure agreements, post-termination restrictions, and the protection of commercially sensitive information from departing employees. Delivered as a professionally formatted PDF, personalised to your organisation.

AI Governance Policies 5 policies

AI Governance Policies

AI is already inside your organisation. Without governance policies, those tools operate without oversight, accountability, or legal protection. The EU AI Act is now in force for UK organisations selling into the EU. The ICO has published AI-specific guidance. Governance is a current legal and operational obligation.

AI Governance Policy

AI Governance Policy

An AI Governance Policy establishes the board-level framework for how your organisation develops, procures, deploys, and monitors artificial intelligence systems. It defines accountability, sets the risk appetite for AI use, and creates the oversight mechanisms that regulators and auditors expect to see. For any organisation using AI in decisions that affect employees, customers, or service users, this policy is essential. Delivered as a professionally formatted PDF, personalised to your organisation.

Acceptable Use of AI Policy

Acceptable Use of AI Policy

An Acceptable Use of AI Policy tells your staff which AI tools they are permitted to use, under what conditions, and with what safeguards. It addresses the use of generative AI tools such as ChatGPT, Copilot, and Gemini, the handling of confidential data within AI platforms, the ownership of AI-generated outputs, and the human review requirements that apply before AI-generated content is used or published. Delivered as a professionally formatted PDF, personalised to your organisation.

AI Risk Assessment Framework

AI Risk Assessment Framework

An AI Risk Assessment Framework provides a structured process for evaluating the risks associated with each AI system your organisation uses or deploys. It maps each system against a risk classification, identifies the controls required, assigns ownership, and establishes the monitoring and review cycle. It is aligned to the EU AI Act risk taxonomy and the ICO's guidance on AI and data protection. Delivered as a professionally formatted PDF, personalised to your organisation.

AI Ethics Policy

AI Ethics Policy

An AI Ethics Policy sets out the principles that govern how your organisation approaches the development and use of artificial intelligence. It addresses fairness and bias, transparency and explainability, human oversight, privacy by design, and accountability for AI-driven decisions. It is increasingly requested by public sector commissioners and regulated sector clients as a condition of contract. Delivered as a professionally formatted PDF, personalised to your organisation.

Automated Decision-Making Policy

Automated Decision-Making Policy

Under UK GDPR Article 22, individuals have rights in relation to automated decision-making that produces significant effects. This policy defines which decisions in your organisation are made algorithmically, the safeguards in place, the rights of individuals to request human review, and the documentation required to demonstrate compliance. This is a live legal obligation for any organisation using scoring, screening, or recommendation systems. Delivered as a professionally formatted PDF, personalised to your organisation.

IT and Information Security Policies 6 policies

IT and Information Security Policies

Cyber incidents are the most common cause of regulatory investigation for UK SMEs. The ICO receives thousands of data breach notifications per year, many from preventable failures in IT security policy. These policies give your IT team, senior leaders, and staff the framework to operate securely and to demonstrate that security is governed, not assumed.

Information Security Management System Policy

Information Security Management System Policy

An Information Security Management System Policy sets out the principles, obligations, and controls that govern how your organisation protects its information assets. It defines the classification of data, the access control principles, the acceptable use of systems, and the incident reporting obligations of all staff. It is the foundational document for ISO 27001 readiness, Cyber Essentials certification, and ICO compliance. Delivered as a professionally formatted PDF, personalised to your organisation.

IT, Email and Internet Policy

IT, Email and Internet Policy

An IT, Email and Internet Policy defines how employees may and may not use your organisation's IT systems, networks, devices, and data. It covers personal use, social media, email, software installation, and the use of personal devices for work purposes. It is a prerequisite for taking disciplinary action following a security incident or policy breach, and a baseline expectation for any cyber insurance policy. Delivered as a professionally formatted PDF, personalised to your organisation.

