Microsoft 365 Copilot Under the EU AI Act: Risk Classification and Deployer Duties

Microsoft 365 Copilot is a productivity assistant embedded in Word, Excel, Outlook, and Teams, built on GPAI models from Microsoft and OpenAI. For most organisations deploying it, the EU AI Act obligations are lighter than the headlines suggest — but they are not zero, and they depend entirely on what you use it for.

This guide covers what the Act requires of you as a deploying organisation, where the GPAI provider obligations sit (with Microsoft, not you), when a Copilot deployment crosses into territory that demands more, and what to record.

---

What risk tier does M365 Copilot sit in?

The right question is not "is Copilot high-risk?" but "is my organisation's use of Copilot high-risk?"

Copilot is a general-purpose productivity tool. When your staff use it to draft emails, summarise meeting notes, generate slide decks, or write code, the deployment sits at minimal risk — the base tier of the EU AI Act. No mandatory obligations attach to this tier beyond common sense data governance. The Act explicitly encourages minimal-risk tools; it does not ban or burden them.

Limited-risk (Article 50) may apply where Copilot produces synthetic content shared externally or acts in a conversational role that could be mistaken for a human. Article 50 requires disclosure — tell recipients they are interacting with or reading AI-generated output. This obligation applies from 2 August 2026 (not before; it is still a future date as of mid-2026). The duty is a labelling and disclosure obligation, not a documentation stack.

High-risk (Article 6 + Annex III) applies only if you deploy Copilot to make or materially influence an Annex III decision. The Annex III categories include employment screening and worker management (Annex III, point 4), creditworthiness assessment (point 5(b)), and life and health insurance risk pricing (point 5(c)). A hypothetical: if your HR team uses Copilot to rank CVs and that ranking is fed directly into a shortlisting decision without substantive human review, you have an Annex III point 4 deployment. That triggers the high-risk obligation stack. For stand-alone Annex III systems, the compliance deadline under the Digital Omnibus (political agreement, May 2026) is 2 December 2027, deferred from the original August 2026 date.

The Article 6(3) filter matters here. Even if a use sits within an Annex III category, it is not high-risk if it performs a narrow preparatory task and does not replace or materially influence a human assessment. Copilot drafting a summary for an HR manager who then reads the original documents and decides independently may fall outside the high-risk tier — but you need to document that reasoning, not assume it.

---

Where GPAI provider obligations sit

M365 Copilot is built on GPAI models. Under Chapter V of the Act (in force since 2 August 2025), obligations on GPAI providers — technical documentation, downstream provider information, copyright policy, a training-data summary (Article 53) — fall on Microsoft and OpenAI, not on your organisation.

If the underlying model is designated systemic-risk (Article 51, the 10²⁵ FLOP threshold), Article 55 obligations for model evaluation, adversarial testing, and incident reporting also sit with the model provider. Microsoft publishes its EU AI Act compliance information and data-processing terms in the Microsoft Customer Agreement and its EU Data Boundary commitments. You should review those documents, but you are not the GPAI provider — you do not carry Article 53 or Article 55 obligations.

This is a meaningful distinction. Several vendor risk frameworks treat the deploying organisation as responsible for the model's full regulatory posture. The Act does not work that way: role determines obligation.

---

What the deploying organisation must do

Regardless of use-case risk tier, four things apply to every organisation deploying M365 Copilot in a professional context.

1. Inventory and register the tool

Record M365 Copilot in your AI register. The Act does not prescribe a format, but your register should capture: the tool name and version, vendor (Microsoft), intended use within your organisation, the risk-tier determination (minimal / limited / high), and the date of that determination. If you later change how you use it — say, from general drafting to feeding outputs into employment decisions — update the register and re-classify.

This is the baseline Article 4 AI literacy and Article 26 deployer diligence that every professional deployer should maintain. It takes an hour; the absence of it is the most common compliance gap regulators will look for.

