Articles > Technology

What Should an Acceptable Use Policy Contain?

January 16, 2021   Daniel KatzPhilip Evangelou

An acceptable use policy (AUP) provides a regulatory framework that restricts the ways that a system, network or website may be used. With that being said, an AUP also provides guidelines explaining how to use such a system.

This article will explain what an AUP should contain.

Policy Statement

Firstly, a preamble of the purpose of your AUP is always necessary. In essence, it is important to introduce what acceptable use means, its aims and why it is needed. 


Understanding what and what is not included in an AUP can be quite confusing. This is because there are countless activities that the modern business world deems acceptable and unacceptable. Therefore, it is important to define the scope of your AUP and what activities your business deems unacceptable. This is, of course, different for every business. In general, this section should lay out what the AUP applies to (ie – internet access), and who it applies to (ie – employees, departments, regions etc).


Identifying the jurisdiction is always important. In this, we mean the particular state laws that govern your AUP. This will guide subsequent lawyers in the case of an incident as to what laws apply. It is also crucial to learn what your jurisdictional laws allow you to include in your AUP. 

Acceptable and Unacceptable Use

Though the purpose of an AUP is to prohibit unacceptable behaviour, it is also important to outline activities that are acceptable. Here are some examples of acceptable use:

  • Users are authorised to use the system when they are assigned accounts or account numbers.
  • The creation of a user account.
  • The ability to set your own username and password.
  • If some services on your system are provided for specific functions and users, authorisation may be provided to specific users.
  • Users can use the system in line with their role, either as an employee or consumer for example.

Conversely, here are some examples of unacceptable use:

  • Using the system to sexually harass, discriminate or victimise other individuals.
  • Attempting to circumvent or navigate around security controls. This includes any attempts at ‘hacking’ the system.
  • Any attempts to copyright, manipulate or distribute the contents of the system.
  • Use that violates or contradicts local, state and/or federal laws.

Code of Conduct: Violations and Sanctions

An AUP must not be taken lightly. Employees and users must understand the consequences of engaging in behaviour that contradicts your AUP. Sanctions may include fines, account bans and, in some cases, court action.

To Sum Up

Governing what is and what is not acceptable on your platforms and systems is extremely important. Not only can it protect your business and its reputation, but it is also ethical. With this, an acceptable use policy will allow you to outline how you want your platform or system used.

If you need any assistance, our technology lawyers are here to help! Just contact us at 1300 997 337 or fill out the contact form on this page.

About Daniel Katz

Daniel KatzDaniel is a legal intern at OpenLegal, placed in our legal content team. He is currently studying a Bachelor of Laws at the University of Technology Sydney. Daniel's interest lies in economics and media/startup law.

About Philip Evangelou

phillipPhil is a director at OpenLegal. He has over 16 years experience working in private practice and in-house counsel in Sydney and London, giving him expertise in employment law, IP, finance, leases, dispute resolution, insurance and contracts.