What Governs Microsoft Copilot's Enterprise Terms of Use
The Microsoft Copilot enterprise terms of use are not a separate contract you sign. They are assembled from three documents you already accepted: the Microsoft Product Terms, the Microsoft Products and Services Data Protection Addendum (DPA), and your volume licensing agreement (Enterprise Agreement, MCA-E, or CSP). Microsoft 365 Copilot and Microsoft 365 Copilot Chat inherit the same enterprise terms as the rest of your Microsoft 365 commercial subscription, with Microsoft acting as your data processor rather than a data controller.
That inheritance is the single most important fact for procurement: Copilot does not get its own weaker terms, but it does not get stronger ones either unless you negotiate them. Because Microsoft revises the Product Terms and DPA on a rolling monthly basis, the version that governs your Copilot use is the one referenced in your agreement at the time of the dispute — not the one you read at signature. Any enterprise treating Copilot as material spend should pin the DPA version in its contract record and review changes at each renewal.
Your Data Rights Under Enterprise Data Protection
The commitment enterprises ask about first: your prompts, the responses Copilot generates, and the data Copilot accesses through Microsoft Graph are not used to train Microsoft's foundation models. Microsoft 365 Copilot operates under Enterprise Data Protection (EDP), which extends the same contractual privacy and security commitments that already cover Exchange, SharePoint, and Teams data — including GDPR support, the EU Data Boundary, and ISO/IEC 27018 certification, all backed by the DPA.
The critical operational nuance is permissions. Copilot can only surface content the signed-in user already has access to through existing Microsoft 365 permissions. That sounds reassuring, but it converts every pre-existing oversharing problem in SharePoint and OneDrive into an AI exposure problem: if a sensitive document was over-permissioned before Copilot, Copilot will now find and summarise it on request. Microsoft Purview sensitivity labels and access reviews are therefore a prerequisite to a safe deployment, not an optional add-on.
| Term | What Microsoft commits | What it does not cover |
|---|---|---|
| Model training | Your tenant data is not used to train foundation models | Does not apply to consumer Copilot or unmanaged accounts |
| Data processing role | Microsoft acts as processor under the DPA | You remain controller and own oversharing risk |
| Access scope | Copilot honours existing M365 permissions | Pre-existing over-permissioning is now AI-discoverable |
| Certifications | GDPR, EU Data Boundary, ISO/IEC 27018 | Third-party model traffic may fall outside (see below) |
The Customer Copyright Commitment — What It Actually Covers
Effective 1 October 2023, Microsoft's Customer Copyright Commitment (CCC) states that if a third party sues your organisation for copyright infringement over output generated by a paid Microsoft commercial Copilot, Microsoft will defend you and pay the resulting adverse judgments or settlements. It is a meaningful indemnity — but a conditional one.
The protection applies only if you used the guardrails and content filters built into the product and were not attempting to generate infringing material. Disabling content filters, jailbreaking the model, or knowingly prompting for protected works voids the commitment. It covers paid commercial Copilots and their generated output; it does not extend to consumer tiers. For procurement, the CCC is a reason to keep default content filtering enabled as policy and to document that policy — the indemnity is only as strong as your ability to show you met its conditions.
The Customer Copyright Commitment is real protection, but it is contingent on configuration. An enterprise that loosens content filters for productivity reasons may quietly forfeit the indemnity it is counting on — which is why filter settings belong in your AI governance policy, not in individual users' hands.
EU Data Boundary, Flex Routing & Data Residency
For EU customers, Microsoft 365 Copilot is an EU Data Boundary service: EU traffic is intended to stay within the EU Data Boundary. Two 2025–2026 changes reshaped that promise and both matter to any data-residency-sensitive buyer.
First, Flex Routing. When demand on EU infrastructure is high, Microsoft can route large language model inferencing outside the EU Data Boundary — and Flex Routing is on by default for eligible tenants created after 25 March 2026. Worldwide traffic can already be sent to the EU and other regions for processing. Second, Anthropic's Claude models are out of scope for both the EU Data Boundary and Microsoft's in-country processing commitments: if your users invoke Claude-based capabilities inside Copilot, that traffic leaves the boundary. In November 2025 Microsoft added in-country data processing for 15 countries to strengthen sovereign controls, but these commitments do not retroactively cover third-party models.
The practical takeaway for regulated industries: do not assume "EU Data Boundary service" means "data never leaves the EU." Confirm your tenant's Flex Routing posture, decide whether to disable it where contracts or regulators require strict residency, and treat third-party model usage as a separate residency question.
Acceptable Use and Admin Controls
Copilot use is governed by Microsoft's Acceptable Use Policy within the Product Terms — the same AUP that applies to your other Microsoft Online Services. The more useful lever for enterprises is the admin tooling. In the Integrated apps section of the Microsoft 365 admin center, administrators can view the permissions and data access each agent requires, along with the agent's own terms of use and privacy statement, and decide which agents are permitted in the tenant. As the agent ecosystem expands through Agent Builder and third-party publishers, that allow-list becomes the control point for both legal exposure and cost.
Governance should therefore treat agents like software procurement: review the data each agent touches, the terms it carries, and who can deploy it — before it is enabled tenant-wide, not after a business unit has built a workflow on top of it.
The Copilot Terms Procurement Should Negotiate
Because Copilot inherits standard Microsoft terms, the negotiating job is to harden the few that carry real risk. Get data residency commitments stated in your agreement rather than relying on default service descriptions; clarify in writing whether Flex Routing can be disabled for your tenant where residency is contractually required; confirm the scope of third-party models and whether they can be restricted; and align the Copilot subscription term with your wider Microsoft 365 commitment so a New Commerce Experience lock-in does not quietly extend it.
For the cost side of the same decision, see our guide to Microsoft Copilot Cowork costs and our breakdown of Microsoft Copilot licensing and pricing. The wider commercial relationship is covered by our Microsoft negotiation experts and the Microsoft Copilot Enterprise Guide. If AI contract terms are a board-level concern, our AI procurement advisory practice reviews them line by line — request a confidential briefing to start.