Why most "GDPR-compliant" labels mean very little#
Every AI vendor selling into the European market advertises "GDPR compliance". Most of them are technically telling the truth on a narrow reading, and misleading on the reading that actually matters for a DACH business buying the tool.
Being GDPR-compliant as a vendor means five concrete things that can be verified with vendor documents, not marketing pages:
- A public, reviewable Data Processing Agreement under Article 28 GDPR
- Verifiable EU data residency at the tier the customer is paying for
- A clear policy on training on customer data, including defaults and opt-out paths
- A public subprocessor list per Art. 28(4)
- Handling of third-country transfers per the Schrems II framework (SCCs, DPF, or supplementary measures)
This post goes through nine major AI tools against these five criteria, with links to the actual vendor documents. The data was verified on 19 April 2026. Anything that could not be verified is marked NOT FOUND — not speculated.
The five criteria, concretely#
DPA under Art. 28 GDPR: German and Austrian businesses need a contract with the AI vendor that makes the vendor an Auftragsverarbeiter. Some vendors auto-incorporate this into their standard Terms. Others require you to request and sign a separate document. Public DPAs are a strong positive signal; "DPA on request" is weaker but usually workable with some legal-review time.
EU data residency: Where the data is physically stored and where inference runs. A vendor based in the US that processes your data on US servers is a third-country transfer that requires SCCs and supplementary measures. A vendor with EU-hosted infrastructure avoids most of this complexity.
Training on customer data: The default behaviour varies wildly. Consumer tiers often train by default, with opt-out through settings. Business/Enterprise tiers usually do not train on customer data at all. Getting this wrong exposes business data in the training set of a model anyone can query.
Subprocessor list: A public list of companies that process data on the vendor's behalf. Required by Art. 28(4) for transparency. Vendors without public lists can still be compliant if they provide the list on request, but public lists are a trust signal.
Schrems II handling: Transfers to the US specifically need either Standard Contractual Clauses with supplementary measures, or the vendor must be certified under the EU-US Data Privacy Framework. The DPF certification is verifiable on the official DPF list.
The tool-by-tool breakdown#
Anthropic Claude#
DPA: Automatically incorporated into commercial terms for Claude for Work, API, Enterprise, Education, and Government tiers. No separate signature required for commercial customers. SCCs are integrated.
EU residency: The direct Anthropic API only offers us and global for inference_geo, with storage in the US. Verifiable EU residency is available only through AWS Bedrock (Frankfurt, Paris, Stockholm) or Google Vertex AI (10 EU regions). Going through AWS or GCP means you get Claude with EU data residency, but through a different legal structure.
Training on customer data: Commercial tiers (Work, Enterprise, API, Education, Government) are not used for training. Consumer tiers (Free, Pro, Max) changed on 28 September 2025 — users must now opt out or data is retained for five years and used for training.
Subprocessor list: Public at trust.anthropic.com/subprocessors, including AWS, GCP, and Brave Search.
Schrems II: SCCs integrated in the DPA. Not DPF-certified per the Anthropic certifications page — their listed certifications are SOC 2, ISO 27001:2022, ISO/IEC 42001:2023, and HIPAA-ready.
OpenAI ChatGPT#
DPA: Public at openai.com/policies/data-processing-addendum, effective 1 January 2026. Click-through for business customers via account. Does not apply to Consumer tiers (Free, Plus).
EU residency: Available for ChatGPT Enterprise, Edu, and the API (Projects). Launch post: Data residency in Europe; API details: help.openai.com. Not available for ChatGPT Plus or Free. If you are paying $20 a month for Plus, your data is processed in the US.
Training on customer data: Business tiers (Team, Enterprise, API) do not train by default. Consumer tiers (Free, Plus, Pro) train by default — opt-out is via Settings → Data Controls → "Improve the model for everyone" per the data-controls FAQ. For a DACH business using ChatGPT Plus seats, this is the single biggest compliance issue.
Subprocessor list: Public at openai.com/policies/sub-processor-list with 15-day advance notification via email opt-in.
Schrems II: SCCs in the DPA. Not DPF-certified (verified by absence from the DPF list). OpenAI Ireland Ltd. is the EEA contracting entity.
Microsoft 365 Copilot#
DPA: The Microsoft Products and Services DPA is public, current version from September 2025, auto-incorporated via volume licensing. Microsoft acts as processor under Art. 28.
EU residency: EU Data Boundary applies to Copilot, per the Microsoft Learn privacy documentation. Important note: since 7 January 2026, Anthropic models are available in Copilot but are explicitly outside the EU Data Boundary, and are default-disabled in EU, EFTA, and UK tenants.
