Microsoft this month quietly changed a contract that governs how it handles customer data. The update shortens the advance warning companies receive before Microsoft can bring in a new AI vendor with access to their data - from six months down to 30 days. Published on May 22, 2026, the change sits inside a legal document most marketing teams have never read, but it has direct consequences for anyone whose organisation runs Microsoft 365, Azure, or Microsoft Advertising.

What the contract is and why it matters

Every enterprise that buys Microsoft cloud services - whether Microsoft 365, Azure, Dynamics 365, or Microsoft Advertising - signs up to a contract called the Products and Services Data Protection Addendum. Microsoft calls it a DPA for short. It is not a product. It is the legal agreement that sets out what Microsoft is and is not allowed to do with the data customers give it: what it can store, how long it can keep it, who it can share it with, and what happens if something goes wrong.

That contract matters for marketing teams for a simple reason. When a company runs advertising campaigns through Microsoft Advertising, uploads customer lists to Azure, or uses Copilot in Microsoft 365 to process communications and documents, that data sits inside Microsoft's infrastructure. The DPA is the document that spells out the rules Microsoft must follow when handling it.

The change published on May 22, 2026, adds a new rule specifically for artificial intelligence. It is a single paragraph in a 40-page document. But its implications run further than its length suggests.

What a subprocessor is - and why the notice period matters

To understand the change, it helps to understand one piece of legal terminology: a subprocessor. In plain terms, when a company gives its data to Microsoft, Microsoft does not necessarily process all of that data itself. It hires other specialist companies - cloud infrastructure providers, AI model developers, safety evaluation tools, data analytics vendors - to handle specific parts of the work. Those hired companies are called subprocessors.

Under European data protection law - specifically GDPR Article 28 - companies that hand their data to Microsoft remain legally responsible for what happens to that data, even when Microsoft passes it to one of its subprocessors. That means if Microsoft brings in a new AI vendor with access to customer data and that vendor mishandles it, the enterprise customer can be held accountable too, not only Microsoft. The enterprise is the data controller - the party that decides why and how data is used. Microsoft is the data processor - the party that handles it on the controller's behalf.

This is why the notice period matters. If Microsoft wants to bring in a new subprocessor with access to customer data, it has to tell customers in advance, giving them time to assess whether the new vendor meets their data protection standards - and, if not, to object or exit the contract.

Until now, the minimum notice for most new subprocessors was six months. That gave legal, privacy, and procurement teams reasonable time to run a vendor assessment, update their own internal records, and decide whether to accept the change or terminate the contract.

What changed on May 22

According to the updated Data Protection Addendum published by Microsoft on May 22, 2026, there is now a second, shorter track specifically for subprocessors that support artificial intelligence functionality. The new text reads: "Microsoft will give Customer notice and, as applicable, update the website and provide Customer with a mechanism to obtain notice of that update of any new Subprocessor at least 6 months in advance of providing that Subprocessor with access to Customer Data or for subprocessors that support artificial intelligence functionality, 30 days' notice with the ability to disable use of that subprocessor until at least 6 months after notice."

In plain terms: Microsoft can now introduce a new AI vendor into the processing chain with only 30 days' warning, rather than six months. Customers retain the right to disable that vendor's access in the interim - but only until six months after the notice was issued. After that, the option to block the vendor expires.

The document's own summary of the change is understated. It reads simply: "Added clarification of subprocessors that support artificial intelligence functionality in the Notice and Controls on use of Subprocessors section." That framing - clarification - does not fully capture that this creates a new, faster-moving track that did not previously exist as a formal category.

Two tracks, two timelines

The updated addendum now operates on two distinct timelines running side by side.

For conventional, non-AI subprocessors - traditional software vendors, infrastructure providers, data storage companies - Microsoft still commits to at least six months' advance notice before giving them access to customer data. That timeline remains unchanged.

For subprocessors that support AI functionality - which can include the companies providing the underlying language models behind Copilot, the infrastructure running Azure AI services, safety evaluation tools, or agentic orchestration layers - the notice period is now 30 days. The addendum defines a subprocessor broadly: "other processors used by Microsoft to process Customer Data, Professional Services Data, and Personal Data." Any third-party company in that chain, if it touches AI functionality, falls under the shorter track.

