If your staff are using Microsoft Copilot, ChatGPT or other AI tools for work, you need to know where those tools sit in your IT environment before you complete Cyber Essentials v3.3. The new Danzell question set does not turn Cyber Essentials into an AI governance standard, but it does ask much more clearly about cloud services, user accounts, MFA, devices, software and access control.
That matters because AI tools are no longer sitting neatly in one department. They are in Outlook, Teams, Word, Excel, browsers, meeting notes, search results, helpdesk workflows and sometimes personal accounts that nobody in IT has approved.
For a growing business, the uncomfortable question is not “are we using AI?” You almost certainly are. The better question is “can we explain which AI tools are being used, who has access, what data they can reach, and how those accounts are protected?”
If the answer is vague, Cyber Essentials v3.3 may expose that gap.
Cyber Essentials v3.3 is not an AI policy, but AI now touches the controls
Cyber Essentials is still built around 5 core technical control areas: firewalls, secure configuration, security update management, user access control and malware protection.
That has not suddenly changed because people are using ChatGPT or Copilot. What has changed is the way everyday business tools now work.
A few years ago, you could have treated AI as something experimental. Maybe a marketing person used ChatGPT to draft a blog outline. Maybe a director used it to summarise a long document. Maybe an IT engineer tested Copilot in Microsoft 365.
Now it is more embedded. Microsoft 365 Copilot can work across the data a user is already allowed to access. ChatGPT Business or Enterprise may be deployed as an approved business tool. Free public AI tools may still be used quietly by staff who want to save time. Browser extensions and AI meeting assistants may be added without much thought.
That is where Cyber Essentials v3.3 becomes relevant. The issue is not whether AI is impressive. The issue is whether it sits inside your managed environment or outside it.
A managed it support services company can help you separate approved AI use from unmanaged AI use, especially where Microsoft 365, cloud applications and endpoint devices are already part of your support arrangement.
The practical Cyber Essentials question is about scope
Under v3.3, cloud services are much harder to ignore. The self-assessment asks you to list cloud services used by your organisation and provided by third parties. It also makes clear that cloud services cannot simply be excluded from scope where they host organisational data or services.
This is where Copilot and ChatGPT need careful thought.
Microsoft 365 Copilot is usually part of your Microsoft 365 environment, so it is not really a separate island. It sits on top of your existing Microsoft 365 permissions, identity controls and data access. If your SharePoint permissions are messy, Copilot may make that mess more visible.
ChatGPT is different depending on how it is used. ChatGPT Business or Enterprise used with company accounts may be an approved cloud service. A staff member using a personal account to paste in client notes is a very different risk. The first can be managed. The second may be shadow AI.
Northern Star has already written about why businesses should embrace AI tools like Microsoft Copilot, but the important word is “business”. AI should be used in a way your organisation can govern.
| Tool or situation | Why Cyber Essentials v3.3 may care | What you should check |
|---|---|---|
| Microsoft 365 Copilot | It works inside Microsoft 365 and relies on existing user permissions | User access, MFA, SharePoint permissions, connected experiences and admin controls |
| ChatGPT Business or Enterprise | It may be an approved cloud service used to process organisational data | Account ownership, MFA, user management, data retention and acceptable use |
| Free ChatGPT with work data | It may sit outside approved systems and create shadow AI risk | Whether staff are using it, what they paste into it and whether it should be blocked or replaced |
| AI browser extensions | They may access webpages, prompts or business content through unmanaged software | Extension approval, endpoint controls and software inventory |
| AI meeting assistants | They may process meeting recordings, transcripts and client conversations | Consent, data storage, access control and supplier review |
| Copilot agents or third-party connectors | They may access data beyond standard Microsoft 365 content | Permissions, privacy terms, admin approval and data access boundaries |
Why your Microsoft 365 permissions matter more than ever
Microsoft 365 Copilot does not magically give a user access to data they should not see. It uses the permissions model already in your Microsoft 365 tenant.
That sounds reassuring, and in many ways it is. But it also means Copilot reflects the quality of your current setup.
