Control 1.5: Sensitivity Label Taxonomy Review for Copilot
Control ID: 1.5 Pillar: Readiness & Assessment Regulatory Reference: GLBA 501(b), SOX 302/404, FFIEC IT Handbook (Information Security Booklet), SEC Regulation S-P Last Verified: 2026-02-17 Governance Levels: Baseline / Recommended / Regulated
Objective
Review and update the organization's Microsoft Purview sensitivity label taxonomy before deploying Microsoft 365 Copilot to address Copilot-specific scenarios including Copilot interaction restrictions, auto-labeling for AI-generated content, DLP integration with sensitivity labels, and label-based access controls that govern how Copilot processes and generates content. This control supports compliance with data classification requirements and helps prevent Copilot from processing or generating content with insufficient protection.
Why This Matters for FSI
- GLBA 501(b): Sensitivity labels are a primary technical safeguard for classifying and protecting customer financial information. Without a Copilot-aware label taxonomy, AI-generated content may be created without appropriate classification, creating unprotected copies of regulated data.
- SOX 302/404: Financial reporting data must be subject to internal controls including classification. Copilot can generate summaries, analyses, and reports from financial data -- these outputs must inherit appropriate sensitivity labels to maintain control integrity.
- FFIEC IT Handbook (Information Security): Data classification is a foundational information security control. The introduction of AI content generation requires extending classification practices to cover AI-generated outputs.
- SEC Regulation S-P: Labels that classify consumer financial information support privacy safeguards by enabling DLP policies that restrict how Copilot handles protected content.
- FINRA Rule 3110: Copilot-generated communications that reference client data must carry appropriate sensitivity classification to support supervisory review requirements.
Control Description
Why Existing Labels May Be Insufficient for Copilot
Most organizations implemented sensitivity labels for human-created content workflows. Copilot introduces new scenarios that existing taxonomies may not address:
| Scenario | Gap | Risk |
|---|---|---|
| Copilot generates content from labeled sources | Generated content may not inherit source labels | AI-generated summaries of "Highly Confidential" documents may be created as "General" |
| Copilot processes labeled content for grounding | No label-based restriction on Copilot access | Copilot can read and cite "Highly Confidential" content if user has permission |
| Auto-labeling for AI-generated content | No auto-labeling policies targeting Copilot outputs | AI-generated documents are created without labels |
| DLP policies referencing labels | DLP may not cover Copilot interaction channels | Label-based DLP may not trigger on Copilot-generated responses |
| Label inheritance across workloads | Labels on SharePoint files may not propagate to Copilot-generated Teams messages | Cross-workload content generation bypasses label inheritance |
Recommended Label Taxonomy Enhancements for Copilot
| Label Enhancement | Purpose | Implementation |
|---|---|---|
| "Copilot Restricted" sublabel | Prevent Copilot from processing content with this label | Apply encryption with Copilot-restrictive usage rights via sensitivity label encryption settings |
| "AI-Generated" marking | Identify content created by Copilot for supervisory review | Auto-labeling policy triggered by Copilot content creation metadata |
| Auto-labeling for Copilot outputs | Automatically classify Copilot-generated documents | Auto-labeling policies that detect Copilot provenance |
| DLP-integrated labels | Enable DLP policies that restrict Copilot actions on labeled content | DLP rules referencing sensitivity labels for Copilot interaction restrictions |
| Mandatory labeling enforcement | Require labels on all content including Copilot-generated content | Mandatory labeling policy in Microsoft Purview |
Label Taxonomy Review Checklist
| Review Area | Questions to Answer | Impact on Copilot |
|---|---|---|
| Current label coverage | What percentage of content has labels? Are there gaps in specific workloads? | Unlabeled content is invisible to label-based Copilot controls |
| Label granularity | Are labels granular enough to distinguish content that Copilot should/should not process? | Overly broad labels cannot provide precise Copilot access control |
| Encryption settings | Which labels apply encryption? What usage rights are configured? | Encryption settings determine whether Copilot can process labeled content |