Business Continuity Policy

Business Continuity Policy

A Business Continuity Policy defines how your organisation will maintain critical operations and recover systems following a disruptive event, whether that is a cyber attack, a fire, a system failure, or a pandemic. It maps critical functions, defines recovery time objectives, assigns ownership, and sets the testing cycle. Insurers, commissioners, and regulated sector clients routinely require evidence that this policy exists and is current. Delivered as a professionally formatted PDF, personalised to your organisation.

Supplier and Vendor Management Policy

Supplier and Vendor Management Policy

Under UK GDPR, your organisation retains liability for the data processing activities of the processors you appoint. This policy defines the due diligence process for selecting suppliers, the contractual requirements for data processors, the access controls that apply to third parties, and the review and exit processes. Supply chain attacks are now the most common vector for large-scale data breaches. Delivered as a professionally formatted PDF, personalised to your organisation.

Policy Management Framework

Policy Management Framework

A Policy Management Framework defines how your organisation creates, reviews, approves, communicates, and retires policies. It assigns ownership for the policy lifecycle, sets the review cycle for each policy type, and ensures that staff always have access to current, approved versions. Without a policy management framework, organisations accumulate outdated policies that create compliance gaps and legal exposure. Delivered as a professionally formatted PDF, personalised to your organisation.

Drugs and Alcohol Policy

Drugs and Alcohol Policy

A Drugs and Alcohol Policy defines the organisation's position on substance use in the workplace and its impact on safety and performance. It sets out the testing provisions where appropriate, the support available to employees with dependency issues, and the disciplinary framework that applies when substance use affects work. It is essential for organisations in safety-critical sectors and a governance baseline for all others. Delivered as a professionally formatted PDF, personalised to your organisation.

Health, Safety and Wellbeing Policies 2 policies

Health, Safety and Wellbeing Policies

Under the Health and Safety at Work Act 1974, every employer has a duty to protect the health, safety, and welfare of employees. These policies are the documented evidence that your organisation takes that duty seriously and that when something goes wrong, you had the right processes in place.

Health and Safety Policy

Health and Safety Policy

A Health and Safety Policy is a legal requirement for all organisations with five or more employees. It sets out the responsibilities of the employer and employees, the processes for identifying and managing hazards, the arrangements for accident reporting, and the emergency procedures in place. Organisations without a current Health and Safety Policy face HSE enforcement action and potential criminal liability. Delivered as a professionally formatted PDF, personalised to your organisation.

Occupational Health Policy

Occupational Health Policy

An Occupational Health Policy sets out your organisation's commitment to supporting the physical and mental health of employees in the workplace. It defines the access arrangements for occupational health services, the process for managing fitness-for-work assessments, the interface with absence management and capability procedures, and the reasonable adjustments framework that operates alongside your equality obligations under the Equality Act 2010. Delivered as a professionally formatted PDF, personalised to your organisation.

Environmental and Sustainability Policies 2 policies

Environmental and Sustainability Policies

Environmental compliance is no longer a reporting exercise. It is a competitive differentiator, a procurement requirement, and for a growing number of UK organisations a regulatory obligation. Commissioners, investors, and large clients increasingly require evidence of documented environmental commitments before awarding contracts.

Environmental and Sustainability Policy

Environmental and Sustainability Policy

An Environmental and Sustainability Policy sets out your organisation's commitment to managing its environmental impact, the measures it takes to reduce emissions, waste, and resource use, and the responsibilities of leadership and staff in achieving those goals. It is a requirement for ISO 14001 certification, a standard expectation in public sector procurement, and a signal to clients, investors, and staff that the organisation takes its environmental responsibilities seriously. Delivered as a professionally formatted PDF, personalised to your organisation.

Modern Slavery and Human Trafficking Policy

Modern Slavery and Human Trafficking Policy

Under the Modern Slavery Act 2015, organisations with an annual turnover above £36 million are required to publish an annual Modern Slavery Statement. This policy documents the risk assessment process, the due diligence steps taken across the supply chain, the training provided to staff, and the governance and approval process for the annual statement. For organisations supplying public contracts, compliance is a standard procurement requirement regardless of turnover. Delivered as a professionally formatted PDF, personalised to your organisation.

