On this page
TL;DR
ChatGPT Enterprise covers most CISO baseline requirements - SOC 2 Type 2, a no-training default, encryption in transit and at rest, SAML SSO, SCIM, and a BAA on request - but leaves five common gaps that require an external control plane: workspace-level DLP, identity-aware policy enforcement, audit log SIEM ingestion, multi-region failover, and cross-vendor unified governance. Source: OpenAI Trust portal and Enterprise privacy documentation as of May 2026. Updated 2026-05-20.
What this post covers and what it does not
This post is a CISO-grade walkthrough of ChatGPT Enterprise, intended for security leaders evaluating it as the sanctioned default tool for their organisation. It is not a vendor comparison and it is not a sales document. Where OpenAI provides strong native controls we say so; where there are gaps that require an external control plane we describe them concretely.
We focus on three artefacts that should drive the CISO decision: the Trust portal and SOC 2 attestation; the Enterprise privacy documentation including the data processing addendum and BAA terms; and the actual product capability around identity, audit, and DLP as observed in deployment. Sources are listed at the end of the post and linked inline where load-bearing.
What OpenAI Enterprise gets right
OpenAI publishes one of the more transparent enterprise security postures among foundation model vendors. The Trust portal exposes the current SOC 2 Type 2 report (subject to NDA), the data processing addendum, the subprocessor list, and the GDPR and CCPA documentation. Five capabilities are credibly enterprise-grade as of May 2026.
SOC 2 Type 2 and additional attestations
OpenAI maintains SOC 2 Type 2 for the ChatGPT Enterprise and API platforms. The report covers security, availability, and confidentiality criteria. ISO/IEC 27001 and ISO/IEC 27018 certifications are also documented on the Trust portal. CSA STAR Level 1 attestation is published. For a CISO running the standard vendor security questionnaire, these attestations cover the bulk of the security domain questions out of the box.
No-training default
ChatGPT Enterprise and the API on Enterprise terms default to not using customer inputs or outputs for model training. This is the single most important policy decision for most CISOs, because it neutralises the largest perceived risk in pasting work content into the chat interface. The default is enforced for all Enterprise tenants and is contractually backed via the DPA. For free and Plus tiers the default is different, which is why personal-tier shadow use is the primary risk vector even in organisations with a deployed Enterprise tenant.
Encryption in transit and at rest
OpenAI uses TLS 1.2 or higher for transit and AES-256 for data at rest. Customer data in the Enterprise tenant is logically isolated, and OpenAI exposes a workspace-level data residency option for Europe-stored data (see EU data residency below). For most CISOs, this is sufficient cryptographic posture; the residual questions are usually about key management and bring-your-own-key, which OpenAI has not generally exposed for ChatGPT Enterprise.
SAML SSO and SCIM provisioning
ChatGPT Enterprise supports SAML 2.0 SSO with major identity providers (Okta, Microsoft Entra ID, Google Workspace) and SCIM 2.0 for user provisioning and deprovisioning. This satisfies the baseline identity requirement and integrates the tenant into the standard joiner-mover-leaver workflow. Group-based access control is available via IDP group claims.
BAA availability for HIPAA workloads
OpenAI offers a Business Associate Agreement (BAA) on request for ChatGPT Enterprise and the API on Enterprise terms. The BAA is signed only after a HIPAA readiness review and applies only to designated covered workloads. The BAA is the gating contract for any health system or covered entity using ChatGPT Enterprise as a sanctioned tool; without it, PHI cannot be processed even if all other technical controls are in place.
EU data residency option
OpenAI launched an EU data residency option for ChatGPT Enterprise in early 2024, with conversation data stored in EU-based infrastructure. Customers with EU GDPR processing obligations can opt in to the residency commitment for new workspaces. The commitment covers conversation content and certain related metadata; some operational data and model serving may still touch US infrastructure depending on the request type, and CISOs should review the current Trust portal documentation for the exact scope.
Where the gaps are and where Areebi sits beside OpenAI
Five capabilities are either unavailable, limited, or vendor-locked in ChatGPT Enterprise, and these are typically the reasons CISOs deploy an external control plane alongside the OpenAI tenant. The Areebi platform is one such control plane; the gaps described below are the general pattern, independent of vendor choice.
Gap 1: Workspace-level DLP and content policy
ChatGPT Enterprise has limited native DLP - it can block file uploads beyond a size threshold and supports SSO group-based access, but it does not provide content-aware policy enforcement at the prompt layer. If an employee pastes a 12,000-word document containing customer PII, source code, or regulated data into the chat interface, the request reaches the model with no policy interception.
An external control plane sits between user and OpenAI, inspects each prompt against policy rules (PII patterns, source code signatures, regulated data classifiers, custom allow and block lists), and either redacts, blocks, or warns before the request reaches OpenAI. This is the most common reason Enterprise customers add Areebi or an equivalent: the OpenAI tenant is the model layer, the control plane is the enforcement layer.
Gap 2: Identity-aware policy enforcement
SAML and SCIM let OpenAI know who the user is, but policy decisions remain coarse-grained (workspace-level, group-level). Most CISOs want finer-grained rules: a customer success rep can paste internal documents but not source code, an engineer can paste source code but not customer PII, a compliance officer can read both but not retain conversation history beyond seven days.