If people have too much access in SharePoint, Teams or OneDrive, Copilot may surface information they technically have permission to see but probably should not. That could include old HR documents, finance files, board papers, client notes, internal complaints or supplier contracts.
This is not a Copilot problem alone. It is an information governance problem that Copilot makes harder to ignore.
Northern Star’s guide to 6 key features of Microsoft 365 Copilot Business is useful if you are still assessing the productivity side. You should also read the advantages of Microsoft 365 Copilot with a security lens. The benefits are real, but only when the permissions and controls underneath are sensible.
This is where cloud backup company support can become part of the wider conversation. Microsoft 365 security is not just about licences. It includes configuration, access reviews, recovery planning, monitoring and practical support when something goes wrong.
Shadow AI is not usually malicious
Most shadow AI use starts with good intent.
Someone wants to write a better email. Someone wants to summarise a long PDF before a meeting. Someone wants to turn a rough spreadsheet into a cleaner table. Someone wants to make sense of a policy document without reading all 40 pages.
That is understandable. In a busy office, AI tools feel useful because they remove friction.
The problem is that staff do not always know where the data goes, whether the tool is approved, whether the account has MFA, whether prompts are retained, whether company information can be reused, or whether the output can be trusted.
A practical article such as Shadow AI in the office: how to stop staff sharing company data outside approved tools should not be treated as an anti-AI warning. It is more about bringing normal behaviour under control.
If you ban AI completely, some people may still use it quietly. If you approve sensible tools, explain the boundaries and make them easy to access, you stand a better chance of controlling the risk.
Cyber Essentials v3.3 and MFA for cloud services
The clearest operational change for many organisations is MFA.
Cyber Essentials v3.3 expects MFA to be used for cloud services where it is available. The Danzell question set asks whether MFA is available across cloud services and whether it has been applied to administrators and users. If a cloud service offers MFA and you have not applied it properly, that can become a serious certification problem.
This is directly relevant to AI.
If your organisation uses ChatGPT Business, Copilot-connected services, AI meeting tools, project management tools with AI features, or other SaaS platforms, you need to know whether MFA is available and whether it is enabled for the right users.
This is not only about passing an assessment. Exposed credentials are one of the simplest ways attackers get into cloud services. Northern Star’s article on why your Microsoft 365 MFA may not be enough against device-code phishing is worth reading because MFA quality matters. Not all MFA methods give the same level of protection.
The post on Passkeys, FIDO2 and Cyber Essentials is also useful if you are considering stronger authentication. Passwordless approaches are becoming more practical, and for some businesses they may be a better long-term answer than relying on passwords plus weaker second factors.
Phishing will adapt to AI
Cyber Essentials is focused on common online threats. AI does not remove those threats. In some cases, it makes them easier to scale.
A phishing email used to be easy to spot if it had poor grammar, strange formatting or odd wording. That is less reliable now. Attackers can use AI to write cleaner messages, translate them more naturally and tailor them to a specific role.
Imagine a finance assistant receiving an email that looks like it came from a known supplier. It refers to a real project, uses normal business language and asks for an invoice process to be changed. The message does not look like a cartoon scam. It looks like everyday admin.
That is why an anti phishing company london can be useful when combined with Microsoft 365 security, staff training and realistic testing. You need to reduce the number of phishing emails reaching staff, but you also need people to pause when something feels slightly off.
Useful supporting reading includes how to spot a phishing email, Anti-Phishing for Microsoft 365 and phishing-only attacks are rising. The lesson across all 3 is straightforward: people need help, not blame.
That is why how to run phishing simulations matters. Training that humiliates staff tends to backfire. Training that reflects realistic pressure helps people report issues earlier.
AI tools increase the value of access reviews
If you deploy Copilot without reviewing access, you may simply make existing oversharing easier to discover.
A user might ask Copilot to summarise “all documents about the upcoming restructure”. If permissions are too broad, that user could surface documents they were never meant to read. The user may not be trying to do anything wrong. They may assume that if Copilot can find it, they are allowed to see it.