Financial and Commercial Policies 3 policies

Financial and Commercial Policies

Financial policies protect your organisation from fraud, regulatory breach, and financial mismanagement. They are the documents your auditors want to see, your insurers expect to exist, and your board should be reviewing annually.

Expenses and Travel Policy

Expenses and Travel Policy

An Expenses and Travel Policy defines which business expenses can be claimed, at what levels, by whom, and through what process. It prevents HMRC compliance failures, reduces the risk of fraudulent claims, and removes the grey areas that generate internal conflict. Without a documented expenses policy, every disputed claim is a potential disciplinary issue without a clear framework to resolve it. Delivered as a professionally formatted PDF, personalised to your organisation.

Pension and Benefits Policy

Pension and Benefits Policy

A Pension and Benefits Policy sets out the pension arrangements in place, the auto-enrolment obligations under the Pensions Act 2008, the contribution levels for employer and employee, and the additional benefits available. It provides clarity for employees and protects the organisation from disputes about entitlement. Compliance with auto-enrolment is monitored by The Pensions Regulator and non-compliance carries escalating civil penalties. Delivered as a professionally formatted PDF, personalised to your organisation.

Secondment and Loan Policy

Secondment and Loan Policy

A Secondment and Loan Policy defines the terms under which employees may be seconded to another organisation or department, the obligations of both the host and the home employer during the secondment, and the rights of the employee on return. It reduces the legal ambiguity that arises when employment relationships temporarily span two organisations and is particularly relevant for group structures, joint ventures, and public sector partnership arrangements. Delivered as a professionally formatted PDF, personalised to your organisation.

Diversity, Inclusion, Equality and Communications 4 policies

Diversity, Inclusion, Equality and Communications

These policies are required by law, expected by commissioners, and valued by the people you want to attract and retain. They also govern how your organisation communicates with the outside world, because every public statement carries reputational and legal weight.

Equality and Diversity Policy

Equality and Diversity Policy

An Equality and Diversity Policy sets out your organisation's commitment to treating all employees and applicants fairly, regardless of the nine protected characteristics defined by the Equality Act 2010. It is one of the policies most frequently requested by clients, commissioners, and public sector procurement teams. Without it, you may be ineligible for contracts, tenders, and framework agreements. Delivered as a professionally formatted PDF, personalised to your organisation.

Gender Pay Gap Reporting Policy

Gender Pay Gap Reporting Policy

Under the Equality Act 2010 (Gender Pay Gap Information) Regulations 2017, organisations with 250 or more employees are required to publish annual gender pay gap data. This policy defines the data collection process, the analysis methodology, the publication obligations, and the action plan for closing any identified gap. For organisations approaching the threshold, having this policy in place before it becomes mandatory demonstrates governance maturity. Delivered as a professionally formatted PDF, personalised to your organisation.

Social Media Policy

Social Media Policy

A Social Media Policy defines how employees may represent your organisation on social media, what they may and may not share, and how they should handle negative or sensitive content. It addresses personal accounts as well as corporate ones and provides a framework for managing reputational risk in an environment where a single post can define public perception overnight. Delivered as a professionally formatted PDF, personalised to your organisation.

Media and Communications Policy

Media and Communications Policy

A Media and Communications Policy defines the process for handling media enquiries, the authorisation process for public statements, the crisis communications protocol, and the responsibilities of designated spokespersons. Senior leaders and communications teams rely on it to ensure that public statements are consistent, accurate, and approved, particularly during periods of organisational pressure or regulatory scrutiny. Delivered as a professionally formatted PDF, personalised to your organisation.

Government Suite — 19 Additional Policies Government tier only

Government Suite — 19 Additional Policies

These 19 policies are included exclusively in the Full Suite Government tier. They extend the standard 45-policy suite with specialist addenda covering AI governance, advanced data protection, and public sector regulatory compliance.

