The MD of a 12-person law firm is reading the compliance officer’s report on AI tool use within the firm. Five paralegals are using free ChatGPT. Two solicitors are using Claude on the free tier. One trainee is using Gemini on the free tier. Total firm AI spend: zero. The compliance officer’s note at the bottom: “I cannot currently confirm whether any client matter information has been entered into these tools, but the policy does not specifically forbid it.” The MD now has a decision to make that costs the firm £180 a month and removes a category of professional risk she had not realised was sitting there.
This is the highest-leverage governance decision most owner-led SMEs face on AI. The free-tier-versus-paid-tier choice. It is also the one most often left unmade, because the cost feels too small to be material and the risk feels too abstract to be urgent. Both feelings are wrong.
What do free LLM tiers actually do with your data?
Free tiers from OpenAI, Google, and Microsoft default to training on user inputs. Anything an employee enters into free ChatGPT, free Gemini, or the free version of Microsoft Copilot becomes part of the training data and may be synthesised into responses to other users. None of the free tiers ship with a Data Processing Agreement. The Samsung 2023 incident, where employees used free ChatGPT to handle confidential semiconductor work, illustrates the failure mode at scale.
Anthropic Claude is the partial exception. The free tier does not train on user inputs by default. Documentation on data residency and retention is thinner than the commercial offering, and any SME that wants a formal contractual position needs the commercial Business Agreement.
What does the paid commercial tier actually buy?
Three things. A Data Processing Agreement, the legal contract for processing personal data under UK GDPR. Training opt-out, so user inputs are not absorbed into the model and cannot resurface in another user’s response. Clearer data residency, with UK or EU storage options available on enterprise plans. The paid commercial tiers usually include all three plus contractual breach-notification commitments, and any one of them would materially change the firm’s data risk position.
Beyond the contractual position, the paid tier typically includes audit logs, admin controls, and the ability to manage employees centrally. For a 10-50 person firm, the admin layer matters less than the contract; for a 50-100 person firm, it starts to matter quite a lot.
How does the cost actually break down?
The 2025-2026 pricing for the four major LLM providers sits in a similar band. ChatGPT Plus runs £15-20 per user per month with Enterprise pricing on negotiation. Gemini Business in Google Workspace runs £12-20 per user per month depending on the plan. Microsoft Copilot for Microsoft 365 runs £20-30 per user. Anthropic Claude for Work pricing is comparable and available via direct quote.
For a 10-person business where 3-4 people use LLMs regularly, the monthly cost is £45-120. For a 10-person business where every employee uses LLMs occasionally, the cost scales to £150-300. Compare against the cost of a single client confidentiality breach, one ICO investigation, one professional indemnity claim, or one ASA enforcement letter. The financial case is straightforward.
Where is the free tier still appropriate?
For genuinely public inputs. Brainstorming with no client or personal data. Drafting generic templates that contain no specific names or details. Summarising publicly-available information that is already on the open internet. Public-data analysis where both the dataset and the question are non-sensitive.
The free tier has a real role for these uses. The pattern that breaks SMEs is not the existence of free tiers; it is the assumption that the same tier handles every kind of input the firm needs to process. The fix is the data classification rule that maps which tier of input goes into which tier of tool.
How does the policy actually express this?
One sentence does most of the work. “Personal data and confidential information may only be processed by tools that have a Data Processing Agreement, have committed contractually not to use data for model training, and are UK GDPR compliant.” Everything else flows from that sentence.
In practice the rule means the firm pays for the paid commercial tier of one or two tools (ChatGPT Enterprise plus Claude for Work, for instance) and provides them to the employees who actually use LLMs in their work. The free tier remains available for genuinely public uses, with the policy and the data classification reference explaining which inputs belong where.
What about the mixed-fleet reality?
Most SMEs end up with a mixed fleet. Some firms run paid tiers for everyone, paying for the whole team to have access. Others run paid tiers for the staff who handle confidential data (paralegals, accountants, advisers) and free tiers for the staff who do not. A few run a single licensed enterprise tool that everyone routes through, often integrated with the firm’s existing Microsoft 365 or Google Workspace.
All three configurations are defensible. What matters is that the policy explicitly names which tier is approved for which class of data, and that the named tool is the one employees actually use day-to-day. A policy that approves a paid tier nobody has logged into has the same defect as a policy that bans a free tier everyone uses anyway.
What should you do this week?
Three actions. First, find out which AI tools your team is actually using. The amnesty + survey approach surfaces this without driving it underground. Second, decide which of those tools you are going to officially approve and pay for. Third, write the one-sentence rule into the policy.
If you are in the position of having a compliance officer’s report telling you what your firm is doing, and you are not sure what to do about it, book a conversation.
