Why 64% of Church Leaders Say They Need an AI Policy But Only 5% Have One

TL;DR: The 2026 Pushpay and Barna report found 64% of church leaders say an AI policy is important, but only 5% have implemented one. A working church AI policy is not a corporate compliance document. It is an operational agreement defining which tools staff use, what member data stays protected, who reviews AI-generated content, and who owns the policy when updates are needed.

What You Need to Know About Church AI Policies:

A church AI policy requires a theological foundation first, then operational rules, starting with stewardship rather than restrictions
The data classification section is the most critical component, defining three tiers: public data, internal data, and restricted member data that never enters public AI tools
Pastoral care boundaries must be explicit, prohibiting AI use in counseling, confidential care conversations, and any context where a member expects human pastoral presence
An approved tools list with enterprise-level accounts and Data Processing Agreements is required for any work involving member information
Every working policy has a named AI Officer responsible for tool vetting, staff training, annual reviews, and incident response
Transparency protocols include a congregation-facing website statement and signed staff acknowledgments, not disclosure of every administrative AI use

What Is a Church AI Policy and Why Does Your Ministry Need One?
Why Generic Corporate AI Policies Fail Churches
How to Write Your Theological Foundation
Which Member Data Never Touches Public AI Tools
Where AI Stops and Pastoral Care Begins
How to Build an Approved Tools List Staff Will Use
Who Owns the Policy Once It Is Written
How to Tell Your Congregation Without Making It a Press Release
What to Do Before Any of This If You Are Starting From Zero
Frequently Asked Questions
Key Takeaways
Sources and References
Where We Go From Here

What Is a Church AI Policy and Why Does Your Ministry Need One?

A church AI policy is an operational agreement defining which AI tools staff use, what member data stays protected, who reviews AI-generated content, and who maintains the policy. The 2026 State of Church Technology Report found 64% of church leaders say an AI policy is important, but only 5% have one.

This gap means most ministries operate AI tools through improvisation rather than clear guidelines. Pushpay’s analysis states the problem directly: most pastors use AI, almost none have a plan for it.

A working church AI policy includes seven core components:

Theological foundation naming why the policy exists, not just restrictions
Data classification showing staff exactly which member data stays off public AI tools
Pastoral and counseling boundaries with firm prohibitions on AI in confidential care conversations
Approved tools list with enterprise accounts required for work touching member data
Named AI Officer for vetting tools, training staff, and annual policy reviews
Transparency and disclosure rules so members understand what is AI-assisted
Signed acknowledgment requirement ensuring staff read the policy, not just file it We spent the last year watching churches write these documents and seen the same mistakes repeat. This guide pulls from denominational frameworks already in circulation, independent research on church AI adoption, and working policies we have helped ministries implement.

For wider context on how AI reshapes ministry work, see our practical guide to AI in ministry.

Why Generic Corporate AI Policies Fail Churches

Corporate AI policies start from the wrong premise for church contexts. Churches handle different data than corporations. The trust is more personal. The theological stakes have no Fortune 500 equivalent.

The 2026 State of Church Technology Report from Pushpay and Barna, based on 1,306 church leaders surveyed between November and December 2025, found 83% of leaders worry about data privacy and 51% express concern about plagiarism and message integrity.

These concerns don’t translate to standard acceptable-use policies. The data churches handle sits closer to a confessional than a customer record: prayer requests, counseling notes, giving history, family situations.

The strongest frameworks in circulation include the Archdiocese of Los Angeles Generative AI Policy and the Baltimore Presbytery AI Guidelines. Both open with theological premises before listing rules.

Policies starting with restrictions read like surveillance. Policies starting with stewardship read like leadership.

Key Point: A church AI policy is a stewardship document first and a compliance document second, and the structure of the document should reflect that order.

How to Write Your Theological Foundation

The theological foundation answers why the church engages technology at all, not just what the restrictions are. Every working church AI policy we have seen opens with a short statement explaining this premise. This is not filler. It is the lens for reading every other section.

The Southern Baptist Convention’s 2023 resolution On Artificial Intelligence and Emerging Technologies frames AI as something to engage from “eschatological hope rather than uncritical embrace or fearful rejection.”

