europioneer
AI & Compliance·

Microsoft 365 Copilot Flex Routing – How the EU Data Boundary is Quietly Being Eroded in 2026

Since April 2026, Copilot AI inference leaves the EU under peak load – by default. Plus Anthropic as a sub-processor outside the EU Data Boundary. What German SMEs must check and disable now.
Author avatar europioneer Team

Microsoft 365 Copilot Flex Routing – How the EU Data Boundary is Quietly Being Eroded in 2026

On April 17, 2026, Microsoft activated a feature called Flex Routing for all EU and EFTA tenants. For new tenants created after March 25, 2026, it is enabled by default. The result – without notice to end users, without explicit consent from data controllers: Copilot requests leave the EU under load.

In parallel, on January 7, 2026, Microsoft added the US AI company Anthropic as a sub-processor for Copilot in Word, Excel, PowerPoint and the new Researcher – explicitly outside the "EU Data Boundary".

For IT leads in European SMEs, schools, and public administrations this is not a minor update. It is a structural shift of the contractual baseline. We explain what Flex Routing technically does, why it is GDPR-, NIS2- and BSI IT-Grundschutz-relevant, and which steps need to happen this week.

What Flex Routing technically does

Flex Routing is Microsoft's own term for a dynamic load-balancing mechanism: whenever EU inference capacity in Microsoft's data centers is overloaded – Microsoft does not publicly define "load" – requests are forwarded to LLM endpoints in the United States, Canada, or Australia.

Concretely affected:

  • The raw prompt content (everything an employee types into Copilot, plus context from open documents in Word, Excel, Outlook, Teams).
  • Pseudonymized telemetry (model IDs, tenant IDs, token metrics), which may also be stored permanently outside the EU.

Microsoft promises "encryption in transit and at rest" – but the key custody remains with Microsoft. We have analyzed this gap extensively in the BSI Grundschutz article for CON.1.A8 (Secure storage of cryptographic keys): BYOK does not change anything fundamental about this.

The legal assessment – short and painful

EU Data Boundary is a Microsoft marketing construct, not a legal status. This was true before Flex Routing – we derived it in detail in our pieces on Schrems III and the CLOUD Act. With Flex Routing, Microsoft's own definition is now self-documentedly riddled with holes:

  1. GDPR Art. 44 ff. – Third-country transfer. Each prompt processed in the US is a transfer. Standard contractual clauses plus a Transfer Impact Assessment would need to cover it – and fail under Schrems II.
  2. GDPR Art. 28(2) + Art. 30 – Sub-processor changes. Microsoft added Anthropic to the processing chain without specific consent. The DPA clause "general written authorization" does not, in the view of most European supervisory authorities, cover this.
  3. CLOUD Act §103(b) – US government access. Anything processed in the US can be requested via subpoena, regardless of where the data is at rest in the EU.
  4. NIS2 Art. 21(2)(d) – Supply chain security. A vendor that unilaterally changes defaults and adds sub-processors is, in the NIS2 sense, an elevated supply-chain risk – see NIS2 GDPR Paradox.

Who carries the responsibility? (Hint: you.)

In Microsoft's own Flex Routing documentation: "Customers are responsible for ensuring compliance with applicable data protection laws." Translation: if you do not disable Flex Routing and a complaint hits, the GDPR controller responsible is the customer, not Microsoft.

That is legally clean for Microsoft – and an unexploded device for every SME with employee or customer data in Copilot's reach.

Immediate measures for European SMEs, schools, and public administrations

Mandatory this week (details as numbered HowTo in steps 1–4 above):

Step 1: Check Flex Routing {#step-1}

In the Microsoft 365 admin center, open Settings → Org settings → Copilot and locate "Flex routing for the EU Data Boundary". Note status (On/Off) and date.

Step 2: Disable Flex Routing {#step-2}

Set the toggle to "Off" and save. Document the change in the Microsoft Purview audit log.

Step 3: Verify the Anthropic sub-processor toggle {#step-3}

Under Copilot → AI models, verify the "Allow Anthropic models" toggle. For EU/EFTA tenants the default is "Off" – document this in writing.

Step 4: Update GDPR and NIS2 documentation {#step-4}

Update the records of processing (Art. 30 GDPR), risk register (NIS2 Art. 21), Transfer Impact Assessment and DPIA with the status "Flex Routing disabled / Anthropic disabled / as of DD.MM.2026".

Key terms – briefly defined

  • Flex Routing: Microsoft's load-balancing mechanism that may shift Copilot LLM inference from the EU to the US, Canada, or Australia.
  • EU Data Boundary: Microsoft's self-commitment to keep certain data in the EU. No legal status, no external certification, changeable by Microsoft at any time.
  • Sub-processor: A processor engaged by the main processor (Microsoft). Requires controller consent under Art. 28 GDPR.
  • LLM inference: The computational step in which a language model generates an answer from the prompt. The full prompt material must be available in the inference server's memory.
  • Pseudonymization (GDPR Art. 4(5)): Processing personal data such that attribution without additional information is no longer possible. Not the same as anonymization – the data remains personal data.

The structural alternative: AI sovereignty without routing roulette

Flex Routing is not a bug. It is a predictable consequence of the business model "hyperscaler holds the keys, routing logic, and sub-processor decisions in one hand". For organizations that no longer accept this, 2026 offers a mature alternative:

  • Self-hosted LLMs on EU hardware (vLLM, Ollama, llama.cpp on Hetzner / IONOS / OVH servers), models from the Hugging Face Hub, controlled sub-processor list (= none).
  • Open-source alternatives for the surrounding Microsoft stack: Element/Matrix instead of Teams, Nextcloud instead of OneDrive/SharePoint, Keycloak instead of Entra ID, Mailcow/Stalwart instead of Exchange Online.
  • Privacy by design: the prompt does not leave your own infrastructure. Routing to the US is physically impossible, not "contractually promised not to happen".
  • Auditable: own logs, own keys, own sub-processor decisions.

A directory of sovereign AI and office tools is at /en/alternativen. The matching service stack including implementation is on our pricing page.

Bottom line

Within four months, Microsoft has made two structural changes to Copilot processing – both weaken the EU Data Boundary, both were unilateral and default-on. The argument "but we have a C5 attestation / the EU Data Boundary / a DPA annex" no longer holds in 2026.

Anyone subject to NIS2, anyone aiming for GDPR-compliant operation, or anyone simply unwilling to run a new admin-center security review every quarter, should disable Flex Routing today – and concretely plan the exit path out of Copilot in parallel. We can help.

Request a Copilot risk assessment →

Related posts:

BSI IT-Grundschutz and Microsoft 365 – Why the Combination Cannot Be Compliant

Germany's BSI demands demonstrable control over keys, location and audit in its IT-Grundschutz catalogue. Microsoft 365 fully meets none of the critical modules. We walk through OPS.2.2, APP.5.2, CON.1, CON.3 – and the migration path that does work.

Nextcloud for SMEs – The Secure Alternative to OneDrive and SharePoint

Nextcloud provides everything SMEs need for file management, team collaboration, and communication — on their own servers, GDPR-compliant.