That is a dangerous assumption.
Before rolling out Copilot widely, you should review:
- SharePoint site permissions
- Teams membership
- Guest user access
- OneDrive sharing links
- Admin roles
- Sensitivity labels
- Data loss prevention policies
- External sharing settings
- Old groups and orphaned accounts
- Connected apps and add-ins
Northern Star’s article on Copilot in Teams, channels and meetings fits well here. Teams can become a quiet sprawl of old channels, external users and legacy files. Copilot can make that sprawl easier to query.
If your business has several locations, a small European branch or remote workers across different countries, european support services can help keep controls consistent. The access issue is not only technical. It is also operational. Different offices often develop different habits unless someone standardises them.
The data protection question is separate from Cyber Essentials
Cyber Essentials v3.3 will not do your full AI data protection review for you.
That is important. Passing Cyber Essentials does not automatically mean your AI usage is GDPR-safe, contract-safe or suitable for confidential client work. It is a baseline security scheme, not a full legal or AI ethics assessment.
For example, OpenAI’s business products have different privacy commitments from consumer use. Microsoft 365 Copilot has enterprise controls and sits within Microsoft’s service boundary, but you still need to configure it properly. Other AI tools may have their own terms, data retention rules and admin controls.
So your AI review should include both Cyber Essentials and wider governance.
Ask:
- Which AI tools are approved?
- Which tools are blocked?
- Which data can staff enter?
- Which data must never be entered?
- Are prompts and outputs stored?
- Who can access conversation history?
- Does the tool use business data for training by default?
- Is MFA enforced?
- Can users connect third-party apps?
- Is there a process for reviewing new AI tools?
A global it support services provider can help if AI use is happening across multiple offices, countries or business units. You do not want one country applying strict controls while another quietly uses unmanaged tools with client data.
Cloud backup and recovery still matter
AI discussions can distract from basics. Cyber Essentials v3.3 still expects you to understand devices, software, access and cloud services. It also strongly recommends appropriate backups, even though backup is not one of the 5 technical controls.
That is sensible. AI tools can create data, summarise data, move data and influence decisions, but your business still needs to recover if files are deleted, corrupted or changed at scale.
With Microsoft 365, it is easy to assume that cloud equals backup. That is not always safe. Retention and recovery settings vary, and malicious or accidental changes can still create business disruption.
Northern Star’s article on what cloud-to-cloud backup really costs is worth reading if you want a realistic view of costs. You should also review cloud-to-cloud backup mistakes that cause data loss during recovery before assuming your current setup is enough.
For UK businesses, the financial side matters. Cyber incidents are not only technical events. They affect productivity, client confidence, supplier relationships and recovery costs. Cyber Essentials can also include optional cyber insurance for eligible UK organisations with turnover under £20 million, but insurance is not a substitute for working controls.
What to do before your Cyber Essentials renewal
If your renewal is coming up, do not start with the questionnaire on a Friday afternoon and hope for the best. Start with a short discovery exercise.
| Area to review | What to check | Why it matters |
|---|---|---|
| AI tools | List approved and suspected AI services used for work | You cannot secure tools you do not know about |
| Microsoft 365 Copilot | Review licences, permissions, Teams, SharePoint and admin controls | Copilot reflects your existing access model |
| ChatGPT | Confirm whether staff use Business, Enterprise, free or personal accounts | The risk depends heavily on account type and data use |
| MFA | Check whether MFA is enabled for all users and admins across cloud services | v3.3 treats cloud MFA as a core expectation |
| Devices | Confirm laptops, mobiles and BYOD access are properly scoped | End-user devices cannot simply be ignored |
| Browser extensions | Review AI extensions and add-ins | They may process content outside normal controls |
| Backups | Test recovery, not just backup status | Recovery is what matters in an incident |
| Staff guidance | Explain what can and cannot be entered into AI tools | Most misuse is casual, not malicious |
| Incident response | Define what happens if sensitive data is pasted into an unapproved AI tool | Speed matters when mistakes happen |
| Supplier access | Review third-party apps, connectors and managed service accounts | AI tools often connect into wider SaaS environments |
You can support this with Northern Star’s guidance on Cyber Essentials v3.3 cloud scope changes and what the latest Cyber Breaches Survey means for SMEs.