The Government Suite adds 19 specialist addendum documents to the full Standard suite, bringing the total to 64 personalised policy documents. Each addendum extends an existing standard policy or introduces a standalone governance document required by the most highly regulated organisations.

Privacy Policy Addendum

Privacy Policy Addendum

A supplementary Privacy Policy for organisations with enhanced transparency obligations, addressing the specific privacy notice requirements of regulated sectors, the interaction between UK GDPR and sector-specific data handling rules, and the proactive publication standards expected by the ICO and regulated sector commissioners. Delivered as a professionally formatted PDF, personalised to your organisation.

Acceptable Use Policy Addendum

Acceptable Use Policy Addendum

An enhanced Acceptable Use Policy addendum for organisations operating under elevated data security obligations, incorporating Official and Official Sensitive data handling requirements, government device security standards, and the specific governance expectations that apply to the use of AI-assisted tools and cloud services within highly regulated IT infrastructure. Delivered as a professionally formatted PDF, personalised to your organisation.

Vendor and Supplier Evaluation Policy

Vendor and Supplier Evaluation Policy

A vendor evaluation and due diligence framework covering selection criteria, risk scoring, mandatory exclusion grounds, and the ongoing monitoring obligations that apply when procuring from third parties. Aligned to the Procurement Act 2023 for public bodies and to regulated sector supply chain standards for commercial organisations. Delivered as a professionally formatted PDF, personalised to your organisation.

ISO 42001 AI Management System Policy

ISO 42001 AI Management System Policy

An AI management system policy aligned to ISO 42001 and designed for organisations pursuing formal certification or demonstrating structured AI governance to regulators and commissioners. Covers AI risk classification, documentation obligations, incident management, and the continuous improvement cycle required under the standard. Delivered as a professionally formatted PDF, personalised to your organisation.

UK GDPR Compliance Framework Addendum

UK GDPR Compliance Framework Addendum

A supplementary GDPR compliance framework for organisations with complex data processing operations, addressing Article 30 records of processing, Data Protection Impact Assessment obligations, legitimate interests assessments, and the enhanced accountability documentation expected of large or high-risk data controllers. Delivered as a professionally formatted PDF, personalised to your organisation.

Prompt Injection Prevention Policy

Prompt Injection Prevention Policy

A security policy addressing prompt injection and adversarial input risks in AI systems used within the organisation. Defines the technical controls, input validation requirements, staff awareness obligations, and incident response procedures for organisations deploying large language models or AI-powered tools in operational or customer-facing contexts. Delivered as a professionally formatted PDF, personalised to your organisation.

Data Protection Standards Addendum

Data Protection Standards Addendum

Supplementary data protection standards for organisations subject to sector-specific data handling obligations beyond standard UK GDPR, including NHS Digital guidance, Data Security and Protection Toolkit requirements, and the additional governance controls expected of organisations processing sensitive personal data at scale. Delivered as a professionally formatted PDF, personalised to your organisation.

DSAR Procedures Addendum

DSAR Procedures Addendum

Extended Subject Access Request procedures for organisations handling high volumes of DSARs or operating under multiple access regimes. Covers complex third-party redaction workflows, the interaction with Freedom of Information Act exemptions, Environmental Information Regulations overlap, and the escalation and reporting obligations for requests that cannot be fulfilled within the standard one-month period. Delivered as a professionally formatted PDF, personalised to your organisation.

AI Policy Updates Framework

AI Policy Updates Framework

A structured framework for reviewing and updating AI governance policies as the regulatory landscape evolves. Covers the monitoring obligations for new AI Act implementing acts, ICO guidance, and sector-specific AI standards, and defines the internal process for incorporating regulatory changes into existing governance documentation without a full policy rewrite. Delivered as a professionally formatted PDF, personalised to your organisation.

