Is Microsoft 365 Copilot data safe for Australian organisations?

For an Australian-provisioned M365 tenant, Copilot processes and stores prompts and responses (customer data) within the AU geography under the same Data Protection Addendum that governs your existing M365 workloads, and Microsoft does not use that data to train its foundation models. The boundaries to verify are connected experiences such as Bing-grounded search and some Wave 2 agents, which route globally, plus telemetry classified as service-generated data. With over-sharing fixed and connected experiences configured, it is a strong position for most AU organisations, including many regulated ones.

Where does ChatGPT Enterprise store data compared with Copilot, and does it offer Australian residency?

ChatGPT Enterprise runs primarily on US infrastructure, with regional data-residency options OpenAI has been expanding (including European residency). As at 2026 it does not commit AU customer content to in-Australia processing the way an AU-provisioned M365 tenant does for Copilot. If in-country residency matters for your regulatory profile, you must confirm the available residency options in writing in your enterprise agreement rather than assuming them; with Copilot the AU residency story is inherited from your existing tenant.

Do Copilot or ChatGPT Enterprise train on our company data?

Neither trains its foundation models on enterprise customer data by their stated commitments. Microsoft 365 Copilot does not use your tenant's prompts, responses or Microsoft Graph data for foundation-model training, as part of the M365 enterprise terms. ChatGPT Enterprise does not use business data to train models by default. The practical caveat is tier discipline: the protection applies to the enterprise product, not to staff using consumer ChatGPT accounts, which is usually the larger real-world exposure.

Which is the lower-risk choice for a regulated Australian business?

For organisations already standardised on Microsoft 365, especially under APRA CPS 234, Privacy Act or government-panel obligations, Copilot is typically the lower-risk default because it extends an AU tenant and Entra identity boundary you have already assessed. ChatGPT Enterprise is a legitimate choice where you want model independence from Microsoft or a workflow outside M365, but treat it as a new vendor: confirm AU residency in writing, lock the no-training tier, and stand up its own identity and audit surface.

Copilot vs ChatGPT Enterprise: Data Security Compared (Australia 2026)

Most Copilot-versus-ChatGPT-Enterprise comparisons are written for buyers who care about features and price. That is not the comparison a risk-averse Australian board runs. When the audit committee, the CISO or general counsel get involved, the question narrows fast: where does our data physically sit, does either vendor train on it, and can we prove that to a regulator? This piece compares Microsoft 365 Copilot and OpenAI's ChatGPT Enterprise strictly on data security, residency and sovereignty, the axis that actually decides the procurement in regulated and risk-sensitive AU organisations.

Frontrow runs this assessment for Australian clients regularly, and the conclusion is rarely 'one is safe and one is not'. Both products have genuine enterprise-grade commitments. The real differences are about where the data is processed, how the no-training promise is structured, and how the controls integrate with the governance you already run. Those differences map cleanly onto Privacy Act obligations, APRA CPS 234, and Australian Government data-sovereignty selection criteria.

Start with the question your board is really asking

Boards do not ask 'which model is smarter'. They ask whether deploying the tool creates a notifiable data-breach exposure, whether customer or employee personal information could leave Australia, and whether the vendor could ingest the organisation's content into a training set. Those three concerns, residency, no-training, and isolation, are the only ones that change the answer at board level. Everything else is an adoption and ROI conversation that happens after the security gate is cleared.

The useful way to read the comparison below is as a gate, not a scorecard. If a product fails the residency or no-training requirement for your regulatory profile, capability and price are irrelevant. Both products generally clear the gate for commercial AU organisations, but they clear it differently, and the difference is the whole point.

Data residency: where processing actually happens

Microsoft 365 Copilot inherits the data-residency posture of your existing M365 tenant. For an Australian tenant provisioned to the Australia region, Copilot prompts and responses, the customer data, are committed to processing and storage within the AU geography under the same Data Protection Addendum that already governs Exchange, SharePoint and Teams. The boundaries are real but bounded: connected experiences such as Bing-grounded search and some Wave 2 agents route through Microsoft's global infrastructure, and telemetry is treated as service-generated rather than customer data. We cover exactly what stays and what moves in our companion guide on Copilot data residency in Australia.

ChatGPT Enterprise takes a different architectural path. OpenAI's enterprise offering runs primarily out of US infrastructure, with regional data-residency options that OpenAI has been expanding, including European residency. As at 2026, OpenAI's published guidance does not commit ChatGPT Enterprise customer content to in-Australia processing the way an AU-provisioned M365 tenant does. For an Australian organisation, that is the single most consequential difference: with Copilot the data-sovereignty story is an extension of an existing AU tenant; with ChatGPT Enterprise it is a US-centred service with regional options you must confirm in writing for your specific contract.