Training on customer data: Microsoft's policy: "Prompts, responses, and data accessed through Microsoft Graph aren't used to train foundation LLMs." Confirmed in the privacy page above.
Subprocessor list: Service Trust Portal (login required) plus the public AI-subprocessor page listing OpenAI and Anthropic.
Schrems II: SCCs in the DPA. DPF-certified: Microsoft is Active on the DPF list.
Google Gemini / Workspace with Gemini#
DPA: Cloud Data Processing Addendum is public, auto-incorporated for Workspace Core Services. Gemini has been a Core Service since 2024.
EU residency: Data Regions support for Gemini features in Workspace launched in June 2025. Gemini Enterprise and NotebookLM Enterprise have explicit EU locations per cloud.google.com documentation.
Training on customer data: Workspace customer data is not used to train models without explicit permission, per support.google.com/a/answer/15706919 and the Workspace Service Specific Terms "Training Restriction" clause. Note: the consumer Gemini app has a different policy per support.google.com/gemini/answer/13594961.
Subprocessor list: Public at workspace.google.com/terms/subprocessors and cloud.google.com/terms/subprocessors.
Schrems II: SCCs Module 2 and 3 in the CDPA. DPF-certified: Google LLC is Active on the DPF list.
Mistral Le Chat#
DPA: Public at legal.mistral.ai/terms/data-processing-addendum, effective 12 March 2026. Auto-incorporated for business customers. SCCs Module 4 for restricted countries included.
EU residency: Default EU hosting for all services (Le Chat and La Plateforme), per Mistral's help center. The US API is an explicit exception. Enterprise customers can deploy on private cloud or on-premises.
Training on customer data: Le Chat Enterprise does not train on customer data, no opt-out required. Other tiers have opt-out options via DPA clauses.
Subprocessor list: trust.mistral.ai/subprocessors per the DPA document, with email notification available.
Schrems II: SCCs in the DPA. As a French company based in Paris, Mistral is primarily EU-internal, and DPF certification is not needed for its own processing. US subprocessor DPF status verifiable via trust center.
DeepL Pro / DeepL API#
DPA: On request for business customers (not auto-signed), available via the trust center deepl.safebase.us. B2B terms at deepl.com/pro-license-enterprise.
EU residency: Infrastructure partially in European data centres plus AWS, with region selection depending on plan, per the DeepL infrastructure and data protection page.
Training on customer data: Pro and API: text is not used for training, not stored (except for a maximum 72-hour debug exception). Quote and source: deepl.com/pro-data-security and deepl.com/pro-license. DeepL Free does train on the text — this matters for anyone using the free web version for business content.
Subprocessor list: Not found as a fully public list. The DPA names AWS and Microsoft as subprocessors, but full public disclosure was not locatable.
Schrems II: DeepL is a German company (Cologne), so GDPR applies intrinsically. Certified SOC 2 Type II and BSI C5 Type 2. DPF certification is not relevant for DeepL's own processing as an EU entity.
Aleph Alpha PhariaAI#
DPA: Auftragsverarbeitungsvertrag on request. Terms include an explicit clause: "Aleph Alpha will not use Input to improve the Services or further train... models." (aleph-alpha.com/terms-conditions)
EU residency: German company based in Heidelberg. PhariaAI-as-a-Service runs on STACKIT (Schwarz Group sovereign German cloud), per Aleph Alpha's STACKIT partnership announcement. Private cloud and on-premises deployment are also available.
Training on customer data: "Aleph Alpha does not log user inputs to the models and does not train on user data" (from the terms page above).
Subprocessor list: Not found as a public URL. No trust center with a publicly-listed subprocessor registry was locatable — available only on request.
Schrems II: EU vendor, no US transfer when PhariaAI deploys on STACKIT. SCCs not needed for a pure EU stack. The compliance story is EU AI Act plus GDPR alignment.
GitHub Copilot#
DPA: GitHub Data Protection Agreement is public and applies to Enterprise Cloud, Enterprise (Unified), Teams, and Copilot. Auto-incorporated for business and enterprise customers.
EU residency: No dedicated EU residency for Copilot specifically. GitHub Enterprise Cloud has an EU data residency option (as a separate product), but for Copilot inference no comparable public guarantee was found. NOT FOUND for Copilot-specific residency.
Training on customer data: Business and Enterprise tiers: prompts and suggestions are not stored and not used for training. User engagement data retention is 2 years. Source: GitHub Copilot Business privacy statement. Consumer tiers (Free, Pro, Pro+): as of 24 April 2026, training is enabled by default, opt-out via /settings/copilot/features. Source: GitHub changelog, 25 March 2026. If you are a freelance developer with a personal Copilot subscription, this is a meaningful change you may need to respond to.