2. Meet Article 4 AI literacy requirements

Article 4 has applied since 2 February 2025. Your organisation must ensure staff who work with AI systems have sufficient understanding of the tool's capabilities, limitations, and appropriate use. For Copilot, this means practical training: what Copilot can reliably do, where it hallucinates, what types of output require human verification, and how to distinguish Copilot-generated content from independently verified information. Document that training happened.

3. Manage data governance and permission hygiene

This is the practical risk most organisations underestimate. Copilot operates within your Microsoft 365 tenant and surfaces content your users can access — but it does so at speed and at scale. If your SharePoint permissions are poorly configured, Copilot will surface documents that users nominally have access to but were never expected to read. That is not an AI Act violation per se, but it is a GDPR exposure and a real operational risk.

Review your Microsoft 365 data governance before enabling Copilot broadly: tighten sharing permissions, audit sensitive-document access, and confirm your Microsoft DPA and EU Data Boundary settings match your data-residency expectations. The Microsoft Customer Agreement and EU Data Boundary programme are the contractual instruments here; verify you are enrolled.

4. Apply Article 50 disclosure where it applies

From 2 August 2026, where Copilot produces content distributed externally that could be mistaken for human-authored material, label it. This is a proportionate obligation: a Copilot-drafted internal meeting summary that stays internal does not require a disclosure notice. A client-facing report drafted with Copilot that is presented as the work of your team is a different matter. Build a short internal policy: what types of Copilot output go external, and what disclosure language do you attach?

---

When a Copilot deployment becomes high-risk

The line is use, not tool. Three scenarios make a Copilot deployment high-risk in practice.

Employment and worker management (Annex III, point 4(a)): Using Copilot to screen applications, generate candidate rankings, recommend promotions, allocate tasks, or monitor worker performance in ways that materially influence decisions about individuals. If the Copilot output is one input among many and a human makes an independent assessment, the Article 6(3) filter may apply. If the output is treated as determinative, it does not.

Creditworthiness or credit scoring (Annex III, point 5(b)): Using Copilot to generate credit assessments or loan eligibility summaries that are fed into approval or rejection decisions. General financial drafting — summarising a P&L, drafting an investor update — is not this.

Life and health insurance risk and pricing (Annex III, point 5(c)): Using Copilot to price or underwrite health or life insurance products based on individual risk profiles.

If your use case falls into one of these categories and the Article 6(3) filter does not rescue it, you inherit the deployer obligations under Article 26 and the relevant assessment requirements. Document that analysis. The obligation is to think clearly about it and write down what you concluded, not to assume either way.

Fundamental Rights Impact Assessment (Article 27)

Article 27 FRIA is required for public-body deployers and for private deployers of systems that fall under Annex III points 5(b) (creditworthiness) and 5(c) (life/health insurance). It is not automatically required for private-sector employment deployments — Article 27 scoping does not extend to all private employers using Annex III point 4 tools. If you are a public body, or deploying in credit/insurance contexts, conduct the FRIA before going live with a high-risk Copilot workflow. If you are a private employer using Copilot in an HR workflow that is genuinely high-risk, the obligation is Article 26 human oversight and monitoring — not a mandatory FRIA, though running one is good practice.

---

Data residency and the Microsoft contractual layer

The Microsoft Customer Agreement, the EU Data Boundary, and your Microsoft DPA form the contractual basis for data residency and processing commitments. The EU Data Boundary means Microsoft commits to storing and processing EU commercial and public-sector customer data within the EU and EFTA. Verify this is enabled for your tenant and documented in your compliance file. If a regulator asks how your Copilot deployment handles personal data, "Microsoft said so in their documentation" is not enough — you need to show you reviewed and accepted the relevant DPA terms.

For GDPR, the relevant instrument is GDPR Article 28 (processor obligation) — Microsoft acts as a data processor when processing personal data on your behalf in M365. Ensure your data-processing agreement is current and covers Copilot.

