Skip to content

The trial run of data classification has begun with ICT services. During the trial run, your file may be classified if you share your file with a person in ICT Services in M365.

Author: Anna-Liisa | Published: 7.1.2026
Keywords: , ,

The University of Oulu and Oulu University of Applied Sciences will start following the new data classification model in 2026. As of 15.12.2025, the personnel of ICT Services are now in trial use in the M365 environment with the Purview data classification, which is a classification tool that follows the new data classification model in the M365 environment.

If you share your file with editing rights to a member of the ICT staff, and they open your file and it is saved, a default category will be used for your file, or in ICT services, a data classification separately defined by the employee.

The default category is Confidential (3Y), which is suitable for most files that are still in progress. If your file should have a different category (see categories below), please contact the person who already has the data classification tool in use and with whom you intend to share your file, and they will do the classification for you. This is especially important for unfinished documents that need to be more strictly protected than the default category due to the sensitivity of their content. A lower security class may also be necessary: For example, a file shared with an anonymous link in Moodle must either be unclassified, or if it is classified, the class must be Open (5W) for the anonymous link to work.

The common national classification of higher education institutions will be introduced in most Finnish higher education institutions next year. The categories are as follows:

  • Secret (1R)
    • Subcategories: Restricted Access, Personal Data or Other Information
    • The spread of information causes serious damage to the higher education institution, client, student, research participant, or employee of the higher education institution.
    • Artificial intelligence is forbidden. (Exception: the use of artificial intelligence is possible if it is considered in a separate risk assessment). Emails and attachments must be encrypted. Forwarding, printing, and copying are prohibited. Anonymous links are prohibited, i.e. direct links that work for the recipient without identification. No distribution. Files must be protected with permissions (restricted access).
  • Strictly Confidential (2A)
    • Subcategories: Personal data or other information
    • The spread of information causes damage to the university, client, student, research participant or employee of the university.
    • The information requires special security measures.
    • Artificial intelligence is forbidden. (Exception: The use of artificial intelligence is possible, if it is considered so in a separate risk assessment.) Emails and attachments must be encrypted. Anonymous links are prohibited, i.e. direct links that work for the recipient without identification.
  • Confidential (3Y)
    • Subcategories: Personal data or other information
    • The spread of information causes damage to the university, client, student, research participant or employee of the university.
    • The use of M365 Copilot AI is allowed. The use of other artificial intelligence is also possible, if this is considered in a separate risk assessment. Anonymous links are prohibited, i.e. direct links that work for the recipient without identification.
  • Internal (4G)
    • Subcategories: Personal data or other information
    • The information is intended only for the internal use of the university.
    • The use of M365 Copilot AI is allowed. The use of other artificial intelligence is also possible, if this is considered in a separate risk assessment. Anonymous links are prohibited, i.e. direct links that work for the recipient without identification. No distribution.
  • Open (5W)
    • Subcategories: Personal data or other information
    • Sharing information benefits the university.
    • The use of artificial intelligence is allowed. Anonymous links are allowed.
  • Private

M365 Data Classification automatically prevents data from being shared in ways that are not allowed in the category that the file has been assigned

With data classification, some of the requirements of the classification are automatically fulfilled in the M365 environment, i.e.

  • M365’s data classification blocks anonymous links from files classified as 4G, 3Y, 2A, or 1R.
  • M365’s data classification prevents the use of Copilot AI, which is part of the M365 service, in categories of private, 2A, and 1R.
    • However, it is not technically possible to prevent the user from copying and pasting information into the Copilot chat: Here, the user must follow the instructions of the data classification model, i.e. Copilot should not be used for class 2A or 1R files.
  • M365 Data Classification automatically encrypts Class 2A and 1R emails and attachments.
  • M365 data classification prevents 1R email from being forwarded from Outlook, and 1R email or files can’t be printed or copied in the M365 environment.
  • M365 Data Classification automatically encrypts files in the 1R, Restricted Access subcategory in OneDrive.

« Back

This article was published in categories English version available, All instructions, Oamk , for Oamk staff, for the University of Oulu staff, accessible content, UniOulu and tags , , . Add the permalink to your favourites.