Microsoft's service ecosystem is large. Enterprise products such as Microsoft 365, Azure, and Dynamics 365 involve dozens of underlying vendors. Microsoft's AI business reached a $37 billion annual run rate as of April 2026, with Copilot queries per user growing nearly 20% quarter-over-quarter. AI is not peripheral to these products. It is increasingly central to how they function.

Why the notice period is shorter for AI

The plain reason is that AI infrastructure changes faster than traditional software. Model providers release new versions. Safety evaluation tools get replaced. Agentic features - AI systems that can take actions on a user's behalf - enter processing chains on timelines that a six-month notification cycle cannot accommodate.

Oliver Schmidt-Prietz, a data, AI, privacy, and digital lawyer, and legal AI engineer, posted an analysis of the addendum change on LinkedIn, calling it "a practical signal." According to Schmidt-Prietz, "AI supply chains move faster than classic SaaS vendor governance. Model providers, infrastructure providers, evaluation tooling, safety layers and agentic features may enter the processing chain on shorter cycles."

Schmidt-Prietz framed the change as a direct challenge to how most organisations currently run compliance: "If a key cloud provider can introduce AI-related subprocessors on a 30-day cycle, the internal review process cannot still operate like an annual vendor refresh."

What the exit option actually means in practice

The addendum gives customers a formal right to reject a new subprocessor. According to the document, if a customer does not approve of a new subprocessor for an Online Service or Professional Services, "then Customer may terminate any subscription for the affected Online Service or the applicable Statements of Service for the applicable Professional Service, respectively, without penalty or termination fee by providing, before the end of the relevant notice period, written notice of termination."

For software licenses, the threshold is slightly different. If the customer cannot reasonably avoid using the subprocessor, it may terminate the affected license without penalty. If the product is part of a suite, "any termination will apply to the entire suite."

In practice this means that rejecting an AI subprocessor within the 30-day window could require terminating an entire Microsoft 365 subscription - email, Teams, SharePoint, OneDrive, and all productivity tools bundled with it. The right to exit without penalty exists in the contract. The operational and commercial cost of actually doing so is, for most enterprise customers, prohibitively high.

The compliance clock is now tighter

Large organisations operating under GDPR are typically required to run a formal privacy risk assessment - called a Data Protection Impact Assessment, or DPIA - before allowing a new vendor to process high-risk personal data. The EDPB, the EU body that coordinates national data protection regulators, adopted its first standardised DPIA template on 10 March 2026, opening a public consultation until 9 June 2026.

A proper DPIA involves identifying what data the new vendor will touch, assessing whether that processing is necessary and proportionate, estimating the risk to individuals, documenting mitigating measures, and obtaining sign-off from the organisation's Data Protection Officer. In organisations where legal, procurement, IT, and product teams all have a role in that decision, 30 days is a tight window.

Schmidt-Prietz identified five questions that the addendum change forces internal teams to answer - quickly and concretely: who monitors Microsoft subprocessor notices; who decides whether a new AI subprocessor is acceptable; can the business actually disable the affected functionality; does the DPIA or vendor-risk file get updated within 30 days; and who owns the decision when AI functionality is already embedded in business-critical tools.

None of those questions is new. What the addendum change does is compress the time available to answer them.

Regulatory context: German and Austrian regulators, and the AI Act

The addendum change does not exist in a regulatory vacuum.

Germany's Hessian Data Protection Commissioner concluded in November 2025 that Microsoft 365 could operate within GDPR after a three-year negotiation process that identified seven deficiencies in Microsoft's earlier data processing agreements. One of those deficiencies was insufficient advance notification about subprocessor changes. At the time, Microsoft's fix was to maintain a detailed subprocessor list on its Service Trust Portal and commit to six months' notice for most vendors. The May 2026 update now creates a formal, shorter track for AI vendors specifically - a category that barely featured in negotiations that began in 2022.

Austria's data protection authority ordered Microsoft to stop tracking school children in February 2026, finding that Microsoft US - not Microsoft Ireland, which handles EU contracts - controls product development and implementation. That matters for marketing teams because it reinforced the principle that the enterprise customer, as data controller, carries regulatory accountability for what happens inside the Microsoft supply chain, not only Microsoft itself.

