Copilot in Government: Safe Deployment After the 2025 DPIA
Erwin Berkouwer
Microsoft 365 Copilot in government: safe after the 2025 DPIA, provided it's set up correctly. Discover what risks remain and how to implement responsibly.
Government organizations that delay the deployment of Microsoft Copilot face an invisible risk: employees who take the initiative to use unmanaged tools like ChatGPT — outside any security controls. A data breach, GDPR fine or reputational damage is already a fact before IT management knows about it. The only way to maintain control: a well-thought-out Copilot implementation with proper governance.
The discussion around Microsoft 365 Copilot in government has undergone a remarkable development in a short time. While at the end of 2024 the conclusion was still that Copilot was "not compliant to use", SLM Rijk (Strategic Supplier Management) has since September 2025 spoken of responsible deployment. But what exactly changed? And more importantly: what risks remain?
In this article we break down the current DPIA findings, Microsoft's technical safeguards and the concrete steps municipalities, provinces and the national government must take before Copilot is rolled out widely.
From four high risks to two medium risks
What changed after the first DPIA
The original DPIA (December 2024), conducted by SLM Rijk and SURF, identified four high privacy risks. The core objections: insufficient transparency about data processing, unclear retention periods and limited organizational control.
Microsoft has worked intensively with SLM and SURF for nine months in response. The result:
- Four high risks have been mitigated or reduced
- Microsoft 365 Copilot has been certified according to ISO 42001 (the international standard for AI management systems)
- Additional technical safeguards have been built in around personal data
SLM concludes that the AI assistant can now be deployed responsibly, provided organizations also take measures themselves.
Note: SURF remains more cautious. The education cooperative advises caution with large-scale implementation and will reassess in six months.
The two remaining medium risks
After the improvements, two medium risks remain that are relevant for every government organization:
1. Unintended disclosure of sensitive information
Copilot has, within the authorization of the employee, access to multiple data sources: OneDrive, email, SharePoint and Teams. The risk arises when Copilot makes connections between information from these different sources. An employee can thus unintentionally gain access to combined insights that are individually harmless, but together sensitive.
2. Incorrect or misleading output (hallucinations)
Copilot can generate convincingly plausible but factually incorrect answers. For government organizations where decision-making is based on factual accuracy, this poses a concrete risk when employees adopt output without critical review.
What does Microsoft say about data protection?
Based on publicly available Microsoft sources, including the Enterprise Data Protection document and the Microsoft 365 Copilot Privacy overview, the following safeguards apply:
Operation within the Microsoft 365 tenant
Copilot operates entirely within the organization's existing Microsoft 365 environment. Users see only data they already have access to based on their authorizations. The tool respects the existing rights structure without bypassing it.
No training on organizational data
Prompts and generated answers are not used to train Microsoft's underlying Large Language Models (LLMs). This is an important distinction from consumer versions of AI tools. The organizational data remains within Microsoft 365 security boundaries.
Microsoft Graph as information source
Copilot doesn't "make up" information from external sources. Answers are based on content available within the organizational context via Microsoft Graph: documents, emails, chats and calendar data. Logging, auditing and encryption follow existing M365 security measures.
The role of Microsoft Purview in safe Copilot deployment
One of the most underestimated factors in safely implementing Copilot in government is the configuration of Microsoft Purview. This platform provides the tools to classify and protect data before Copilot starts working with it.
Sensitivity labels and data classification
With Purview, organizations can assign sensitivity labels to documents, emails and SharePoint locations. These labels determine:
- Which content Copilot is allowed to use in responses
- Which documents are excluded from AI processing
- What encryption and access restrictions apply
For government organizations working with the Baseline Information Security Government (BIO), this is the key to responsible Copilot rollout.
Data Loss Prevention (DLP) and audit logging
Purview also provides DLP policies that allow organizations to set rules for how information within Microsoft 365 can be processed and shared. Combined with audit logging, this creates complete traceability of how Copilot handles organizational data.
Tip: SLM Rijk explicitly recommends enabling audit logging and sensitivity labels before activating Copilot. This is not an optional step, but a basic requirement.
Practical implications for municipalities, provinces and government
The DPIA conclusion is nuanced: Copilot can be deployed safely, but only if governance, configuration and conscious use go hand in hand. Below are the three pillars.
Pillar 1: Authorizations and information classification
Before Copilot is rolled out widely, the authorization structure within Microsoft 365 must be in order. Copilot can only be as safe as the identity and access management (IAM) underneath it.
