The renewal quote from your IT provider has a new line on it, Microsoft 365 Copilot licences for the whole team. The sign-off lands on your desk, and somewhere behind that line sits a set of terms nobody in the firm has read. You have heard the stories about AI tools training on customer data, and you have also heard that Microsoft’s business terms are supposed to be different. Both things are true, depending on which Copilot your people actually use. The business terms are stronger than the stories suggest. The catch is that the protections only apply when the licence, the accounts and the tenant are set up to invoke them.
What do Microsoft’s Copilot business terms actually say?
For Microsoft 365 Copilot on a work account, Microsoft commits that your prompts, responses and anything accessed through Microsoft Graph are not used to train its foundation models. Copilot interactions sit under the same Data Protection Addendum as your email and files, Microsoft acts as your data processor, and commercial customers get a copyright indemnity called the Customer Copyright Commitment.
Those interactions are stored as part of your organisation’s Microsoft 365 content, encrypted at rest, and handled under the same contractual commitments as your Exchange mailboxes and SharePoint files. Microsoft calls this Enterprise Data Protection, and in June 2024 it extended the same protection to Copilot on the web for work accounts, with adverts removed. Data residency followed a similar path. Copilot became a covered workload under Microsoft’s residency commitments in the Product Terms on 1 March 2024, including the Advanced Data Residency and Multi-Geo options.
The consumer terms read very differently. The public Copilot service may involve human review of what users type, and Microsoft’s own advice is blunt, “You shouldn’t share any information with Copilot that you don’t want us to review.” An earlier version of the consumer terms described the service as being for entertainment purposes only, wording Microsoft agreed to revise in 2024 after it drew public criticism for clashing with the product’s business positioning.
Why do these terms matter for your business?
Under UK GDPR you remain the data controller for anything your team puts into Copilot, so the terms decide whether you can meet your own obligations. The ICO expects processors to act only on documented instructions with proper security, and the Microsoft Data Protection Addendum is what provides that for Copilot. Without it, every prompt is an unmanaged disclosure.
Client confidentiality follows the same logic. If your team drafts client work inside Copilot, the contractual question is whether that content stays inside your tenant under processor terms or leaves it under consumer terms. The National Cyber Security Centre has warned since 2023 that staff pasting sensitive material into public AI tools is a genuine leakage risk, and its guidance points firms towards tenant-protected, enterprise-integrated tools for exactly this reason.
The copyright indemnity matters if AI output reaches your deliverables. Under the Customer Copyright Commitment, Microsoft will defend commercial customers against certain copyright claims arising from Copilot use, provided the product is used as documented and nobody deliberately requests infringing content. Clifford Chance’s analysis is worth reading before you rely on it. The commitment covers specific products, excludes trademarks and other non-copyright rights, and removes some IP risk rather than all of it.
Where will you actually meet these terms?
You meet the terms in three places. The licence you buy, which decides whether the business protections apply at all. The account your staff sign in with, because a personal Microsoft account drops you onto the consumer terms. And your existing Microsoft 365 agreement, which is where the Data Protection Addendum, retention policies and audit settings already live.
The account distinction does the heaviest lifting. Signed in with a work account through Entra ID, staff get Enterprise Data Protection and the no-training commitment. Logged out, or signed in with a personal account, the same person at the same desk falls under consumer handling, with broader model-improvement uses and weaker contractual safeguards. Same product name, different contract, and nothing on the screen makes the switch obvious.
Web search is the boundary that surprises owners. When Copilot searches the web, the query goes to Bing with user and tenant identifiers removed, and Microsoft states it is neither shared with advertisers nor used to train foundation models. But those queries run under Microsoft’s consumer services agreement rather than the business Data Protection Addendum, so the web search leg of a prompt sits outside your contract. Public sector G-Cloud listings, incidentally, show Copilot sold on 12 to 24 month minimum terms inside standard Microsoft 365 subscriptions, a fair guide to the commercial commitment you are making.
When should you dig in, and when can you sign off?
Sign off comfortably when the use is internal drafting and analysis on work accounts under Enterprise Data Protection, with basic prompt guidance in place. Dig in when personal data is central to the work, when AI-generated output goes into client deliverables, when you serve EU clients in higher-risk areas, or when staff are already using consumer Copilot unmanaged.
Personal data raises the bar because the ICO expects documented purposes, a lawful basis, and an impact assessment for higher-risk AI processing. Copilot respects your retention policies and its interactions are auditable, which helps, but the governance paperwork is yours to do, and Microsoft’s terms do not do it for you. Firms serving EU clients should also map their Copilot use against the EU AI Act, which treats areas like HR screening and credit decisions as high-risk, with obligations phasing in over transition periods of up to 24 months.
The other trap is over-confidence in the brand. Microsoft’s own terms warn that Copilot can make mistakes and should not be relied on for important advice. A big vendor name on the contract protects your data handling, and it says nothing about whether the output is right. The terms manage the legal risk. Checking the work stays your job.
Which related concepts sit alongside the Copilot terms?
Five terms carry the weight in any Copilot conversation with your IT provider. The Data Protection Addendum, Enterprise Data Protection, the controller and processor split, the Customer Copyright Commitment, and the data protection impact assessment. Each has a precise meaning, and knowing them turns a vendor briefing you sit through into a negotiation you can lead.
The Data Protection Addendum is the contractual layer that makes Microsoft your processor, bound to documented instructions and defined security measures. Enterprise Data Protection is Microsoft’s label for extending those commitments to Copilot prompts and responses. The controller and processor split is the UK GDPR structure underneath both, and it is why the governance duties stay with you even on strong vendor terms. A data protection impact assessment is the ICO’s expected tool for higher-risk processing, and its AI toolkit gives a workable starting structure.
The Customer Copyright Commitment has close cousins worth knowing about. Adobe offers an IP indemnity for Firefly and Google offers one for its Cloud AI services, all built on the same shape, protection for compliant business use with defined exclusions. If a vendor pitches you an AI tool with no equivalent commitment at all, that absence is itself useful information.
Before Monday’s sign-off, three checks cover the ground. Confirm the quote is for Microsoft 365 Copilot rather than a consumer or Pro licence, confirm staff will use work accounts only, and confirm your Microsoft 365 agreement incorporates the current Data Protection Addendum. If you want a second pair of eyes on what Copilot should and should not touch in your business, book a conversation.