This level of identity-aware policy is typically implemented in the control plane, with rules expressed against IDP group membership and claims, and enforced at the prompt layer before requests reach OpenAI. The model never sees content the user was not authorised to send.
Gap 3: Audit log access and SIEM ingestion
ChatGPT Enterprise provides admin audit logs via the workspace console, but exposing those logs to a SIEM (Splunk, Sentinel, Chronicle) for centralised security operations requires custom work. The audit log is also at the workspace level and does not provide the prompt and response payload metadata most CISOs want for incident investigation.
An external control plane sits in the prompt path and captures audit-grade telemetry per interaction: who, what (with appropriate redaction or hashing), when, what policy fired, and what the response was. The telemetry is forwarded to the SIEM in standard formats and retained per the customer's retention policy.
Gap 4: Multi-region failover and provider diversification
The OpenAI Enterprise tenant is vendor-locked by definition. If OpenAI is degraded, breached, or simply unavailable for an extended window, the workloads dependent on it fail. Many regulated workloads also benefit from multi-model verification (run the same prompt against OpenAI and Anthropic, compare outputs, escalate disagreements).
An external control plane abstracts the provider behind a stable internal interface, supports failover between providers, and can route workloads to the appropriate model per policy (sensitive workloads to BAA-covered providers, code workloads to specialised code models, multilingual workloads to a regional provider). This is increasingly a procurement requirement for federal, healthcare, and financial workloads.
Gap 5: Cross-vendor unified governance
Even organisations that standardise on OpenAI Enterprise as the default will use other providers: Anthropic Claude for long-context analysis, Google Gemini for Google Workspace integration, embedded AI in CRM and productivity tools. A single-vendor governance posture leaves these workloads unmanaged.
An external control plane provides one policy, one audit log, one inventory, and one DLP rule set across all providers, so that the AI Acceptable Use Policy means the same thing whether the employee is using ChatGPT Enterprise, the Anthropic console, or a Slack AI feature. This is the unified posture NIST AI RMF GOVERN 1 and 6 expect.
Get your free AI Risk Score
Take our 2-minute assessment and get a personalised AI governance readiness report with specific recommendations for your organisation.
Start Free AssessmentCoverage map: OpenAI Enterprise vs Areebi control plane
The table below summarises where the OpenAI Enterprise tenant is sufficient and where the Areebi control plane fills the gap. The intent is not to argue against using OpenAI Enterprise - we recommend it as a strong baseline - but to make the architectural division of responsibility explicit.
| Capability area | OpenAI Enterprise (native) | External control plane (Areebi) |
|---|---|---|
| Foundation model | Yes (GPT family) | N/A (delegated) |
| No-training default | Yes (DPA-backed) | Enforced + cross-vendor |
| SOC 2 / ISO 27001 | Yes | Yes (additive) |
| SAML SSO + SCIM | Yes | Yes (additive identity layer) |
| BAA / HIPAA | Yes (on request) | Workspace-level HIPAA support |
| EU data residency | Yes (opt-in) | Multi-region orchestration |
| Prompt-layer DLP | Limited | Yes (PII, code, custom classifiers) |
| Identity-aware policy | Group-level only | Fine-grained per role and claim |
| SIEM-grade audit log | Workspace admin log only | Per-interaction telemetry to SIEM |
| Multi-provider failover | No | Yes (30+ providers supported) |
| Cross-vendor unified policy | No | Yes (one policy across all) |
At Areebi, we built the control plane to sit beside OpenAI Enterprise, not replace it - customers who already pay for ChatGPT Enterprise typically keep it and add Areebi for the five gaps above. The architectural pattern is documented in the AI control plane enterprise guide.
Regulatory mapping: where OpenAI Enterprise alone falls short
For most consumer and internal-productivity use cases, ChatGPT Enterprise satisfies the relevant regulatory baseline. The picture changes when the AI use sits inside a regulated workflow.
NIST AI 600-1 (Generative AI Profile). The July 2024 profile catalogues twelve risk categories specific to generative AI (confabulation, dangerous information, data privacy, environmental impacts, harmful bias, human-AI configuration, information integrity, information security, intellectual property, obscene content, value chain and component integration, and CBRN information). OpenAI provides controls for several at the model layer (safety classifiers, content filters, system prompts), but the workspace-level controls (DLP, identity policy, audit log) needed for the bulk of these risks live in the control plane.
EU AI Act Article 50 (transparency obligations). Article 50 requires that users be informed when interacting with an AI system and that AI-generated content be marked. ChatGPT Enterprise meets the user-facing notice via product design, but Article 50 also requires enterprise deployers to maintain records sufficient to demonstrate compliance, which sits in the audit log layer typically delivered by the control plane.
HIPAA / HITECH. The BAA is necessary but not sufficient. The covered entity remains responsible for the rest of the security and privacy posture - access control, audit log, minimum necessary, breach response. The control plane delivers the workspace-level evidence the covered entity's compliance team needs to produce on audit.