Subprocessor list: Public at docs.github.com/subprocessors with 30-day advance notification. Includes OpenAI, Anthropic, and Microsoft Azure as AI inference providers (US).
Schrems II: SCCs in the DPA. GitHub/Microsoft is DPF-certified via Microsoft Corp on the DPF list.
Cursor Pro#
DPA: Not publicly downloadable. Available on request via enterprise@cursor.com. Privacy documentation: cursor.com/docs/enterprise/privacy-and-data-governance.
EU residency: No EU residency. Primary infrastructure is US (AWS) per cursor.com/security, with some latency-critical services in EU and Singapore, but no guaranteed EU residency for Pro. NOT FOUND for an explicit EU data residency commitment.
Training on customer data: Pro: Privacy Mode is optional (user toggle). Business: Privacy Mode is enforced plus zero data retention contracted with model providers (OpenAI, Fireworks). Without Privacy Mode, code can be used for product improvement per cursor.com/privacy and cursor.com/data-use.
Subprocessor list: trust.cursor.com/subprocessors via trust center. Subprocessors include OpenAI, Anthropic, Fireworks, AWS, Cloudflare.
Schrems II: SCCs status in the DPA (available on request). DPF certification NOT FOUND for Anysphere, Inc. (Cursor's legal entity). US hosting means EU customers need a Transfer Impact Assessment, SCCs, and supplementary measures.
Summary comparison#
| Tool | Public DPA | Guaranteed EU residency | No training by default | DPF certified |
|---|---|---|---|---|
| Anthropic Claude | Yes (terms-incorporated) | Only via AWS/GCP | Commercial tiers only | No |
| OpenAI ChatGPT | Yes | Enterprise/Team/Edu/API only | Business tiers only | No |
| Microsoft 365 Copilot | Yes | Yes (EU Data Boundary) | Yes | Yes |
| Google Gemini | Yes | Yes (Gemini Enterprise) | Yes (Workspace) | Yes |
| Mistral Le Chat | Yes | Yes (default EU) | Enterprise yes | Not needed |
| DeepL | On request | Regional selectable | Pro/API yes | Not needed |
| Aleph Alpha | On request | Yes (STACKIT) | Yes | Not needed |
| GitHub Copilot | Yes | NOT FOUND for Copilot | Business/Enterprise only | Yes (via MS) |
| Cursor Pro | On request | No | Business only / Privacy Mode | NOT FOUND |
Practical recommendations for DACH businesses#
Lowest-friction compliant options (public DPA, EU residency, no training, DPF or EU-internal):
- Microsoft 365 Copilot (with Anthropic model selection disabled, which is the default in EU tenants anyway)
- Google Workspace with Gemini Enterprise
- Mistral Le Chat Enterprise
- DeepL Pro or API
- Aleph Alpha PhariaAI on STACKIT
Compliant with caveats:
- Anthropic Claude: compliant at Commercial tiers, but EU residency only through AWS Bedrock or Google Vertex, which means a different contracting structure
- OpenAI ChatGPT: compliant at Enterprise, Team, Edu, or API Projects with EU residency enabled; NOT at Plus tier
- GitHub Copilot Business/Enterprise: compliant for customer data, but no explicit EU residency guarantee for inference
Requires case-by-case legal review:
- Any consumer tier (ChatGPT Plus, Claude Pro, Gemini app, GitHub Copilot Pro) used for business data
- Cursor Pro, where Privacy Mode is per-user and DPF status is not verifiable
The traps DACH businesses most often fall into#
Paying for ChatGPT Plus seats and processing customer data through them. This is the most common mistake I see. The consumer product is not a B2B contract. You need Enterprise, Team, or API Projects for a compliance-defensible setup.
Assuming "EU data residency" on the vendor marketing page is global. Several vendors offer EU residency only at specific tiers or through specific channels. Verify at your tier, not on the homepage.
Ignoring the Claude-in-Copilot change. Since January 2026, Copilot can route to Anthropic models, which are not inside the EU Data Boundary. It is default-off in EU tenants, but any admin who enables it on their tenant should document the decision.
Treating consumer-tier training opt-outs as enough. If your employees use personal ChatGPT Plus accounts or Claude Pro accounts for client work, their opt-out status is their personal responsibility, not the company's. You cannot verify it. You cannot audit it. The cleanest fix is to provide Business seats on a business contract.
Assuming "DPA on request" equals "compliant". It might be, but you actually have to do the request and the review. "We have a DPA on request" with no signed contract is not a defensible position if the Datenschutzbehörde asks.