No-training commitments: read the structure, not the headline

Both vendors say they do not train foundation models on enterprise customer data, and both mean it, but the commitments are structured differently. OpenAI states that ChatGPT Enterprise (and its API/business tiers) does not use business data to train its models by default. Microsoft states that M365 Copilot does not use your tenant's prompts, responses or Microsoft Graph data to train the underlying foundation models. For a board, 'they both say no' is not the answer; the answer is how the commitment is bound and whether it is the default or an opt-out.

The practical test is contractual: is the no-training position a default term in the enterprise agreement, or a setting an administrator has to maintain? With Copilot, the no-training commitment for customer data is part of the M365 enterprise terms, sitting alongside data-protection commitments your legal team has likely already reviewed for the rest of the stack. With ChatGPT Enterprise, the no-training position applies to the enterprise tier specifically, which makes tier discipline important: the same organisation using consumer ChatGPT or an unmanaged personal account does not get the same protection. Shadow use of consumer AI is, in our experience, the larger real-world exposure than either enterprise product's stated policy.

Tenant isolation and the identity boundary

Copilot's strongest structural argument is that it operates inside your Microsoft Entra identity and permissions boundary. Copilot only surfaces content a given user already has permission to see, because it queries Microsoft Graph under that user's identity. That is powerful and also a trap: if your SharePoint and Teams permissions are over-shared, Copilot will faithfully expose the over-sharing at conversational speed. The security work for Copilot is therefore mostly pre-existing data-governance hygiene, not new vendor risk.

ChatGPT Enterprise isolates customer workspaces and offers admin controls, SSO/SAML, SCIM provisioning, audit logging and encryption, with no-training as a default. But it sits outside your Microsoft 365 permission model. It does not inherit your Entra-governed access to SharePoint or Teams content unless you deliberately build that integration. For many organisations that is actually a cleaner separation; for others it means a second identity and audit surface to govern. Neither is wrong, but they are different security operating models, and your existing stack usually decides which one is less work to govern well.

Compliance posture and certifications

Both vendors carry the certifications enterprise buyers expect, including SOC 2 Type II and ISO 27001-family coverage, and both publish data-processing terms suitable for GDPR-aligned obligations that map onto the Australian Privacy Principles. The Microsoft advantage for AU regulated buyers is depth of the existing relationship: if you are already running M365 under an enterprise agreement that your APRA-regulated or government-panel obligations have been assessed against, Copilot extends a known compliance surface rather than opening a new one. For organisations bidding on Australian Government ICT panels where data sovereignty is a scored criterion, that continuity matters.

ChatGPT Enterprise can absolutely meet a strong compliance bar, and for organisations that want best-of-breed model access independent of Microsoft, it is a legitimate choice. The work is simply newer: a fresh vendor risk assessment, a fresh data-processing review, and explicit confirmation of residency for AU data rather than inheritance of an existing position.

Indicative cost, kept in its place

Pricing should not lead a security decision, but boards ask, so to frame it: both products are priced per user per month in roughly comparable enterprise territory (indicative AUD list, ex GST, confirm at purchase, as both vendors revise pricing and bundling). Microsoft 365 Copilot is an add-on to an existing M365 licence, so the true cost includes the underlying suite you likely already pay for. ChatGPT Enterprise is typically a standalone seat with volume and term negotiation. Treat any specific figure as indicative only; the residency and no-training structure, not a few dollars of seat price, is what should decide a risk-sensitive deployment.

How we'd actually choose

For most Australian organisations already standardised on Microsoft 365, especially those under APRA, Privacy Act or government-panel obligations, Copilot is the lower-risk default precisely because it extends an AU tenant and identity boundary you have already governed and assessed. The security effort shifts to data-governance hygiene, fixing over-sharing before you let Copilot read everything, which is work you needed to do anyway.

ChatGPT Enterprise earns its place where you want model independence from Microsoft, where teams genuinely prefer the OpenAI tooling, or where a workflow lives outside M365 entirely. In those cases the right move is to treat it as a new vendor: confirm AU data residency in writing, lock the no-training tier discipline, and stand up its identity and audit surface deliberately. And whichever you choose, the largest real exposure is usually neither product but unmanaged consumer AI use by staff, which no enterprise contract covers.

The shortlist of things to verify before you sign

1Get the data-residency position in writing for your specific tenant or contract, naming which workloads stay in Australia and which route globally.
2Confirm the no-training commitment is a default contractual term, not an admin setting that can silently drift, and that it covers the exact tier you are licensing.
3Map the identity and permissions boundary: for Copilot, audit SharePoint and Teams over-sharing first; for ChatGPT Enterprise, plan the SSO, SCIM and audit-log integration.
4Confirm certifications (SOC 2 Type II, ISO 27001) and that the data-processing terms map onto your Australian Privacy Principles obligations.
5Document the chosen position in your data-handling register, and write the policy that blocks staff use of consumer AI accounts for work content.