The Vatican’s January 2025 document Antiqua et Nova frames AI as a product of human intelligence that “should be used only as a tool to complement human intelligence rather than replace its richness.”

Both anchor the policy in human dignity before touching workflows.

For most churches, the foundation section runs three to five sentences and states:

AI is a tool, not a replacement for human ministry
Human dignity and pastoral relationships remain central
AI will not replace teaching, counseling, or worship leadership
The policy protects staff and members Key Point: The theological foundation anchors the policy, and every later section should trace back to it.

Which Member Data Never Touches Public AI Tools

Data classification is the most important section of any church AI policy. This is where most policies fail, and where consequences land hardest.

The working rule we recommend, drawn from Subsplash’s 2026 church AI policy template and policies from mid-sized churches we have advised, defines three data tiers:

Public data moves freely through approved tools: sermon series titles, service times, staff bios.

Internal data can be used in enterprise-tier accounts with church credentials: staff schedules, vendor contracts, generic ministry plans.

Restricted data never enters any public AI platform: member names tied to giving records, prayer requests, counseling notes, pastoral care correspondence, children’s ministry rosters.

This matters because of vendor terms. The ChurchTechToday analysis of the 2026 Pushpay data states the point directly: when a church has no written rule about member data and AI, the vendor’s default terms become the policy by accident.

Many free AI tools train on inputs they receive. The first time staff pastes a prayer chain into a free chatbot to clean up formatting, the church made a decision it never consciously approved.

Key Point: Restricted member data should be defined explicitly by category in the policy, and the prohibition on entering it into public AI tools should be absolute.

Where AI Stops and Pastoral Care Begins

The hardest line to draw in a church AI policy is the boundary around pastoral care. Get it wrong in the soft direction and the ministry erodes trust. Get it wrong in the hard direction and the policy ties staff hands on tasks where AI genuinely helps.

The clearest working rule we have seen, articulated by Progressive Church Media and consistent with the Ethics and Religious Liberty Commission’s 2025 research guide The Work of Our Hands, is this: AI may assist with administrative scaffolding around ministry but may not substitute for the relational core.

AI can:

Format a newsletter
Summarize meeting notes from public discussions
Draft calendar reminders
Brainstorm sermon illustrations the pastor verifies and rewrites AI cannot:
Draft pastoral care correspondence
Generate prayers attributed to a pastor
Transcribe counseling sessions
Stand in for human presence in moments of grief The ERLC guide names the underlying question well: are we giving the impression someone is interacting with a pastor when they are interacting with an AI tool? If yes, the use is out of bounds regardless of efficiency.

Key Point: AI is a tool for ministry scaffolding, never for the relational core, and the policy should name that line concretely.

How to Build an Approved Tools List Staff Will Use

A working AI policy does not list every tool that exists. It names a short list of tools the church has vetted, the tier of account staff must use, and the data category each tool is approved for.

The vetting criteria we use, adapted from working church policies and the Archdiocese of Los Angeles framework, include four questions:

Does the vendor offer a Data Processing Agreement prohibiting training on church data?
What security certifications does the vendor hold?
Is the tool compliant with the Children’s Online Privacy Protection Act if it touches children’s ministry contexts?
Is there a documented data deletion process if a member requests information removal? Free personal accounts are the failure point. The policy needs to state plainly: free or personal AI accounts cannot be used for any work involving internal or restricted church data. Staff use church-credentialed enterprise accounts only.

This is the cheapest, highest-leverage clause in the whole document. The reason this matters across the wider tech stack, not just AI, is something we have written about in your church tech stack isn’t broken, it’s built this way.

Key Point: The approved tools list, the enterprise-account requirement, and the vendor vetting questions are the three operational levers that turn a written policy into a working one.

Who Owns the Policy Once It Is Written

Every church AI policy we have seen succeed has a named owner. Every one we have seen fail had the document but no person.

The role is often called the AI Officer. In smaller churches it sits with the executive pastor or administrative pastor. In larger churches it is a dedicated technology lead.

