The three-tier AI tool landscape: consumer, API, enterprise
Marketing teams encounter AI tools across three distinct tiers that carry different data handling defaults, different contractual protections, and different compliance implications.
| Tier | Examples | Training default | DPA available | BAA available | IP indemnification |
|---|---|---|---|---|---|
| Consumer | ChatGPT free/Plus, consumer Gemini | Opt-in (opt-out setting exists) | No | No | No |
| API | OpenAI API, Anthropic API, Google Cloud Vertex AI | Off by default | Yes (via terms) | Case-by-case | Limited |
| Enterprise | ChatGPT Enterprise, Claude for Work, Gemini for Workspace | Off by default | Yes (included) | Yes (BAA available) | Yes (Copyright Shield / equivalent) |
The practical upshot: enterprise-tier tools provide the contractual framework that regulated industries require. The consumer tier provides no contractual protection regardless of the user's opt-out settings. The API tier is the developer path, with a DPA available in standard terms but BAA and indemnification requiring negotiation.
The model capability misconception
ChatGPT Enterprise and the consumer GPT-4o use the same underlying model weights. The enterprise subscription does not provide access to a safer or more capable AI. It provides the DPA, BAA, SOC 2 audit coverage, audit logging, SSO/SCIM, and IP indemnification. Marketing teams that choose consumer-tier tools to avoid procurement complexity are trading contractual protections for convenience, not trading down on model quality.
What "no training" actually means and what it does not cover
All three major enterprise AI providers (OpenAI as of January 2026, Anthropic as of March 2026, Google Workspace) have confirmed that enterprise-tier accounts are not used to train the underlying models by default. This is the headline that most marketing teams cite as their data protection justification.
The less-cited reality: "no training" is not "no retention." All three platforms retain conversation and input data for approximately 30 days for Trust and Safety and abuse monitoring purposes, even when the training opt-out is active. This retention window exists on all enterprise accounts regardless of subscription tier or geographic location.
Eliminating the 30-day retention window requires a separately negotiated Zero Data Retention (ZDR) addendum. This is a legal procurement task, not an IT configuration. It typically requires a formal enterprise agreement, legal review on both sides, and a committed minimum spend. Marketing teams in regulated industries (financial services, healthcare, legal) that handle PHI, PII, or confidential client data in AI workflows should evaluate whether the 30-day retention window creates a compliance gap under their applicable regulatory framework before deploying.
Adobe Firefly: a structurally different data position
Adobe Firefly Enterprise occupies a distinct position in the market: its foundation model was trained exclusively on licensed Adobe Stock content and public domain materials. The other major providers trained on internet data and wall off enterprise customer inputs via contractual policy. Adobe's training-data approach is what makes its commercial IP indemnification commercially viable; the indemnification backstop is less exposed because the training corpus is clean. This structural difference matters when choosing an AI image-generation tool for brand campaigns where IP risk is material.
Copyright in AI-generated content: the January 2025 position
The US Copyright Office published its Part 2 Report on AI and copyright in January 2025, establishing the current US legal framework: human authorship is required for copyright protection. Wholly AI-generated outputs have no copyright protection. Copyright attaches only to the perceptible human-authored elements within an AI-assisted work.
The practical meaning for marketing teams is more proportionate than the headline suggests. Most enterprise marketing content sits in a category where copyright protectability was never the primary concern. An email subject line, a social caption, or a product description has limited copyright value regardless of how it was produced. The marketing use case for copyright is primarily defensive (stopping competitors from copying) and that use case is rarely relevant for this content class.
The copyright gap becomes material in a narrower set of situations:
- Brand asset libraries built for licensing or franchising where third parties pay to use the creative work.
- Creative campaigns where the originality of the creative is commercially significant, such as a distinctive brand character or campaign visual built for long-term use.
- M&A and partnership due diligence where the IP portfolio is being valued and AI-generated content within it carries no copyright ownership.
- Publishing and editorial content where exclusivity and first-publication rights have commercial value.
For each of these, the workable approach is to document the human creative choices that shape AI output: the art direction decisions, the editorial selections, the arrangement judgements. Copyright attaches to those human choices. Prompting alone, without documented human creative direction, is likely insufficient under the current framework.
IP indemnification programmes: what they cover and where they stop
The four major enterprise AI indemnification programmes are: OpenAI Copyright Shield, Microsoft's Copilot Copyright Commitment, Google Cloud's generative AI indemnification, and Adobe's IP indemnification for Firefly Enterprise. All four are real, and all four have scope constraints that limit their practical value in certain scenarios.
