Over the last several months at the MSP I work for, Contemporary Managed Solutions, we have watched something shift in how our clients talk to us about AI. A year ago, the conversations were curious and exploratory. Today they are urgent. Executive teams are walking into meetings with a clear directive from the top: figure out how we use this, and figure it out before our competitors do.
Because we sit in the seat we do (the first call most of our clients make when a new technology lands on their plate) we end up being the first point of contact for those AI conversations. The volume of “how do we actually roll this out across the business” inquiries has gone up sharply. It is one of the most consistent trends we have seen in the managed services space in years.
And almost without exception, the very first question we get from the executive side of the table is the same one.
”What happens to our data?”
It comes in different forms. Sometimes it is direct: “if our finance team pastes a budget into ChatGPT, where does that information go?” Sometimes it is broader: “can we use AI without leaking client information, contracts, or anything that would land us in front of legal?” Either way, the underlying concern is identical. Leadership wants the productivity gains from AI, but not at the cost of confidential business information ending up somewhere it should not be.
That concern is completely valid. It is also, in our experience, the one most often answered incorrectly, because the honest answer is not “AI is safe” or “AI is risky.” The honest answer is it depends entirely on which license your team is using.
This is the part most businesses do not realize until we walk them through it.
Free and personal accounts were never built for your business
When an employee uses a free ChatGPT account or a personal Claude subscription to draft a board memo, summarize a contract, or work through a sensitive customer email, they are operating under the consumer terms of service. Those terms exist to serve individual users. They are not designed around the obligations a business has to its customers, its partners, or its regulators.
In practice, that means a few things you should know:
- Conversations can be used to train the AI model. Whether that happens often comes down to a single toggle buried in the privacy settings that most employees have never opened. On personal accounts, you have no visibility into how your team has it configured.
- There is no business-level data processing agreement. Free and personal accounts are not signed under a commercial contract with your company. There is no DPA, no enterprise SLA, and no negotiated terms around how your data is handled, stored, or retained.
- There is essentially no legal recourse. If something goes wrong, your legal team has no contract to point at, no enterprise agreement to enforce, and no clear path to escalate against the provider.
- You have no admin visibility. No central console, no audit logs, no ability to revoke access when someone leaves, no way to enforce policies. The data has already left your environment and you have no way to see where it went.
None of this means personal accounts are dangerous in absolute terms. They are perfectly reasonable for personal use. The point is simply that they were not built to carry business-critical information, and using them as if they were is where companies get into trouble.
What enterprise licenses actually change
Both Anthropic and OpenAI offer business and enterprise tiers, and the differences are not cosmetic. They are the entire reason these tiers exist.
Claude for Work (Team and Enterprise plans). Conversations and inputs are not used to train Anthropic’s models by default. The relationship runs under commercial terms, which means a real contract, a data processing agreement, and the kind of enterprise-grade commitments your legal and compliance teams need to see before they sign off. You also get admin controls: central user management, SSO on the higher tiers, and audit visibility into how the tool is being used inside your organization.
ChatGPT Business, Team, and Enterprise. Same principle. Inputs and outputs on the business tiers are not used to train OpenAI’s models. The plans include a commercial agreement, SOC 2 compliance posture, encryption commitments, SSO, admin console, and retention controls. The higher tiers add things like longer context, advanced admin policies, and stricter data residency options.
The simple framing we give executives when they ask is this: on personal tiers, your employees are the customer. On enterprise tiers, your business is the customer. That single shift changes the entire legal and operational posture around how AI is used in your company.
It is the difference between hoping an individual employee toggled the right setting and having a contract that obligates the provider to handle your data a specific way, with named consequences if they do not.
Why this matters more than IT teams realize
Here is the part that catches a lot of leadership teams off guard. Whether or not your company has formally adopted AI, your employees are already using it. They are using it to draft emails, summarize meetings, clean up reports, and work through tasks they used to do manually. This is happening right now, across every industry, in every department.
If your company has not bought enterprise seats, those employees are using personal accounts on personal devices, often with company information pasted into the prompt. That is the scenario every executive we talk to is trying to avoid, and it is also the scenario that is most likely to be happening already.
The fix is not to ban AI. Banning it does not work, because the productivity gains are too real and the tools are too easy to access. The fix is to give employees the licensed, sanctioned version of the same tools they would otherwise use anyway, under terms that actually protect the business.
Once that is in place, the conversation shifts. You are no longer asking “how do we stop people from using AI.” You are asking “how do we get the most out of the tools we have already secured.” That is a much better problem to have.
How we walk clients through the decision
When we sit down with executive leadership on this, we usually keep it simple. There are really three questions that matter:
- What information are your employees likely to put into these tools? Customer data, financial information, contracts, internal strategy, code, HR records. The more sensitive the input, the less acceptable a personal license becomes.
- What regulatory and contractual obligations do you carry? Privacy legislation, client contracts, industry-specific compliance regimes. Each of these tends to require commitments that only enterprise tiers can actually provide.
- What is your tolerance for being unable to prove what happened? With personal accounts, you cannot audit, you cannot revoke, and you cannot demonstrate compliance to an auditor or a customer asking hard questions. Enterprise tiers give you a paper trail.
For most of the businesses we work with, the answers to those three questions point in the same direction. Enterprise licensing is not a premium option, it is the baseline cost of using AI responsibly in a commercial setting.
The short version
The trend is clear. AI adoption is accelerating, executives are pushing for it, and employees are already using these tools whether or not the company has officially sanctioned them. The question is not whether AI ends up in your business. It already has.
The question is whether the accounts your employees are using every day are covered by a contract your business actually signed. That single distinction governs how your data is handled, whether you have any legal standing if something goes wrong, and whether your compliance posture survives the first hard question from an auditor or a client.
If your business is serious about AI (and most are, whether they say so out loud or not) enterprise licensing is the first decision to get right. Everything else, from policy to training to workflow design, is built on top of it.
If you are not sure where your organization currently stands on this, that is exactly the kind of conversation we have with clients every week. It is usually a much shorter discussion than people expect, and it almost always ends with the same realization: the cost of doing this properly is small, and the cost of not doing it can be a lot larger than anyone thought.