Sector-specific (FINRA, SEC, FCA, MAS, FedRAMP). Each regulator's audit trail and supervisory access requirements are typically satisfied at the control plane layer rather than the model layer, because the control plane is what the regulator can audit independently of the model vendor.
CISO decision checklist
Use this checklist to decide whether ChatGPT Enterprise alone is sufficient or whether an external control plane is required. Five or more yes answers strongly indicate the need for an additional control layer.
- Do you have workloads that touch regulated data classes (PHI, PCI, PII at scale, customer financial data, classified or controlled unclassified information)?
- Do you need fine-grained policy enforcement by user role rather than only workspace-level access?
- Do you need prompt and response telemetry forwarded to a SIEM in standard formats for SOC integration?
- Do you use, or plan to use, more than one foundation model provider?
- Do you have data residency requirements that go beyond OpenAI's published commitments?
- Do you need multi-provider failover or model verification?
- Do you have regulators or customers who require independent audit log access?
- Do you need a single AI Acceptable Use Policy that applies across all AI tools including embedded vendor features?
The Areebi AI Governance Assessment walks through the full readiness map and produces a prioritised remediation plan.
What to read next
- Anthropic Claude + Areebi architecture walkthrough - the parallel walkthrough for Claude deployments.
- AI control plane enterprise guide - the architectural pattern this guide assumes.
- AI control plane vs AI gateway - the distinction that matters when picking the right control layer.
- NIST AI RMF GOVERN deep dive - the regulatory framing for the gaps described above.
- EU AI Act compliance for mid-market - the cross-jurisdiction view that includes Article 50 transparency.
External sources
- OpenAI Trust portal (current attestations, DPA, subprocessor list): trust.openai.com.
- OpenAI Enterprise privacy documentation: openai.com/enterprise-privacy.
- NIST AI 600-1, Generative AI Profile (July 2024): nist.gov/itl/ai-risk-management-framework.
- EU AI Act (Regulation 2024/1689), Article 50 transparency obligations: eur-lex.europa.eu/eli/reg/2024/1689/oj.
- OpenAI ChatGPT Enterprise data controls and HIPAA documentation: help.openai.com.
Frequently Asked Questions
Does ChatGPT Enterprise sign a BAA?
Yes, OpenAI offers a Business Associate Agreement (BAA) on request for ChatGPT Enterprise and the API on Enterprise terms, after a HIPAA readiness review. The BAA covers designated workloads only. Covered entities are still responsible for the rest of the HIPAA security and privacy posture, which is where the workspace control plane usually contributes the audit and policy evidence required on examination.
Is the no-training default contractually binding?
Yes, for ChatGPT Enterprise and for API access on Enterprise terms, the no-training commitment is documented in the data processing addendum (DPA) and is the contractual default. For free, Plus, and Team tiers the default is different, which is why personal-tier ChatGPT use is the primary policy risk in most enterprises even when an Enterprise tenant is deployed.
Can I use my own encryption keys?
As of May 2026, OpenAI does not generally expose bring-your-own-key (BYOK) for ChatGPT Enterprise. Encryption keys are managed by OpenAI on behalf of the tenant. For workloads that require BYOK by regulation (some financial and healthcare contexts), the typical pattern is to layer an external control plane that performs envelope encryption of sensitive content before it reaches OpenAI, with the customer holding the outer key.
Does ChatGPT Enterprise support per-user policy enforcement?
Native policy enforcement is workspace-level and group-level, derived from IDP group membership. Fine-grained per-user or per-role policy (different DLP rules for different teams, different retention for different data classes) is typically implemented in an external control plane that sits between the user and OpenAI, applies policy at the prompt layer, and forwards the sanitised request to OpenAI.
How does the OpenAI audit log integrate with my SIEM?
The ChatGPT Enterprise admin audit log is available via the workspace console and a Compliance API. Custom integration to a SIEM (Splunk, Sentinel, Chronicle) is the customer's responsibility. The native log captures workspace administration events (user adds, role changes, configuration changes). Per-interaction telemetry (which prompts were sent, which policy fired, what was redacted or blocked) typically requires a control plane in the prompt path; this is one of the most common drivers for deploying Areebi alongside ChatGPT Enterprise.
Should I use ChatGPT Enterprise or build on the OpenAI API?
Both have a place. ChatGPT Enterprise is the right sanctioned tool for general employee productivity - the user interface, knowledge ingestion, and admin controls are mature. The API is the right substrate for custom applications, integrations, and workflows where you need full control over context, prompts, and tool use. Most enterprises with serious AI adoption end up using both, with a control plane providing the unified policy, DLP, and audit layer across the two.
Related Resources
Stay ahead of AI governance
Weekly insights on enterprise AI security, compliance updates, and governance best practices.
Stay ahead of AI governance
Weekly insights on enterprise AI security, compliance updates, and best practices.
About the Author
Areebi Research
The Areebi research team combines hands-on enterprise security work with deep AI governance research. Our analysis is informed by primary sources (NIST, ISO, OECD, federal registers, IAPP) and the operational realities of CISOs running AI programs in regulated industries today.
Ready to govern your AI?
See how Areebi can help your organization adopt AI securely and compliantly.