When you choose to use ChatGPT or other third-party AI through Apple Intelligence, your data is sent to that third party's servers under their own privacy policies, not Apple's PCC protections.
This analysis describes what Apple Intelligence's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Requests forwarded to third-party AI providers such as ChatGPT are not subject to PCC's privacy architecture, meaning the stateless computation, no privileged access, and non-targetability guarantees described elsewhere in this guide do not apply to those interactions.
The document states that third-party AI model requests, such as those sent to ChatGPT, are governed by the third party's own terms and privacy policies, not by PCC's architecture, meaning users who utilize third-party AI extensions within Apple Intelligence should review those providers' separate privacy disclosures.
Cross-platform context
See how other platforms handle Third-Party Model Integration and ChatGPT Extension and similar clauses.
Compare across platforms →Monitoring
Apple Intelligence has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"Apple Intelligence includes the ability to access third-party AI models, including ChatGPT, with user permission. When a user chooses to use a third-party model, their request is sent to that model's infrastructure and is subject to the third party's terms and privacy policies. Apple does not control the privacy practices of third-party AI providers and makes no warranty regarding the privacy properties of their services.— Excerpt from Apple Intelligence's Apple Private Cloud Compute Security Guide
1. REGULATORY LANDSCAPE: Third-party model integration engages GDPR Article 26 (joint controllers) and Article 28 (processor agreements) considerations, as the forwarding of user request data to third-party AI providers may constitute a data transfer to a separate controller or processor. CCPA service provider and third-party sharing provisions are relevant for California users. The EU AI Act's requirements for transparency about AI system components may require disclosure of third-party model involvement to users. OpenAI's applicable terms and data processing agreements should be assessed separately. 2. GOVERNANCE EXPOSURE: High. The forwarding of Apple Intelligence requests to third-party AI providers creates a data sharing relationship governed by separate terms, which may not provide equivalent privacy protections to PCC. Enterprise deployments that include third-party AI extensions must assess each provider's privacy practices independently. Users who enable third-party model access may be sharing sensitive request data with providers subject to materially different data retention and access policies. 3. JURISDICTION FLAGS: EU/EEA data transfers to US-based AI providers, including OpenAI, require valid transfer mechanisms under GDPR Chapter V (Standard Contractual Clauses or other mechanisms). California CCPA assessments should address whether third-party AI requests constitute a sale or sharing of personal data. Healthcare and financial services operators face heightened risk if regulated data categories are included in requests forwarded to third-party models. 4. CONTRACT AND VENDOR IMPLICATIONS: Enterprise procurement teams should assess each third-party AI provider integrated with Apple Intelligence as a separate vendor, requiring review of their data processing agreements, subprocessor lists, retention policies, and international transfer mechanisms. The document's statement that Apple makes no warranty regarding third-party privacy properties places the due diligence burden on deploying organizations. 5. COMPLIANCE CONSIDERATIONS: Data protection impact assessments for Apple Intelligence deployments should include a specific assessment of third-party AI extension usage. Organizations should implement user communication or training to ensure employees understand that third-party AI requests within Apple Intelligence are not subject to PCC's privacy protections. Consent mechanisms may need to be reviewed to ensure users are adequately informed before their data is forwarded to third-party providers.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Requests forwarded to third-party AI providers such as ChatGPT are not subject to PCC's privacy architecture, meaning the stateless computation, no privileged access, and non-targetability guarantees described elsewhere in this guide do not apply to those interactions.
The document states that third-party AI model requests, such as those sent to ChatGPT, are governed by the third party's own terms and privacy policies, not by PCC's architecture, meaning users who utilize third-party AI extensions within Apple Intelligence should review those providers' separate privacy disclosures.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Apple Intelligence.