Risk Register Template and Guidance

Risk Register Template and Guidance

A structured risk register template and governance guidance document covering risk identification methodology, likelihood and impact scoring, control effectiveness assessment, and the escalation thresholds that determine when a risk requires board-level attention. Aligned to ISO 31000 risk management principles and designed to integrate with your organisation's Risk Management Policy. Delivered as a professionally formatted PDF, personalised to your organisation.

Investigation Procedures Policy

Investigation Procedures Policy

An Investigation Procedures Policy defines the process for conducting workplace investigations, including the terms of reference, evidence gathering standards, interview conduct, impartiality requirements, and report writing obligations. It supports disciplinary, grievance, safeguarding, and regulatory investigation processes and ensures that conclusions reached through investigation are defensible in tribunal and regulatory proceedings. Delivered as a professionally formatted PDF, personalised to your organisation.

Website Terms and Conditions Policy

Website Terms and Conditions Policy

A Website Terms and Conditions Policy governs the contractual relationship between the organisation and users of its website or digital services. It sets out intellectual property ownership, acceptable use obligations, limitation of liability, and the dispute resolution process. It is a requirement for any organisation providing online services and is reviewed by commercial clients, commissioners, and legal advisers as part of supplier due diligence. Delivered as a professionally formatted PDF, personalised to your organisation.

AI Governance Policy Addendum

AI Governance Policy Addendum

An enhanced AI governance addendum for organisations subject to the EU AI Act, the ICO's AI auditing framework, or sector-specific AI regulation. Covers mandatory conformity assessment obligations, high-risk AI system classification, post-market monitoring requirements, and the board-level accountability structures required for organisations deploying AI in regulated contexts. Delivered as a professionally formatted PDF, personalised to your organisation.

AI Tool Approval Register

AI Tool Approval Register

A structured register and approval workflow for AI tools used within the organisation. Defines the information required before any AI tool is approved for use, the risk classification process, the sign-off authority at each risk level, and the ongoing monitoring and re-approval cycle. Ensures that no AI tool is used operationally without documented risk assessment and appropriate authorisation. Delivered as a professionally formatted PDF, personalised to your organisation.

Deepfakes and Synthetic Media Policy

Deepfakes and Synthetic Media Policy

A Deepfakes and Synthetic Media Policy defines the organisation's position on the creation, use, and distribution of AI-generated synthetic media, including deepfake video, AI-generated voice, and synthetic imagery. It sets out the permitted use cases, the approval process for synthetic media creation, the disclosure obligations when synthetic media is published, and the disciplinary framework that applies to misuse. Delivered as a professionally formatted PDF, personalised to your organisation.

AI Bias Testing and Fairness Framework

AI Bias Testing and Fairness Framework

A testing and fairness framework for AI systems used in decisions that affect individuals. Defines the bias testing methodology, the protected characteristic monitoring obligations under the Equality Act 2010, the ICO's fairness requirements for AI, and the remediation process when bias is identified. Required for any organisation using AI in recruitment, performance management, credit scoring, or other decisions with significant effects on individuals. Delivered as a professionally formatted PDF, personalised to your organisation.

AI Incident Classification and Reporting Policy

AI Incident Classification and Reporting Policy

An AI Incident Classification and Reporting Policy defines how the organisation identifies, classifies, and responds to AI-related incidents. Covers near-misses, harmful outputs, system failures, security incidents involving AI systems, and the escalation obligations under the EU AI Act for high-risk AI systems. Ensures that AI incidents are documented, investigated, and reported to the appropriate regulatory authority where required. Delivered as a professionally formatted PDF, personalised to your organisation.

AI Tool Approval Register Template

AI Tool Approval Register Template

A pre-formatted register template for recording AI tool approvals, risk classifications, review dates, and responsible owners. Designed to work alongside the AI Tool Approval Register policy to provide an auditable record of every AI system approved for use within the organisation, in a format suitable for board reporting, regulatory inspection, and ISO 42001 certification audit. Delivered as a professionally formatted PDF, personalised to your organisation.