| Auto-labeling policies | Are auto-labeling policies configured? Do they cover Copilot output scenarios? | Missing auto-labeling means AI-generated content may be unclassified |
| DLP integration | Do DLP policies reference sensitivity labels? Are Copilot channels covered? | Label-based DLP is a primary control for governing Copilot interactions |
| Label priority and order | Is the label priority order correct for Copilot scenarios (higher sensitivity takes precedence)? | Incorrect priority could result in Copilot-generated content receiving lower classification than source material |
| Sublabel structure | Do sublabels provide sufficient granularity for Copilot governance? | Sublabels enable fine-grained Copilot restrictions within broader classification categories |
Copilot-Specific Label Recommendations for FSI
| Classification Level | Copilot Behavior | Configuration |
|---|---|---|
| Public | Copilot can freely process and generate content | No restrictions |
| General / Internal | Copilot can process; generated content inherits "Internal" label | Auto-labeling on Copilot outputs; DLP prevents external sharing |
| Confidential | Copilot can process with DLP monitoring; generated content labeled "Confidential" | DLP logs Copilot interactions; auto-labeling on outputs |
| Highly Confidential | Copilot can process if user has permission; generated content labeled "Highly Confidential" with encryption | DLP restricts external sharing and monitors access; encryption prevents unauthorized access to outputs |
| Highly Confidential - Copilot Restricted | Copilot is blocked from processing this content | Encryption with restrictive usage rights that exclude Copilot processing; content visible to user but excluded from Copilot grounding |
Label Inheritance Model for Copilot
Source Content (Labeled) ──> Copilot Processing ──> Generated Output
Inheritance Rules:
1. If single source: Output inherits source label (or higher)
2. If multiple sources: Output inherits highest sensitivity label
3. If no source labels: Output receives organization default label
4. If mandatory labeling: User prompted to apply label before saving
5. If auto-labeling configured: Label applied automatically based on content analysis
Copilot Surface Coverage
| Copilot Surface | Label Relevance | Key Consideration |
|---|---|---|
| Microsoft 365 Copilot Chat | Critical | Cross-workload responses may combine content from multiple label levels |
| Word | Critical | Document generation must respect and apply sensitivity labels |
| Excel | High | Data analysis outputs should inherit labels from source workbooks |
| PowerPoint | High | Presentations generated from labeled content need label inheritance |
| Outlook | Critical | Copilot-drafted emails referencing labeled content need classification |
| Teams | High | Copilot responses in Teams chat should respect channel sensitivity settings |
| SharePoint | High | Copilot-generated content in SharePoint libraries must be labeled |
| OneDrive | High | Auto-labeling must cover Copilot-created files saved to OneDrive |
| Copilot Pages | High | New content type that requires label governance from inception |
| Loop | Medium | Loop components with Copilot-generated content need labeling |
Governance Levels
| Level | Requirement | Rationale |
|---|---|---|
| Baseline | Review existing sensitivity label taxonomy for Copilot readiness. Ensure mandatory labeling is enabled. Verify that labels with encryption settings are correctly configured for Copilot scenarios. Document any gaps identified. | Minimum review to identify critical gaps in label taxonomy that could result in unclassified AI-generated content. |
| Recommended | All Baseline requirements plus: implement "Copilot Restricted" sublabel for highest-sensitivity content. Configure auto-labeling policies for Copilot-generated content. Integrate sensitivity labels with DLP policies covering Copilot interaction channels. Achieve >75% label coverage across in-scope workloads. Document label taxonomy decisions and Copilot-specific configurations. | Provides active label-based governance of Copilot interactions with auto-labeling and DLP integration. |
| Regulated | All Recommended requirements plus: achieve >90% label coverage. Implement label analytics monitoring for Copilot-generated content. Conduct quarterly label taxonomy reviews that include Copilot scenario testing. Validate that label inheritance works correctly across all Copilot surfaces. Document label governance in regulatory examination file. Engage compliance team in label taxonomy decisions for regulated data categories. | Comprehensive label governance that supports examination readiness and provides documented evidence of AI content classification controls. |
Setup & Configuration
