This provision discloses that OpenAI and Microsoft Corporation (Azure) are authorized sub-processors for generative AI services across multiple covered services including Automotive Cloud, Consumer Goods Cloud, Financial Services Cloud, Education Cloud, Enhanced Messaging, and Agentforce Operations, with Customer Data processed in the United States and additional regions depending on the service.
This analysis describes what Slack's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The document establishes that generative AI processing by OpenAI and Microsoft Azure is integrated across a broad range of covered services, meaning Customer Data from financial services, education, consumer goods, and automotive contexts may be processed by these providers depending on which generative AI features are enabled, requiring organizations to evaluate whether their DPAs and transfer mechanisms cover generative AI sub-processing by these specific entities.
Under the terms disclosed in this document, Customer Data from multiple Salesforce service categories, including Financial Services Cloud, Education Cloud, Automotive Cloud, and Consumer Goods Cloud, may be processed by OpenAI and Microsoft Azure for generative AI functionality when those features are enabled. The processing locations include the United States and, for Azure, multiple additional countries depending on the service.
Cross-platform context
See how other platforms handle Generative AI Sub-processors for Multiple Covered Services and similar clauses.
Compare across platforms →Monitoring
Slack has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Provider of generative artificial intelligence services. OpenAI, L.L.C. United States In the event of a failover, Customer Data is temporarily re-routed to an endpoint hosted on Microsoft Azure and priority will be given to the region in which Customer's org is provisioned, subject to availability.— Excerpt from Slack's Slack Sub-Processors (Salesforce)
(1) REGULATORY LANDSCAPE: Generative AI processing by OpenAI and Microsoft Azure engages GDPR Article 28 sub-processing obligations, applicable AI governance frameworks including the EU AI Act for deployments within scope, and sector-specific data handling requirements applicable to financial services data (under applicable financial services regulations) and education data. The FTC has asserted authority over AI-related data practices affecting US consumers. Relevant enforcement authorities include EU supervisory authorities, the UK ICO, and sector-specific regulators depending on the data category. (2) GOVERNANCE EXPOSURE: Medium to High for organizations in regulated sectors. Financial Services Cloud and Education Cloud customers processing personal data through OpenAI or Azure generative AI features face the most direct sector-specific exposure, given that financial and education data may be subject to heightened protection requirements under applicable sector regulations. (3) JURISDICTION FLAGS: EU and EEA customers must ensure that generative AI processing by US-based providers is covered by an appropriate transfer mechanism. California organizations should evaluate CCPA applicability to Customer Data processed by OpenAI. Organizations in jurisdictions with AI-specific regulations should assess whether generative AI processing under these terms triggers disclosure or conformity obligations. (4) CONTRACT AND VENDOR IMPLICATIONS: Legal teams should confirm that DPAs with Salesforce explicitly authorize OpenAI and Microsoft Azure as generative AI sub-processors for each specific service where these features are enabled. Organizations in regulated sectors should assess whether additional contractual protections, data use restrictions, or audit rights are required for generative AI processing of sensitive data categories. (5) COMPLIANCE CONSIDERATIONS: Compliance teams should identify all generative AI features enabled across their Salesforce environment, confirm that OpenAI and Azure sub-processing is authorized under applicable DPAs and transfer mechanisms for each affected service, and evaluate whether sector-specific AI governance or data protection obligations apply to the processing described in this document.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 3 platforms + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The document establishes that generative AI processing by OpenAI and Microsoft Azure is integrated across a broad range of covered services, meaning Customer Data from financial services, education, consumer goods, and automotive contexts may be processed by these providers depending on which generative AI features are enabled, requiring organizations to evaluate whether their DPAs and transfer mechanisms cover generative AI …
Under the terms disclosed in this document, Customer Data from multiple Salesforce service categories, including Financial Services Cloud, Education Cloud, Automotive Cloud, and Consumer Goods Cloud, may be processed by OpenAI and Microsoft Azure for generative AI functionality when those features are enabled. The processing locations include the United States and, for Azure, multiple additional countries depending on the service.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Slack.