Conclusion
M365 Copilot has considerable potential, but will require that one takes small and controlled steps. For Microsoft’s part, the tool is contingent on an organisation having extremely good control over its own information management, something that many organisations probably will not have.
It is unlikely that it will be possible to use M365 Copilot in a responsible and lawful manner without considerable preparation in advance. This includes getting one’s own house in order and carrying out thorough data protection impact assessments for its planned applications. The technology also makes high demands of training of employees, and of awareness and knowledge among the organisation’s users.
The positive aspect of this work is that a strong focus on information management can generate major benefits way beyond the actual use of this tool. Efficient, well-functioning information management is the very foundation for succeeding with digitalisation, socially beneficial data sharing and cost-effective compliance with laws and regulations, including the GDPR. Adopting new and advanced technology without thorough preparation, understanding its possibilities and limitations, and securing the necessary expertise, will not be responsible.
Responsible use and testing
It is possible for Norwegian organisations to use M365 Copilot, but use cases should be chosen carefully to ensure compliance with, among other things, data protection requirements. At the same time, it is both right and important to test new technology and gain practical experience of the opportunities it presents, contingent on the necessary assessments being made in advance, and the organisation having good processes and establishing measures to reduce identified risks.
Other options including language model technology
The same large language model technology that underpins M365 Copilot can also be used in other and more targeted ways than purely as a general office support tool. Such approaches can reduce requirements for organisational changes, ensure faster investment recovery and, not least, improve control of quality and compliance with regulations. It is therefore important to assess whether other AI solutions exist that can meet the organisation’s specific needs, but which entail a lower data protection risk. It could also be the case that more focused solutions could be a good starting point for later use of integrated AI solutions such as M365 Copilot. By first getting the organisation’s own house in order and establishing support mechanisms for compliance with requirements, organisations will be better equipped to use advanced solutions when products such as M365 Copilot have had time to mature and adapt.