Data Retention Schedule

Data Retention Schedule

A comprehensive data retention schedule mapping the personal and business data your organisation holds to the applicable statutory retention periods, the legal basis for retention, and the secure deletion process on expiry. Aligned to ICO guidance, sector-specific retention standards, and the National Archives' records management framework for public bodies. Designed to integrate directly with your Data Governance and Document Retention policies. Delivered as a professionally formatted PDF, personalised to your organisation.

Frequently asked questions about UK compliance policies

Full FAQ at /faq.

General

What is CompanyPolicies.co.uk?

CompanyPolicies.co.uk is a UK compliance policy service that generates personalised policy documents for your organisation. You complete a structured questionnaire about your organisation — covering sector, size, structure, and specific circumstances. The service generates a suite of compliance policies in PDF format, personalised with your details and written in plain English. Subscribers receive automatic updates when UK law changes, plus quarterly regulatory briefings.

Who is this service for?

The service is built for UK SMEs, HR managers, risk and compliance professionals, and public sector organisations. If you need current, personalised compliance policies for HR, governance, data protection, AI, IT security, health and safety, or public sector obligations — and you want them without the cost or delay of instructing a solicitor — this service is built for you.

Are these policies legally compliant?

The policies are written to reflect current UK law, including UK GDPR, the Employment Rights Act, the Equality Act 2010, the Bribery Act 2010, the Health and Safety at Work Act 1974, and sector-specific regulation. They are provided as templates and do not constitute legal advice. We recommend review by a qualified UK legal or compliance professional before formal adoption. Subscribers benefit from automatic updates when the legislative landscape changes.

How is a policy "personalised"?

Every policy is generated using the information you provide in the questionnaire. Your organisation's name, sector, size, structure, reporting lines, specific procedures, and relevant legal circumstances are incorporated throughout each document. The result is a policy that reads as if it was written for your organisation — because it was — rather than a generic template with placeholder text.

How long does it take to complete the questionnaire?

The questionnaire covers 11 sections. Most users complete it in 12 to 18 minutes. You can save your progress and return at any time. A demo mode is available if you want to see the output before committing.

Can I try before I buy?

Yes. Select 'Try a Demo' from the homepage to run through the questionnaire using sample data for a fictional organisation. The demo generates real sample output so you can assess the quality and format of the documents before purchasing.

Subscription and Pricing

What is the difference between a subscription and a one-off purchase?

A subscription gives you ongoing access to your policy suite with automatic updates whenever UK law changes, a version history and audit trail, and quarterly plain-English regulatory briefings. A one-off purchase gives you your policies at the point of generation — but they will not be updated if regulations change. For organisations where compliance currency matters — which is most organisations — a subscription is the right choice.

How do I cancel my subscription?

You can cancel at any time by emailing sales@companypolicies.co.uk with the subject line "Cancellation Request" and your account email address. We will confirm your access end date within one business day. Full terms are in our Terms of Service.

Is the annual price locked after year one?

Yes. For subscribers, the price you pay in year one is locked for year two and beyond. We do not increase prices for existing subscribers without prior written notice. Full details are in our Terms of Service.

Can I upgrade from Single Policy to a Full Suite?

Yes. Contact us and we will apply the cost of your single policy purchase as a credit against a Full Suite subscription. Details are available via the contact form.

Do you offer discounts for charities or public sector organisations?

The Full Suite Government tier is priced specifically for public sector budgets. Charities may be eligible for adjusted pricing. Contact us with details of your organisation and we will confirm what is available.

Compliance and Legal

Do I still need a solicitor if I use CompanyPolicies.co.uk?

For many organisations, personalised policies from CompanyPolicies.co.uk will be sufficient for day-to-day compliance. We always recommend that policies covering high-risk areas — such as disciplinary and dismissal, data breach response, and safeguarding — are reviewed by a qualified UK legal professional before formal adoption, particularly for regulated sector organisations. What this service eliminates is the cost and delay of having a solicitor draft those policies from scratch.