Not legal advice#
This post is a journalistic summary of what vendor documents say as of 19 April 2026. It is not legal advice. Requirements differ by company, by data type, by processing purpose, and by regulator. For any binding compliance decision, consult a Datenschutzbeauftragter or a data-protection lawyer familiar with your sector.
The point of this post is to be honest about which vendor claims you can verify yourself by reading a public document, and which ones require more work. With that baseline, the conversation with your DPO becomes much faster.
Further reading#
- German Companies and AI in 2026 on the broader DACH AI adoption landscape.
- Local LLMs in 2026 for when self-hosting is the compliance answer.
- The $500 AI Stack for a cost-aware reference build.
Sources#
- Anthropic DPA: https://privacy.claude.com/en/articles/7996862-how-do-i-view-and-sign-your-data-processing-addendum-dpa
- Anthropic server locations: https://privacy.claude.com/en/articles/7996890-where-are-your-servers-located-do-you-host-your-models-on-eu-servers
- Anthropic data residency (Bedrock/Vertex): https://platform.claude.com/docs/en/build-with-claude/data-residency
- Anthropic training policy: https://privacy.claude.com/en/articles/7996868-is-my-data-used-for-model-training
- Anthropic consumer terms update, 28 Sept 2025: https://www.anthropic.com/news/updates-to-our-consumer-terms
- Anthropic subprocessors: https://trust.anthropic.com/subprocessors
- Anthropic certifications: https://privacy.claude.com/en/articles/10015870-what-certifications-has-anthropic-obtained
- OpenAI DPA: https://openai.com/policies/data-processing-addendum/
- OpenAI EU data residency launch: https://openai.com/index/introducing-data-residency-in-europe/
- OpenAI API data residency: https://help.openai.com/en/articles/10503543-data-residency-for-the-openai-api
- OpenAI data controls FAQ: https://help.openai.com/en/articles/7730893-data-controls-faq
- OpenAI training policy: https://openai.com/policies/how-your-data-is-used-to-improve-model-performance/
- OpenAI subprocessors: https://openai.com/policies/sub-processor-list/
- Microsoft Products and Services DPA: https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA
- Microsoft 365 Copilot privacy: https://learn.microsoft.com/en-us/copilot/microsoft-365/microsoft-365-copilot-privacy
- Microsoft Copilot AI subprocessors: https://learn.microsoft.com/en-us/copilot/microsoft-365/connect-to-ai-subprocessor
- Google Cloud CDPA: https://cloud.google.com/terms/data-processing-addendum
- Google Workspace DPA: https://admin.google.com/terms/apps/8/1/en/dpa_terms.html
- Google Workspace data regions for Gemini: https://workspaceupdates.googleblog.com/2025/06/data-regions-support-for-gemini-features-in-google-workspace.html
- Google Gemini Enterprise locations: https://docs.cloud.google.com/gemini/enterprise/docs/locations
- Google Workspace training restriction: https://support.google.com/a/answer/15706919
- Google Workspace subprocessors: https://workspace.google.com/terms/subprocessors/
- Mistral DPA: https://legal.mistral.ai/terms/data-processing-addendum
- Mistral data storage location: https://help.mistral.ai/en/articles/347629-where-do-you-store-my-data-or-my-organization-s-data
- Mistral subprocessors: https://trust.mistral.ai/subprocessors
- DeepL infrastructure and data protection: https://support.deepl.com/hc/en-us/articles/26380849099932-DeepL-infrastructure-and-data-protection
- DeepL Pro data security: https://www.deepl.com/en/pro-data-security
- DeepL Pro license: https://www.deepl.com/en/pro-license
- Aleph Alpha terms: https://aleph-alpha.com/terms-conditions/
- Aleph Alpha STACKIT partnership: https://aleph-alpha.com/aleph-alpha-partners-with-stackit-to-deliver-sovereign-enterprise-ai-at-scale-with-pharia-ai-as-a-service/
- GitHub DPA: https://github.com/customer-terms/github-data-protection-agreement
- GitHub Copilot Business privacy: https://docs.github.com/en/site-policy/privacy-policies/github-copilot-business-privacy-statement
- GitHub consumer privacy update, 25 March 2026: https://github.blog/changelog/2026-03-25-updates-to-our-privacy-statement-and-terms-of-service-how-we-use-your-data/
- GitHub subprocessors: https://docs.github.com/en/site-policy/privacy-policies/github-subprocessors
- Cursor privacy and data governance: https://cursor.com/docs/enterprise/privacy-and-data-governance
- Cursor privacy: https://cursor.com/privacy
- Cursor data use: https://cursor.com/data-use
- Cursor security: https://cursor.com/security
- EU-US Data Privacy Framework list: https://www.dataprivacyframework.gov/list