What they generally cover: third-party copyright infringement claims against the enterprise customer arising from the vendor's AI generating output that replicates protected third-party material without the customer's instruction to do so. If the AI model produces content that happens to match copyrighted material it was trained on, and that customer is sued, the vendor covers the defence and damages.
What they generally do not cover:
- Claims arising from prompts that the customer submitted which contained third-party IP (the customer is treating the AI as a reproduction tool).
- Claims where the customer misrepresented their use case in the enterprise agreement.
- Claims against the customer for their own marketing claims or representations made using AI-generated content (this is a different legal domain: advertising law, consumer protection, not copyright).
- Claims in jurisdictions where the vendor's indemnification programme has not been formally extended.
The indemnification is an important risk mitigation for enterprise teams generating visual assets and long-form content at scale. It is not blanket immunity from intellectual property claims related to AI use.
C2PA content authenticity: what it does and the social distribution gap
C2PA (Coalition for Content Provenance and Authenticity) version 2.1, published September 2024, is the current standard for embedding provenance metadata in digital content. The metadata functions as a chain of custody: it records who created the asset, with which tools, whether AI was involved, and whether it has been subsequently modified.
Adoption is broad among major vendors. Adobe embeds C2PA metadata in assets created with Firefly and Creative Cloud. OpenAI applies it to DALL-E 3 images and ChatGPT-generated images. Google's SynthID watermarking system, integrated with C2PA, was expanded at Google I/O in May 2026 to include Chrome, Search, and the Gemini app. OpenAI is also integrating C2PA Content Credentials into its image outputs. The standard is becoming default, not optional, for enterprise AI image generation.
The social distribution gap
C2PA metadata does not survive upload to most major social platforms. X, Instagram, LinkedIn, and Facebook all recompress images on upload, and that recompression strips the C2PA metadata. An image generated by Firefly with full C2PA provenance and uploaded to Instagram has no C2PA metadata when downloaded by a user or third party. For assets distributed directly to owned channels (website, display advertising, email, CMS), C2PA provenance works as intended. For social distribution, it is currently lost in transit. This is the single most important C2PA limitation for marketing teams whose primary distribution channel is social.
The practical implication: C2PA is most valuable for brand campaigns where authenticity verification matters and the asset is distributed through channels that preserve the metadata. It is also useful as an internal content management record even if the metadata is stripped on external distribution. Do not position C2PA as a solution to social media AI-content disclosure, because the metadata will not be present when it matters.
The minimum viable AI governance programme for marketing teams
Most marketing teams either over-engineer AI governance (multi-committee approval, 30-page policies that no one reads) or under-engineer it (no documentation, consumer tools used for confidential content). The minimum viable programme that is both defensible and usable in practice has five components.
Tool inventory and tier classification. Document every AI tool in active use. Assign each to a tier (consumer, API, enterprise). Know which team members have access to each tier. This is the baseline without which nothing else is possible.
Data classification and tier assignment rules. Define which data categories can enter which tier. A workable framework: customer PII and PHI are enterprise-tier only with a DPA or BAA in place. Confidential business strategy and unreleased product information are enterprise-tier only. Brand-approved campaign copy, public market data, and non-sensitive research can enter any tier. This policy needs to be one page, not a document.
A reviewed prompt library. Approved prompts for the most common marketing tasks, reviewed by the team, updated quarterly. The prompt library's value is not consistency of output; it is that reviewed prompts have been assessed for the sensitive-information risk of what they instruct the AI to produce. A prompt library stored in a Notion page without integration into the tool workflow becomes shelfware within weeks. Integrate it into the tool interface if possible, or into a Slack approval workflow if not.
Review gates by content type. For regulated content (financial promotions, healthcare claims, legal representations), every AI output requires substantive review by a qualified person before publication. This review is not a click-to-approve; it is the same content review that human-written content would require. The audit trail must capture the AI tool and prompt used, the output, and the reviewer sign-off by name.
Incident and drift monitoring. A quarterly review of which tools are in use, whether tier assignments are still appropriate, and whether any regulated content has been produced outside the review gate. The drift risk is real: a team that starts with enterprise tools and clear rules tends to accumulate shadow consumer tool usage within 6 months as team members discover faster or cheaper alternatives.