The 6-Week Rollout: What Happens and When

This is your roadmap. From the moment you open the kit to the point where your employees understand the policy and the rollout is complete, here's what happens each week and what you do.

Week 1: Setup and White-Labeling

Your role: Rollout coordinator. This is one person — the owner, office manager, HR person, or operations lead. Not a committee. Committees make rollouts slow.

What you do:

  1. Open the kit and review the Executive Briefing (D-01). This takes 20 minutes. You're now oriented on what you're rolling out and why.

  2. Complete the Risk Audit Card (D-04). This is a three-question decision tree that takes about 10 minutes. You're establishing your company's current baseline — what's the existing risk from AI use? This matters because after rollout, you'll complete this same card again to see what's changed.

  3. White-label the distributable documents. These are the documents employees will see: the AI Acceptable Use Policy (D-02), the five-email training series (D-03), and the rollout briefing deck (D-05). "White-label" means putting your company name in standard places and customizing a few references to your specific business. This takes approximately 45 minutes total — you're not rewriting, you're customizing.

  4. Set up your email scheduling. You have two options: schedule the five-email series now, or plan to send them manually each week. If you're using Outlook or Gmail, scheduling takes about 15 minutes per email (less once you understand the process). See the Deployment Card (Bonus File C) for step-by-step instructions.

  5. If you're planning to run an optional all-hands briefing (recommended for teams of 15 or more), schedule the meeting room and notify employees. The briefing is 30 minutes. The rollout deck (D-05) comes with speaker notes — you don't need to prepare beyond reading the notes once.

Timeline for Week 1: Plan 2-3 hours total. Spread it across the week if needed. You're not under pressure — you're setting up. The rollout starts when you're ready, not before.

Week 2: Kickoff and Policy Deployment

Email 1 deploys: "What Is AI" — the warm introduction. This email sets the tone. It's not scary. It's not technical. It explains that the company is being intentional about AI and that employees will hear more about this over the next five weeks.

If you're doing the all-hands briefing: This is the week to schedule it. The briefing deck (D-05) takes 30 minutes to deliver. The speaker notes are written out — your job is to read them naturally, not to memorize or improvise. If your team is distributed or too large for one meeting, you can deliver the same briefing to multiple groups or record it and distribute it.

Deploy the AI Acceptable Use Policy: Distribute it for employee signature. You have a few options:
- Print copies, have employees sign them, and file them in employee records
- Use DocuSign or a similar e-signature tool
- Use a Google Form or simple form that captures acknowledgment

Whichever method you choose, you need signed/acknowledged copies on file. Allow 5-7 business days for signatures to be collected. Send a follow-up reminder email at day 4 if signatures are incomplete.

What's happening: Week 2 is the public announcement. Employees know something's coming. They've received the policy. The email and optional briefing set context. This is not detailed training yet — it's introduction and notice.

Your task: Make sure signatures are collected. This is important. You need documentation that employees received and acknowledged the policy.

Week 3: Safe Use Training

Email 2 deploys: "What Not to Put in AI" — this is the most important email in the series. By now employees have the policy in their hands. This email reinforces the single most critical point: what data should never go into free AI tools, and what to do if you're unsure.

Collect outstanding policy signatures. Follow up with anyone who hasn't signed yet. This takes one or two quick emails.

What's happening: Week 3 is all about protection. You're making sure every employee understands the data security side of AI use. This email includes concrete examples: don't put customer names, employee records, financial data, contracts, or proprietary processes into ChatGPT. If you put something in and then realized it shouldn't be there, here's what to do: report it immediately using [contact].

Your task: Make sure everyone has signed the policy. Send the email. Answer any questions that come in.

Week 4: Capability Awareness

Email 3 deploys: "What AI Can Actually Do" — the conversation shifts from protection to possibility. This email covers what AI is genuinely useful for: drafting, summarizing, organizing, analyzing non-sensitive data, learning.