How quickly are policies updated when UK law changes?

Subscribers receive policy updates following material changes in UK legislation, ICO guidance, ACAS codes of practice, or sector regulation. You are notified by email when an update is published. The quarterly regulatory briefing provides a plain-English summary of what changed, which policies were affected, and what action is required. We track changes continuously, not just at quarter-end.

Do the policies cover the EU AI Act?

Yes. The AI governance policies in the suite address the EU AI Act obligations that apply to UK organisations providing AI systems or services to users in the European Union. They are aligned to the Act's risk classification framework and updated as the Act's implementation timeline progresses. Full Act compliance was required for high-risk AI systems from August 2026.

Are the policies suitable for regulated sectors?

The policies are written to meet general UK regulatory standards. Regulated sector organisations — those subject to FCA, CQC, Ofsted, or other specific regulatory oversight — should confirm with their sector regulator that the policies meet any sector-specific requirements. The Government Suite includes addenda written specifically for NHS, education, local authority, and other public sector contexts.

Technical and Delivery

In what formats are the policies delivered?

Every policy is delivered as a professionally formatted PDF, suitable for distribution, record-keeping, and formal adoption.

Can I edit the policies after downloading them?

Yes. Your policy PDFs are ready to distribute and adopt directly. We recommend discussing any organisation-specific additions with a qualified legal or compliance professional before formal adoption.

More questions? Visit our full FAQ page or email sales@companypolicies.co.uk.

Pricing built for UK organisations

Pick a single policy, the full suite, or the public sector edition. All plans deliver personalised PDF policies, ready to roll out.

Choose a plan to get your personalised policy documents.

All documents are templates and do not constitute legal advice. Have your policies reviewed by a qualified professional before formal adoption. Terms · Privacy

Most organisations choose the annual subscription. At £797 per year, it costs less than two hours with a solicitor — and your policies update automatically when UK law changes.

Single Policy

For you if: You need one specific policy urgently and want it personalised to your organisation rather than downloaded as a generic template.

£59one-off
No subscription · No renewals
  • Choose any one policy from our catalogue
  • Personalised with your organisation's details
  • PDF delivery
  • No quarterly regulatory briefing
  • No version history or audit trail
  • No future policy updates
Worth knowing: This is a one-off purchase. Your policy will not be updated automatically when the law changes. If you expect to need more than two or three policies, the Full Suite is more cost-effective.

Full Suite Standard

For you if: You are a UK SME, professional services firm, charity, or growing business that needs a complete, current compliance policy library.

£97/month
Subscribe annually: £797/year Save £367
One-off purchase: £1,197 — no updates or version history
  • 45 policies across HR, governance, data, IT, AI & more
  • Personalised with your organisation's details
  • Always up to date — we monitor UK law, GDPR, the EU AI Act and sector regulations. When rules change, we update your policies and notify you.
  • Version History & Audit Trail
  • Quarterly Regulatory Briefing
  • PDF delivery
Most organisations find this covers everything they need. It is the plan most buyers choose. Subscription terms, cancellation policy and price-lock guarantee: see Terms of Service. One-off purchase also available.

Full Suite Government

For you if: You are a council, NHS organisation, school, academy, housing association, or other public body with obligations that go beyond standard commercial compliance.

£197/month
Subscribe annually: £1,597/year Save £767
One-off purchase: £2,397 — no updates or version history
  • 64 policies – the full Standard suite plus 19 government addenda
  • Public sector regulatory addenda (NHS, councils, public bodies)
  • Always up to date — we monitor UK law, GDPR, the EU AI Act and sector regulations. When rules change, we update your policies and notify you.
  • Version History & Audit Trail
  • Quarterly Regulatory Briefing
  • PDF delivery
Built for public sector governance standards, audit readiness, and commissioner scrutiny. Subscription terms, cancellation policy and price-lock guarantee: see Terms of Service. One-off purchase also available.
Have a beta code?
NHS bodies, health trusts, and organisations with specific data sovereignty requirements may request a manually delivered policy suite. Documents are generated, reviewed, and delivered directly by the CompanyPolicies team, without passing through automated cloud infrastructure. Contact us to discuss

Government and public sector enquiries

If you are a council, NHS trust, school, academy, university or other public body, we recommend contacting us before subscribing. We can confirm the most appropriate tier for your organisation, discuss data sovereignty requirements, and explore volume or multi-site pricing.