It is also worth reading the 72-hour patch window and the zombie tech audit because old software, forgotten devices and slow patching can undermine an otherwise sensible AI policy.
Do not ignore credentials on the dark web
If your staff are using AI tools with work email addresses, those accounts become part of your wider identity risk.
A reused password from an old breach can still be tested against current services. If an attacker gains access to a cloud account, they may read prompts, view files, impersonate the user or access connected services.
That is where dark web monitoring london fits into the wider AI and Cyber Essentials conversation. It does not solve AI governance, but it can help you spot exposed credentials before they are used.
Useful supporting reading includes dark web monitoring explained, dark web monitoring vs breach monitoring and business email compromise explained. The common thread is identity. If attackers can use a valid login, they do not need to break the front door.
If you are migrating platforms, do the AI review at the same time
Migrations are a good moment to tidy up access.
If you are moving between Microsoft 365 tenants, consolidating platforms, changing SaaS tools or introducing Copilot, do not just move the same old permissions into a new environment. That is how old mistakes survive for another 5 years.
A platform migration company should help you think about user accounts, old groups, external sharing, backup, data ownership and access policies as part of the migration. This is especially important if you plan to introduce AI tools after the move.
Northern Star’s guidance on global device provisioning and how IT support and IT management reduce downtime is also relevant. The best time to fix access and device standards is usually before everyone has settled into the new platform.
FAQs
Does Cyber Essentials v3.3 specifically ask about ChatGPT?
Not as a standalone AI question. The Danzell question set does not turn Cyber Essentials into a ChatGPT assessment. However, if ChatGPT is used as an approved business cloud service that stores or processes organisational data, you should consider it in your cloud service inventory, access control review and MFA checks.
Does Microsoft 365 Copilot count as a Cyber Essentials issue?
Yes, indirectly. Microsoft 365 is a cloud service, and Copilot sits inside the Microsoft 365 environment. That means your Microsoft 365 security configuration, user permissions, MFA, account management and device controls all become relevant when Copilot is used for business work.
Is free ChatGPT safe for business use?
It depends what staff put into it, but unmanaged personal use is risky. Staff may paste client information, internal documents or commercially sensitive content into a tool the business does not control. A safer approach is to define approved AI tools, provide clear usage rules and give staff a practical alternative.
Is MFA required for all cloud services under Cyber Essentials v3.3?
Where MFA is available, Cyber Essentials v3.3 expects cloud service authentication to use MFA. You should check all cloud tools used by the business, including Microsoft 365, ChatGPT Business or Enterprise, CRM systems, finance software, project management tools and social media accounts used for business.
Can we pass Cyber Essentials if staff use shadow AI?
Shadow AI makes the process harder because it means you may not have a complete view of cloud services, accounts, data flows or software. You may still be able to certify if your scoped environment meets the controls, but unmanaged AI use creates security and governance risk that should be addressed before renewal.
Should we ban Copilot and ChatGPT until we are certified?
Not necessarily. A ban may simply push usage underground. A better first step is to identify what is being used, decide which tools are approved, secure them properly, train staff, block clearly risky tools where needed, and document the controls.
Ready to bring AI use back under control?
Your team is probably already using AI in some form. That does not need to be a crisis, but it does need structure.
Cyber Essentials v3.3 is a useful prompt to check what is really happening across your cloud services, Microsoft 365 tenant, devices, user accounts and MFA settings. It will not write your AI policy for you, but it can show where your current IT controls are clear and where they are based on guesswork.
Northern Star helps businesses manage Microsoft 365, cloud services, endpoint security, dark web monitoring, anti-phishing, migrations and global IT support in a practical way. If you want to prepare for Cyber Essentials v3.3 while keeping AI useful and controlled, speak to Northern Star and get a clear view of what needs attention first.