Optional: Distribute relevant sections of the Prompt Vault (D-06) to employees in each role category. The Prompt Vault contains role-specific prompts and use cases — templates for customer service, operations, marketing, and management. If an employee knows how to use AI without just randomly asking questions, they're more effective. This is optional but recommended for companies of 20+ employees.

What's happening: Week 4 is where you move from "here's what not to do" to "here's what you can do." You're introducing approved tools (which you've specified in the policy) and showing employees practical examples of AI use that's safe and valuable.

Your task: Send the email. Optionally distribute the Prompt Vault or send a message pointing employees to it if it's available on your intranet or shared drive.

Week 5: Policy Context

Email 4 deploys: "Our Policy and What It Means" — this email brings together weeks 1-4. It explains why the company implemented the policy, what the policy requires, what it permits, and what happens if violations occur.

By this point employees have received introduction, training on what not to do, education on what they can do, and now understanding of the why. This email ties it together: "We're implementing this policy to protect the company and to enable you to use AI tools effectively. Here's what that looks like for you."

What's happening: Week 5 is comprehension. Employees now understand the full context. They know what AI is, what not to put in it, what they can use it for, and why the company cares.

Your task: Send the email. Be available for questions — this email typically generates questions, which is good. Questions mean engagement. Answer them clearly and use them to refine how you're messaging going forward.

Week 6: Completion and Close

Email 5 deploys: "Your Role Going Forward" — the closing email. This acknowledges that employees have completed the initial five-week training sequence. It sets expectations for what happens next: the policy is now in effect, ongoing support is available, and any updates will be communicated.

The email points employees to a specific contact person for questions about the policy, approved tools, or requests to use new tools.

Review your Risk Audit Card again. Complete it a second time using the same three-question framework. Has anything changed in your assessment of AI risk and readiness? Document this.

File all policy acknowledgment signatures. Make sure signed copies are in employee files. This is your documentation that the policy was communicated and acknowledged.

The rollout is now complete.

Post-Rollout: Ongoing Management

The email series ends, but your AI governance doesn't.

The Prompt Vault remains available as a reference resource. Employees can consult it to understand how to use AI tools effectively for their specific roles.

The Glossary remains available for employees who encounter unfamiliar terms. It's also essential for onboarding new hires — they see the glossary and the policy as part of their initial orientation.

If you've subscribed to the Briefing Service: Monthly role-specific briefings begin in Week 7. These are manufacturer-focused updates on what's changing in AI, what's relevant to your industry, and how to stay current without becoming a tech person. The briefing service is ongoing education — employees stay aware of AI developments without time commitment or technical depth.

Policy updates: As new tools emerge or as you learn from experience, you'll update the policy. When you do, employees acknowledge the updated version just as they did the original. Document the update date.

Annual review: Once per year, review the Risk Audit Card again. Is your risk profile different? Do you need to expand approved tools? Do you need stricter guidelines in any area? Use the annual review to refine the policy.

Timeline Summary

  • Week 1 (Setup): You complete 2-3 hours of configuration work
  • Week 2 (Kickoff): Email 1 deploys; policy is distributed for signature
  • Week 3 (Safety): Email 2 deploys; policy signatures collected
  • Week 4 (Capability): Email 3 deploys; Prompt Vault optionally distributed
  • Week 5 (Context): Email 4 deploys; questions answered and clarified
  • Week 6 (Close): Email 5 deploys; rollout is documented as complete
  • Week 7+: Ongoing support and ongoing education

Your involvement decreases with each week. Week 1 is 2-3 hours of your time. Week 2 is sending an email and managing signature collection. Weeks 3-6 involve sending emails and answering questions. By Week 6 you're documenting completion. Your ongoing involvement depends on company size and how many new hires you bring on.

A note on data security:

The risks covered in this article are real and they are happening in companies like yours right now. The single most effective first step is a written AI Acceptable Use Policy that tells your employees exactly what they can and cannot put into AI tools — before something goes wrong. If you don't have one, that's the place to start.

Ready to move forward?