"Safe" depends on what you mean

GDPR-compliant? Yes - Copilot and Claude both operate within it. Sovereign from a US company holding your data? No - but that's already true of Microsoft 365. So if you're trusting Microsoft with your documents today, adding Copilot, or Claude, doesn't really change the picture. The exposure that should actually worry you is somewhere else entirely: the team member quietly pasting client data into a random free AI tool because no one gave them a sanctioned one. That shadow usage is a far bigger hole than the enterprise platform you've already vetted.

The risk no one names: dependency

This is where I'd put your attention instead. If you build your whole operation on one model - every skill, automation and process locked to Claude - what happens when the token price doubles? You have no way out. So build AI capability, not dependency. Build your skills, connectors and plugins so they're portable to other models. That stops any one AI firm monopolising you, and it keeps you free to move.

It's part of why I work in Claude: Anthropic backs this approach. They invented the Model Context Protocol - the standard way AI connects to your tools and data - and then donated it. It's now the de facto standard, adopted across OpenAI, Google and Microsoft. They built the USB-C, not the lightning cable. The partnerships run deep, too: Microsoft invested $5bn in Anthropic in November 2025, and Claude is now the only frontier model available on all three major clouds.

Who's accountable? Always a human

Here's the line that matters: AI can't be sued, fined or sent to jail. Liability lands on the humans involved - so accountability has to as well. "The AI did it" is not a defence, and it never will be.

That has a practical consequence. Every workflow, agent, skill and plugin needs clear human-in-the-loop points. Two kinds worth naming:

  • Checkpoints - where human judgement is required.
  • Approval gates - where a human must sign off before anything happens.

Design those in deliberately and you get the speed of automation without surrendering the accountability you can't delegate.

What this actually means for you

Stop worrying about whether your data is "in the cloud" - it already is. Ask two better questions instead. Are we building portable capability, or quiet dependency? And have we drawn the human checkpoints and approval gates into every AI process? Get those two right and AI becomes an asset you control, not a risk you're exposed to.

If you're not sure where your accountability points should sit, that's exactly the kind of thing worth a conversation.

Sources: Microsoft, NVIDIA and Anthropic announce strategic partnerships (Microsoft, Nov 2025); Anthropic donates the Model Context Protocol.

Darren Boyle

Founder, The AI Adoption Agency

Darren Boyle is the founder of The AI Adoption Agency, Scotland's dedicated Claude adoption, training and governance partner. He helps MDs and CEOs turn AI access into measurable results - working smarter, not harder. AI made simple.