Step 1: Review Current Label Taxonomy
Navigate to Microsoft Purview portal > Information Protection > Labels and inventory:
- All active sensitivity labels and sublabels
- Encryption settings per label
- Auto-labeling configurations
- Label policies (scope, mandatory labeling, default labels)
Step 2: Assess Label Coverage
Use Microsoft Purview > Information Protection > Label Analytics to measure:
- Percentage of content with labels applied across each workload
- Distribution of content across label levels
- Trend data for labeling coverage over time
Step 3: Create Copilot-Specific Labels
If gaps are identified, create or modify labels:
Navigate to Microsoft Purview > Information Protection > Labels > Create a label
Key configuration for "Copilot Restricted" sublabel: - Apply encryption with custom permissions - Configure usage rights that restrict programmatic access - Set as sublabel under the highest-sensitivity parent label
Step 4: Configure Auto-Labeling Policies
Navigate to Microsoft Purview > Information Protection > Auto-labeling and create policies for:
- Content matching financial SITs (SSN, account numbers, credit card numbers)
- Content in specific SharePoint sites containing regulated data
- Copilot-generated content (detected via content metadata)
Step 5: Integrate Labels with DLP
Navigate to Microsoft Purview > Data Loss Prevention > Policies and verify:
- DLP policies reference sensitivity labels as conditions
- Copilot interaction channels (Copilot Chat, Teams, etc.) are covered by DLP policies
- Label-based DLP actions include logging, blocking, and user notification
Financial Sector Considerations
- NPI Classification: Labels must cover Gramm-Leach-Bliley Non-Public Personal Information categories. Ensure labels for customer financial data, account information, and transaction histories are appropriately mapped to Copilot governance actions.
- MNPI Handling: Material non-public information used in trading, investment banking, and research activities should carry labels that restrict Copilot processing in contexts outside the designated information barrier segment.
- Board and Committee Materials: Board reports, audit committee materials, and executive compensation data often lack sensitivity labels despite high sensitivity. Review label coverage for these content categories before Copilot deployment.
- Client Communication Labels: Copilot-drafted client communications (emails, presentations, proposals) must carry labels that enable supervisory review workflows required by FINRA Rule 3110.
- Regulatory Report Labels: Content used in regulatory filings (SEC 10-K, Call Reports, FINRA FOCUS) should carry labels that prevent Copilot from incorporating pre-release regulatory data into non-regulatory contexts.
- Cross-Entity Label Consistency: Multi-entity financial organizations should harmonize label taxonomies across legal entities to ensure consistent Copilot governance, particularly where content is shared across entity boundaries.
Verification Criteria
- Existing sensitivity label taxonomy has been reviewed for Copilot readiness with gaps documented
- Mandatory labeling is enabled for all in-scope M365 workloads
- Encryption settings on high-sensitivity labels are confirmed compatible with intended Copilot behavior (block or allow processing)
- "Copilot Restricted" sublabel (or equivalent) is configured and tested for highest-sensitivity content (Recommended and Regulated levels)
- Auto-labeling policies are configured for Copilot-generated content (Recommended and Regulated levels)
- DLP policies integrating sensitivity labels cover Copilot interaction channels (Recommended and Regulated levels)
- Label coverage meets governance level targets (>50% Baseline / >75% Recommended / >90% Regulated)
- Label inheritance behavior has been tested across Copilot surfaces (Regulated level)
- Label taxonomy review cadence is established (annual minimum; quarterly for Regulated)
- Label governance decisions and configurations are documented and accessible for regulatory examination
Additional Resources
- Microsoft Learn: Sensitivity Labels
- Microsoft Learn: Auto-labeling policies
- Microsoft Learn: Sensitivity labels and Microsoft 365 Copilot
- Microsoft Learn: DLP policies for Microsoft 365 Copilot
- GLBA Safeguards Rule - Data Classification
- Related Controls: 1.1 Copilot Readiness Assessment, 1.6 Permission Model Audit, 2.1 DLP Policies for Copilot, 2.2 Sensitivity Labels & Classification
- Playbooks: Playbook 1.5.1 (Label Taxonomy Review Checklist), Playbook 1.5.2 (Copilot Restricted Label Configuration), Playbook 1.5.3 (Auto-Labeling Policy Setup), Playbook 1.5.4 (Label Coverage Gap Analysis)
FSI Copilot Governance Framework v1.2.1 - March 2026