The EU AI Act adds another layer. Its obligations for general-purpose AI providers took effect in August 2025. Requirements for high-risk AI systems become fully enforceable in August 2026. Microsoft has signalled willingness to sign the EU's voluntary General-Purpose AI Code of Practice, which PPC Land covered in July 2025. The addendum does not mention the AI Act by name, but the structural logic of the 30-day AI subprocessor track reflects the Act's underlying premise: that AI systems are not static, and their supply chains need room to evolve.

The EDPB's 2025 annual report, published in April 2026, recorded 1.15 billion euros in GDPR fines across EU member states during 2025 alone. Joint guidelines on the interplay between the AI Act and GDPR are planned for publication throughout 2026. The enforcement environment in which this addendum change lands is active, not theoretical.

What the addendum does not change

Several protections in the addendum remain unchanged and apply across the full subprocessor chain, including any new AI vendors.

According to the addendum, Microsoft will not use or process customer data for user profiling, advertising, or market research - regardless of which subprocessors are involved. Data in transit between the customer and Microsoft, or between Microsoft data centres, is encrypted by default. Security measures mapped to ISO 27001, ISO 27002, and ISO 27018 remain in place. Microsoft is required to notify customers of a security incident within 72 hours.

On law enforcement requests, the addendum states Microsoft will not disclose customer data to law enforcement unless required by law, will attempt to redirect agencies to request data directly from the customer, and will promptly notify customers if compelled to disclose - unless legally prohibited from doing so.

What this means for marketing and ad tech teams

Marketing teams running campaigns through Microsoft Advertising, using Azure AI for audience segmentation or creative generation, or relying on Microsoft 365 Copilot for day-to-day operations are all affected by this change. Their organisations' data flows through Microsoft infrastructure that now includes AI subprocessors potentially subject to 30-day notice cycles.

The compliance burden falls on the enterprise, not just on Microsoft. If a new AI subprocessor is introduced and customer data is later found to have been mishandled, the enterprise - as data controller - shares accountability under GDPR. That means monitoring subprocessor notices is now an operational task, not an annual one.

For EU-based marketing teams or those handling EU user data, a new AI subprocessor could trigger several concrete obligations: updating internal privacy notices, revising records of processing activities under GDPR Article 30, and reassessing whether data transfers to any new vendor outside the European Economic Area are covered by adequate legal mechanisms such as Standard Contractual Clauses or the EU-US Data Privacy Framework.

The practical takeaway from the addendum change is this: AI governance is now embedded in contract change management. Somebody in the organisation needs to be reading Microsoft's subprocessor notices every month, not every year.

Timeline

Summary

Who: Microsoft Corporation, and all enterprise customers whose volume licensing agreement incorporates the Products and Services Data Protection Addendum - including organisations using Microsoft 365, Azure, Dynamics 365, and Microsoft Advertising.

What: Microsoft updated its data protection contract on May 22, 2026, to create a separate, faster notice period for third-party vendors that support artificial intelligence functionality. Previously, Microsoft was required to give customers at least six months' notice before adding any new vendor with access to customer data. Under the updated contract, AI-specific vendors now require only 30 days' notice. Customers retain a right to disable the vendor's access during that period, but the option expires six months after notice is given.

When: The updated addendum was published on May 22, 2026, and its commitments are binding on Microsoft from that date.

Where: The contract is global, covering all of Microsoft's enterprise customer base. Its GDPR-specific provisions apply across the European Economic Area. Microsoft Ireland Operations Limited is Microsoft's data protection representative for the EEA and Switzerland.

Why: AI infrastructure changes faster than traditional software vendor chains. The 30-day track gives Microsoft the operational flexibility to update the AI vendors underpinning Copilot, Azure AI, and related products without being locked into a six-month notification cycle. For enterprise customers, it creates a concrete new obligation: internal processes for reviewing vendor notices, running privacy risk assessments, and making AI vendor decisions now need to work within 30 days rather than six months.

Share this article
The link has been copied!