---

How Confir helps

Add M365 Copilot to your AI register in Confir and answer the intake scenarios. The rule-based classification engine will derive the correct risk tier from your described use — minimal, limited (Article 50), or high-risk (Annex III) — and surface the obligation set that applies. For a general productivity deployment, that is a short list. For a Copilot workflow used in employment screening or credit assessment, Confir will scope the full Article 26 deployer obligation stack and, where Article 27 applies, trigger the FRIA workflow.

The output is a dated, auditable record of your classification reasoning — the kind of documentation that demonstrates good-faith compliance whether or not an audit ever arrives.

---

Frequently Asked Questions

Is Microsoft 365 Copilot classified as high-risk under the EU AI Act?

No — not by default, and the Act does not classify tools by name. The risk tier depends on how you deploy it. General productivity use — drafting, summarising, coding assistance — is minimal risk under the Act, with no mandatory compliance obligations beyond data governance and Article 4 AI literacy. High-risk classification (Article 6 + Annex III) applies only if your organisation uses Copilot to make or materially influence an Annex III decision, such as employment screening (point 4) or creditworthiness assessment (point 5(b)).

Who bears the GPAI provider obligations for M365 Copilot?

Microsoft and OpenAI, as the providers of the underlying GPAI models, carry the Chapter V obligations under the EU AI Act — including Article 53 (technical documentation, downstream information, copyright policy, training-data summary) and Article 55 if the model is systemic-risk. These obligations have applied since 2 August 2025. As a deploying organisation, you are a deployer under Article 26, not a GPAI provider. You benefit from Microsoft's compliance but do not inherit its provider obligations.

Does deploying Copilot for HR purposes automatically make it high-risk?

It depends on the role Copilot plays in the decision. Copilot drafting a job-posting template or summarising interview notes for a hiring manager who then reads the original materials and decides independently is likely preparatory work that falls outside the high-risk tier under the Article 6(3) filter. Copilot generating candidate rankings that feed directly into shortlisting without substantive human review is a different matter — that is more likely Annex III point 4 territory. Document your assessment either way.

When does Article 50 transparency apply to Copilot outputs?

Article 50 applies from 2 August 2026. Where Copilot produces content distributed externally that could be mistaken for human-authored work, or where it operates in a conversational mode, you should disclose that the content is AI-generated. Internal use — meeting summaries, draft documents that go through human editing — does not require the same labelling. Build a short internal policy before the August 2026 date to cover external-facing use cases.

Do we need a Fundamental Rights Impact Assessment for Copilot?

Only if you are deploying in a context where Article 27 scoping applies. Article 27 requires an FRIA for public-body deployers, and for deployers using high-risk AI in creditworthiness (Annex III 5(b)) or life/health insurance (5(c)) contexts. Private employers deploying Copilot in HR workflows are not automatically FRIA-obliged, though if the deployment is genuinely high-risk under Annex III point 4, the Article 26 obligation stack — including human oversight and monitoring — applies.

What should we actually do before enabling Copilot broadly?

Four things: add it to your AI register with a use-case description and risk classification; run Article 4 AI literacy training for users; audit and tighten your Microsoft 365 data permissions so Copilot does not surface content that should be restricted; and review your Microsoft DPA and EU Data Boundary settings to confirm data residency. If any intended use involves employment decisions, credit, or insurance, classify that workflow separately and apply the appropriate controls before go-live.

What is the compliance timeline for high-risk Copilot deployments?

General application of the Act, including Article 50 limited-risk transparency, is 2 August 2026. For stand-alone high-risk AI systems (Annex III), the deadline under the Digital Omnibus (political agreement, May 2026) is 2 December 2027 — deferred from the original August 2026 date. Article 4 AI literacy has applied since 2 February 2025. If you have a genuinely high-risk Copilot workflow, 2 December 2027 is the hard deadline; building the documentation before then is not optional, and the documentation alone takes time to assemble.

---

Related guides

• EU AI Act high-risk classification
• SaaS provider compliance obligations
• compare high-risk AI compliance solutions
• Article 50 transparency requirements
• Article 53 GPAI provider obligations
• Article 3 definitions