Every enterprise AI program eventually reaches the same fork in the road: which provider? Claude, ChatGPT, Microsoft Copilot, Gemini — the shortlist is short, the marketing is loud, and the demos all look impressive. The problem is that the differences that show up in a demo are almost never the differences that matter once real data and real users are involved.
After running this evaluation with leadership teams, we have found the decision comes down to five questions. Benchmark scores are rarely one of them.
1. Zero Data Retention & training
The first question a security or legal team will ask is simple: what happens to our prompts and outputs? There are really two separate guarantees to confirm — whether your data is used to train models, and whether it is stored at all.
Most major providers now exclude enterprise API and business-tier data from training by default. Zero Data Retention — where prompts and responses are not persisted after the request — is usually available, but often on specific tiers or by contractual arrangement rather than as a default toggle. The distinction between “not trained on” and “not stored” matters, and they are not the same thing.
Verify, don’t assume. Retention and training terms differ by provider, plan, and region — and they change. Confirm the current terms in your own agreement before sending regulated data. See Zero Data Retention, explained.
2. US hosting & data residency
For regulated industries — health, finance, government-adjacent work — where inference runs can be a hard requirement. Some providers offer US or regional data residency directly; others deliver it through a cloud partner (for example, running OpenAI models inside your own Azure region, or accessing models through a specific cloud region you control). If residency is a compliance line for you, this can decide the whole evaluation on its own.
3. Agents & tool use
The center of gravity in enterprise AI has shifted from chat to agents — systems that call tools, retrieve documents, take multi-step actions, and connect to internal systems. Platforms differ meaningfully in how mature their tool-calling, orchestration, and function-execution support is, and in whether they make it easy to build custom agents versus consuming pre-built ones. If your roadmap is agentic, weight this heavily.
4. Admin, security & audit
The unglamorous layer that determines whether IT will actually approve a rollout: SSO and SCIM, role-based administration, audit logging, DLP integration, and regional controls. A model that scores a point higher on a benchmark but cannot produce an audit trail will lose to one that can, every time.
5. Total cost — including the cost of switching
Per-seat licensing is easy to compare on a spreadsheet; API-metered usage is not, and blended real-world cost depends heavily on how the system is architected. The larger, often-ignored cost is lock-in: how hard is it to move prompts, evaluations, and integrations to a different model later? Designing for portability is usually cheaper than committing early.
How the main options compare
A simplified view of where each option tends to fit. Treat this as a starting point for your own diligence, not a scorecard — capabilities and terms move quickly.
| Option | Enterprise ZDR | US / regional hosting | Best-known strength |
|---|---|---|---|
| Claude (Anthropic) | Available on enterprise terms | Direct + via cloud partners | Reasoning, long context, tool use |
| ChatGPT / Azure OpenAI | Available (esp. via Azure) | Azure regions you control | Ecosystem breadth & tooling |
| Microsoft Copilot | Enterprise data protections | Microsoft cloud | Native M365 / workplace integration |
| Google Gemini | Available on enterprise terms | Google Cloud regions | Google Workspace & multimodal |
A simple framework
Start from your constraints, not the models. Write down your hard requirements first — residency, ZDR, audit, the one or two workflows that matter most — and let those eliminate options before you ever look at output quality. In most engagements, two or three requirements narrow the field to a single sensible choice, and the “which model is smartest” debate turns out to be the least important part.
This is exactly the analysis Celadon delivers as part of an AI Audit: a vendor and model recommendation made in your interest, mapped to your specific use cases and constraints. It also connects to the build-vs-buy decision — because the right answer is often an assembly of vendor models under an architecture you own.
Get an interest-aligned recommendation
An AI Audit includes a vendor and model recommendation mapped to your use cases, data, and constraints — chosen in your interest, not the vendor’s.
Get an AI Audit →