Concrete actions:
- Review and limit excessive access rights in SharePoint and Teams
- Implement sensitivity labels via Microsoft Purview
- Conduct your own DPIA at the organizational level
- Enable audit logging for all Copilot interactions
Pillar 2: Training and AI literacy
The DPIA from SLM Rijk explicitly states that employee training is essential. Employees must understand:
- What Copilot does and doesn't do
- How to critically evaluate AI output
- What internal AI guidelines apply
- When human verification is mandatory
Without this knowledge, the risk of uncontrolled use remains, regardless of technical measures. AI Coaching can help teams gain this knowledge.
Pillar 3: Governance and policy
In addition to technology and training, organizational policy is needed. This includes:
- A formal AI policy with guidelines for responsible use
- Periodic review of risks and measures
- Compliance with the AI Regulation (EU AI Act), whose obligations for high-risk systems come into full effect from August 2026
- Registration in the national algorithm register where applicable
What does Copilot concretely deliver?
Governance and compliance are prerequisites — not the end goal. What do government employees actually gain from it? Early pilot results and Microsoft research provide guidance.
Time savings per application:
| Application | Average time savings |
|---|---|
| Auto-generate meeting minutes | 10–15 minutes per meeting |
| Draft letter or memo | 25–30% faster |
| Summarize policy documents | 40–60% less reading time |
| Search internal documents via SharePoint | 2–3× faster |
Municipality Midden-Groningen led the way in a pilot project and reported that employees clearly saw potential. The applications that resonated most: automatically generating meeting minutes and drafting initial versions of letters and memos — tasks that structurally consume time.
More than 70% of employees working with Copilot report being more productive. At the same time, successful adoption is a technical challenge for 30% and an organizational challenge for 70%. (Source: Microsoft Work Trend Index, 2025)
A team of 10 employees attending four meetings per week on average saves 6–10 hours per week just from automating minutes. That equals more than one FTE per quarter for the entire team.
The lesson: start with one department and one concrete use case. Measurable results create internal support for broader rollout. Check out AI applications for your organization to discover which use cases are most relevant for your situation.
Shadow AI: the invisible risk of inaction
One aspect that remains underexposed in DPIA discussions: the risk of Shadow AI. Research shows that 78% of knowledge workers worldwide are already using AI tools. When an organization doesn't offer a controlled AI solution, employees turn to unmanaged alternatives like ChatGPT, Gemini or other tools.
The difference: with Shadow AI, organizational data leaves the secure environment. There's no logging, no data classification and no control over where data ends up. A total ban on AI thus creates a false sense of security that is riskier than controlled Copilot deployment.
The choice is not whether AI will be used, but how. By investing in a managed solution with proper governance, the organization retains control. Check out our AI Agents for managed alternatives.
Roadmap: Safely implement Copilot in government
| Step | Action | Responsible |
|---|---|---|
| 1 | Conduct your own DPIA at the organizational level | Privacy Officer / FG |
| 2 | Map authorizations and access rights (IAM audit) | IT management |
| 3 | Configure Microsoft Purview: sensitivity labels and DLP policy | Information security advisor |
| 4 | Enable audit logging for Copilot interactions | IT management |
| 5 | Develop internal AI policy and usage guidelines | CISO / Policy advisor |
| 6 | Train employees in AI literacy and responsible use | HR / Training |
| 7 | Start with a limited pilot (selected department) | Project manager |
| 8 | Evaluate, adjust and scale | Steering committee AI |
Conclusion: safe, provided it's well thought out
The core question "Is Copilot safe for government?" can now be answered with a qualified "yes". The DPIA from September 2025 shows that Microsoft has made substantial improvements. The four original high risks have been mitigated.
But safety is not a product you buy. It's a continuous process that requires:
- Correctly configured authorizations and data classification
- Trained employees who critically evaluate AI output
- Governance that grows with AI development
Organizations that take these three pillars seriously can deploy Copilot responsibly and at the same time benefit from the productivity gains the tool offers.
Need help with safe Copilot deployment?
Unify AI helps government organizations and companies safely and responsibly implement AI solutions like Microsoft 365 Copilot. From AI consultancy and readiness assessments to configuring governance and training teams: we ensure an approach that fits public sector requirements. Contact us for a no-obligation conversation.
Sources
- DPIA Microsoft 365 Copilot (SLM Rijk)
- Update DPIA: SLM and SURF advise responsible adoption (Microsoft Pulse)
- Enterprise Data Protection for Microsoft 365 Copilot
- Microsoft Purview and Copilot (Microsoft Learn)
- Municipalities reconsider Microsoft Copilot deployment (VNG)
- Government and education may use Copilot after risk reduction (Dutch IT Channel)
- iBestuur: total ban is not a sustainable solution
- Purview: Protect files against Copilot (AVK)