Email: sales@companypolicies.co.uk — we respond within one business day.

All policies are provided as templates and do not constitute legal advice. We recommend review by a qualified UK legal or compliance professional before formal adoption. Subscription terms, cancellation policy and price-lock guarantee: see Terms of Service.

Built for the UK compliance teams who asked for it — read what they said below.

What our subscribers say

Rated 5/5 by UK compliance teams

"We were audited by our local authority client and had 48 hours to produce a full suite of compliant HR policies. CompanyPolicies got us there. The questionnaire took twenty minutes and everything our auditor asked for was covered."

Managing Director · Facilities Management · 62 employees · Full Suite Standard subscriber

"The quarterly briefings alone are worth the subscription. They distil the ICO and ACAS updates into plain English and flag exactly which of our policies need revisiting. No other service does that."

Head of People & Culture · Housing Association · 130 employees · Full Suite Standard subscriber

"We'd been putting off proper documentation for two years because the quotes from solicitors were eye-watering. This is comprehensive, affordable, and our insurance broker accepted it without question."

Co-founder · SaaS Technology Company · 19 employees · Full Suite Standard subscriber

Payments are processed securely by Stripe — your card details never touch our servers. SSL encrypted throughout.

Compliance is not a project with an end date

ICO guidance shifts. ACAS codes are updated. The EU AI Act rolls out in stages. A subscription means you never have to track those changes yourself.

Your policies stay current — automatically

We track UK law, ICO guidance, ACAS codes, the EU AI Act and sector-specific regulation as standard. When something changes that affects your documents, we update them and tell you exactly what shifted and why it matters.

Answer an audit question in seconds

Every policy version is timestamped and archived. When a regulator, auditor, or procurement team asks which policy was in force on a given date, you can answer immediately — not after a search through shared drives and email chains.

Quarterly briefing — plain English, no jargon

Four times a year we send a concise briefing covering what changed in UK law and regulation, which of your policies we updated as a result, and what you need to do — if anything. Written for HR and compliance professionals, not lawyers.

Compare plans

Feature Single Policy Full Suite Standard Full Suite Government
Number of policies14564 (45 + 19 addenda)
Personalised to your organisation
PDF delivery
Public sector regulatory addenda
Always up to date (ongoing policy updates)SubscriptionSubscription
Version History & Audit TrailSubscriptionSubscription
Quarterly Regulatory BriefingSubscriptionSubscription
One-off purchase available£59£1,197£2,397

Need help choosing a plan?

Email us at sales@companypolicies.co.uk — we respond within one business day. We're happy to advise on which tier is right for your organisation, or to discuss volume or multi-site licensing.

Also see our FAQ and About pages for more detail on how the service works.

Quarterly Regulatory Briefings

Plain-English summaries of UK regulatory change. Published shortly after the end of each calendar quarter, sent to your inbox, and archived here forever for re-reading.

Loading briefings…

Payment received

Confirming your subscription with Stripe…
A receipt has been emailed to you by Stripe. Need help? Email sales@companypolicies.co.uk.
CompanyPolicies.co.uk
Section 1 of 11 0%
Your progress is saved in this browser only. To save across devices, create a free account.

Your Policies Are Ready!

Your customised policy documents have been generated for your organisation.

Download Options

Legal disclaimer: These documents are provided as templates and do not constitute legal advice. Always have your policies reviewed by a qualified UK legal or compliance professional before formal adoption.
Auto-saved