The role owns four responsibilities:

Day-to-day tool approvals and additions to the approved list
Annual policy review and updates as tools change
Staff training and onboarding so new hires know rules before their first login
Incident response when something goes wrong, including documented learning so the policy improves rather than just gets enforced The Subsplash 2026 guidance recommends an annual review baseline with an additional trigger when a major new tool is adopted. This matches what we observe in practice.

Without recurring review, the policy ages into irrelevance within a year. The tools change faster than the document.

Key Point: A policy without a named owner and a recurring review schedule is a draft, not a policy.

How to Tell Your Congregation Without Making It a Press Release

Transparency is the section most churches skip. The Pushpay data shows nearly half of churches have said nothing to their congregations about AI use. That silence is a decision, not the one most leaders would consciously choose.

The working pattern is simple:

A short one-paragraph statement on the church’s website explains the church’s approach to AI, names what it’s used for, names what it’s never used for, and identifies who owns the policy
Staff disclose AI assistance in pastoral or theological content where absence of disclosure would mislead
AI-generated images used in church communications are labeled when authenticity matters, for instance in contexts that could be confused with photography of real congregation members This is not about announcing every use of a spell-checker. It is about closing the trust gap that opens when members do not know whether the email they received was written by a person who knows them.

The Cephas Alokan guide to building a church AI policy makes the same point: a signed staff acknowledgment paired with a congregation-facing summary is the minimum disclosure pattern.

Key Point: A short congregation-facing statement and a signed staff acknowledgment together do the work that an internal-only document cannot.

What to Do Before Any of This If You Are Starting From Zero

The 95% of churches without a policy do not need to publish a forty-page document next week. They need a starting point small enough to finish and large enough to matter.

The three steps we recommend, in this order:

Run a tool audit. Ask every staff member which AI tools they’ve used for church work in the last ninety days. No judgment, just a list.
Map your restricted data. Write down where prayer requests, counseling notes, giving records, and member rosters live and who has access.
Pick a single pilot policy area. Most churches pick communications because volume is high and risk is contained. Get that one section right with named tools, named data rules, named reviewer, and signed acknowledgment. Then expand from there. This approach matches what we see working in churches with functional AI policies. They did not start with the full document. They started with one workflow and built outward.

Key Point: A small policy that is followed beats a comprehensive policy that sits in a drawer, and the path from zero starts with a tool audit, a data map, and a pilot section.

Frequently Asked Questions

How long should a church AI policy be?

Most working church AI policies run between four and ten pages. Shorter than four pages tends to skip data classification and tool approval sections that do the real work. Longer than ten pages tends to lose the staff who are supposed to follow it. Aim for a document a new hire reads in twenty minutes and refers back to without scrolling for an hour.

Do we need a lawyer to write a church AI policy?

Most small and mid-sized churches adopt a sound template policy without legal review, then bring in counsel for one focused pass before publication. Larger churches, churches with significant paid staff handling sensitive member data, or churches operating across multiple states should get legal review before the policy goes live. The FaithStack policy generator and other denomination-agnostic templates provide working drafts.

What is the difference between approved and prohibited tools in a church AI policy?

Approved tools are named platforms the church has vetted, accessed through church-credentialed enterprise accounts, and matched to specific data tiers and use cases. Prohibited tools are any AI platform not on the approved list, all free or personal accounts when handling internal or restricted data, and any tool whose vendor terms permit training on church data. The line is drawn by tool, account type, and data category together, not by tool alone.

Should our policy ban AI in sermon preparation?

The strong consensus across working denominational frameworks is that AI may assist with research, outlining, and illustration generation the pastor then verifies and rewrites. AI should not draft sermons in full. The Saddleback Church guidance shared by Jay Kranda and the Subsplash template both land in roughly the same place: assistance is welcome, substitution is not.

How do we handle AI meeting transcription tools like Otter or Fireflies?

The working rule is enterprise accounts only, participant consent required at the start of every meeting, an opt-out option for anyone who declines, and an absolute prohibition in pastoral care conversations, HR meetings, elder executive sessions, and legal consultations regardless of consent. Transcripts get stored on church-controlled accounts, not personal ones, and get deleted on a defined schedule.

What happens when a staff member violates the AI policy?

