{"id":1077498,"date":"2025-09-16T09:07:34","date_gmt":"2025-09-16T08:07:34","guid":{"rendered":"https:\/\/pulse.microsoft.com\/?p=1077498"},"modified":"2025-09-25T08:21:33","modified_gmt":"2025-09-25T07:21:33","slug":"update-microsoft-365-copilot-dpia-slm-and-surf-advise-responsible-adoption","status":"publish","type":"post","link":"https:\/\/pulse.microsoft.com\/nl-nl\/slimmer-werken\/government-nl-nl-2\/update-microsoft-365-copilot-dpia-slm-and-surf-advise-responsible-adoption\/","title":{"rendered":"Update Microsoft 365 Copilot DPIA: SLM and SURF advise\u00a0responsible\u00a0adoption.\u00a0\u00a0"},"content":{"rendered":"

Update \u2013 September 15, 2025<\/span>\u00a0<\/span><\/p>\n

We are pleased to share a significant update regarding the deployment of Microsoft 365 Copilot within Dutch government and educational organizations. Following extensive collaboration and ongoing dialogue with SLM (Strategic Vendor Management of the Dutch Ministry of Justice) and SURF\u00a0(ICT cooperative representing Dutch education and research institutions), both organizations have now revised their previous\u00a0guidance. Based on\u00a0improvements\u00a0and additional\u00a0measures\u00a0implemented\u00a0by\u00a0Microsoft\u00a0over\u00a0the last 9\u00a0months,\u00a0SLM and SURF\u00a0concluded\u00a0that the\u00a0previously\u00a0identified four high risks\u00a0have been mitigated or reduced.\u00a0These improvements enable organizations\u00a0to deploy\u00a0Microsoft\u00a0365\u00a0Copilot responsibly.<\/span>\u00a0<\/span><\/p>\n

Possible\u00a0Microsoft\u00a0365\u00a0Copilot implementation in Public Sector<\/span><\/b>\u00a0<\/span><\/p>\n

The mitigations that led to a\u00a0revised impact assessment\u00a0is\u00a0enabling\u00a0government\u00a0organizations\u00a0and educational institutions to start deploying\u00a0Microsoft\u00a0365\u00a0Copilot.\u00a0Just like SLM and SURF advise,\u00a0Microsoft will\u00a0continue to be a partner for our public sector customers to responsibly\u00a0look at the implementations in\u00a0their\u00a0organizations.\u00a0Implementing\u00a0a clear AI strategy is one of the key elements in\u00a0leveraging AI tools like\u00a0Microsoft\u00a0365\u00a0Copilot to generate impact in a responsible manner.<\/span>\u00a0<\/span><\/p>\n

In their assessment,\u00a0SLM and\u00a0SURF\u00a0have identified\u00a0two\u00a0remaining\u00a0medium\u00a0risks.\u00a0These topics\u00a0require additional attention in the implementation process:\u00a0<\/span>\u00a0<\/span><\/p>\n

    \n
  1. Accuracy of Generative AI Output:<\/span><\/b>Microsoft\u2019s perspective is that Microsoft 365 Copilot can be used in compliance with the General Data Protection Regulation (GDPR) accuracy principle. Microsoft demonstrated significant investments, such as grounding, citations and the recent ISO 42001 certification, and will continue to invest in this topic. Our perspective remains that both Microsoft and organizations themselves have a shared responsibility to address potential risks related to inaccurate generative AI output. Organizations have a responsibility to educate their users to understand that Microsoft 365 Copilot is a generative AI tool. It is intended to assist users and is not intended to, and should not be used to, replace user decision-making. We take customer feedback and suggestions from SLM and SURF seriously, so we are committed to implementing additional technical measures to experience and controls related to accuracy.<\/span>\u00a0<\/span>We will discuss these according to our agreed timeline in conversation with SLM and SURF.<\/span>\u00a0<\/span><\/li>\n<\/ol>\n
      \n
    1. Retention of Diagnostic Data<\/span><\/b>:Microsoft adheres to data minimization obligations under GDPR Article 5, which requires that Microsoft not retain personal data beyond the period for which it\u2019s required. Microsoft has implemented a\u00a0<\/span>general policy<\/span><\/a> to retain diagnostic event data for Microsoft 365 apps and services, including Microsoft 365 Copilot, for up to 18 months. It\u2019s important to call out that Diagnostic data refers to data, which is used to keep our services secure, up-to-date and running as expected and does not contain customer data.\u00a0<\/span><\/li>\n<\/ol>\n

      We welcome the ongoing dialogue with SLM, SURF, and all stakeholders. We are very pleased with the steps we have been able to take in this continuous process. Our shared goal is to empower organizations to harness the benefits of AI while maintaining trust, transparency, and compliance. We invite companies to actively partner with the Microsoft teams in which we can share best practices, learnings and skilling tools to enable the responsible implementation of Microsoft 365 Copilot. Leveraging the great benefits of AI. Microsoft is taking customer feedback from SLM and SURF seriously and we will be continuing the conversation to continuously improve our services.\u00a0\u00a0<\/span>\u00a0<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"

      Update \u2013 September 15, 2025\u00a0 We are pleased to share a significant update regarding the deployment of Microsoft 365 Copilot within Dutch government and educational organizations. Following extensive collaboration and ongoing dialogue with SLM (Strategic Vendor Management of the Dutch Ministry of Justice) and SURF\u00a0(ICT cooperative representing Dutch education and research institutions), both organizations have […]<\/p>\n","protected":false},"author":932,"featured_media":1077453,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[],"class_list":["post-1077498","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","specials-slimmer-werken","verticalIndustries-government-nl-nl-2","stories-hoe-kan-ik-betere-productiviteit-bekomen-productiviteit","stories-productivity-nl-nl","businessPriorities-digital-transformation-nl-nl"],"_links":{"self":[{"href":"https:\/\/pulse.microsoft.com\/nl-nl\/wp-json\/wp\/v2\/posts\/1077498"}],"collection":[{"href":"https:\/\/pulse.microsoft.com\/nl-nl\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/pulse.microsoft.com\/nl-nl\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/pulse.microsoft.com\/nl-nl\/wp-json\/wp\/v2\/users\/932"}],"replies":[{"embeddable":true,"href":"https:\/\/pulse.microsoft.com\/nl-nl\/wp-json\/wp\/v2\/comments?post=1077498"}],"version-history":[{"count":3,"href":"https:\/\/pulse.microsoft.com\/nl-nl\/wp-json\/wp\/v2\/posts\/1077498\/revisions"}],"predecessor-version":[{"id":1078965,"href":"https:\/\/pulse.microsoft.com\/nl-nl\/wp-json\/wp\/v2\/posts\/1077498\/revisions\/1078965"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/pulse.microsoft.com\/nl-nl\/wp-json\/wp\/v2\/media\/1077453"}],"wp:attachment":[{"href":"https:\/\/pulse.microsoft.com\/nl-nl\/wp-json\/wp\/v2\/media?parent=1077498"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/pulse.microsoft.com\/nl-nl\/wp-json\/wp\/v2\/categories?post=1077498"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}