A working policy distinguishes between honest mistakes and willful violations. First-time honest mistakes trigger a conversation, a refresher on the rule, and a documentation note. Examples: an unfamiliar tool used in good faith, a piece of internal data entered without realizing the tier. Patterns of violation or any breach involving restricted member data trigger formal review under the church’s existing personnel policies. The AI Officer documents incidents and updates the policy when a pattern reveals a gap.

How often should we update our church AI policy?

A formal annual review is the baseline. An additional trigger review fires whenever the church adopts a significant new tool, a vendor materially changes its terms of service, a denominational body issues new guidance, or an incident reveals a gap in existing rules. The review doesn’t have to be heavy. A single leadership team conversation with the AI Officer is enough.

Do we have to disclose AI use to our congregation in every communication?

No. Trying to disclose everything makes disclosure invisible through repetition. The working pattern is a one-time congregation-facing statement on the website explaining the church’s approach, plus context-specific disclosure in pastoral or theological content where absence of disclosure would mislead. Spell-check, formatting cleanup, and routine administrative assistance don’t require labeling.

Key Takeaways

The gap is execution, not awareness. The Pushpay and Barna 2026 data confirms 64% of church leaders know an AI policy matters. Only 5% have built one. Most ministries run AI by improvisation rather than intent.
Start with theology, then write the rules. Every working church AI policy opens with a short statement of human dignity and pastoral relationship that anchors every operational clause that follows.
Restricted data is the most important section. Define member data tiers explicitly, name what never enters a public AI tool, and require enterprise accounts for anything beyond public data.
Draw the pastoral care line concretely. AI may assist with ministry scaffolding (formatting, summarizing, brainstorming). AI may not substitute for the relational core of pastoral care, counseling, or worship leadership.
The policy needs a named owner. Without an AI Officer responsible for tool approvals, staff training, annual review, and incident response, the document ages into irrelevance within a year.
Transparency closes the trust gap. A short congregation-facing statement on the website, paired with signed staff acknowledgment, does the disclosure work an internal-only policy cannot.
A small policy that is followed beats a comprehensive one that is not. Churches starting from zero should run a tool audit, map restricted data, and pilot a single policy section before expanding.

Sources and References

Pushpay and Barna Group, The State of Church Technology 2026, released April 2026 based on a survey of 1,306 U.S. church leaders conducted November to December 2025.
Barna Group, How Church Leaders Are Using AI (And Their Top Concerns), March 2026.
Pushpay, Most pastors use AI. Almost none have a plan for it, March 2026.
Archdiocese of Los Angeles, Generative AI Use Policy, Chapter 10 Section 10.10.
Baltimore Presbytery, Artificial Intelligence Guidelines.
Southern Baptist Convention, On Artificial Intelligence and Emerging Technologies, 2023 resolution.
Dicasteries for the Doctrine of the Faith and for Culture and Education, Antiqua et Nova: Note on the Relationship Between Artificial Intelligence and Human Intelligence, January 28, 2025.
Ethics and Religious Liberty Commission, The Work of Our Hands: A Research Guide on AI and Digital Technology, September 2025.
Subsplash, Church AI Policy Template: A Pastor’s Guide for 2026, June 2026.
ChurchTechToday, AI Ethics and the Church’s Most Sensitive Data, June 2026.
Progressive Church Media, Does Your Progressive Ministry Have a Church AI Policy?, April 2026.
Cephas Alokan, Step-by-Step Guide to Creating a Church AI Policy, May 2025.
Jay Kranda, Sample Church AI Policy and Training You Can Copy, June 2025.

Where We Go From Here

A church AI policy is not paperwork. It is the operating agreement deciding who sees what, who reviews what, and who is responsible when something goes wrong.

The churches that build one now will spend the next two years refining it. The ones that wait will spend those years cleaning up decisions they did not consciously make.

If your ministry is working through how to write or refresh an AI policy that fits your staff, your tools, and your members, we would be glad to think it through with you. We offer no-pressure consultations where we listen first, then share what we have learned helping ministries navigate the same questions.

For the wider context sitting underneath this work, our overview of AI in ministry walks through the surrounding landscape.

Schedule a consultation.

Categories

Recent Posts

Popular Tags

Have Any Questions?