Claude Team vs Enterprise: Which Plan Fits an EU Investment Firm?
Last updated 4 June 2026
For most EU private capital firms, Claude Enterprise is the right default. The question is whether your compliance team has confirmed the requirements that make it necessary.
Key takeaways
- Claude Team includes a GDPR DPA but no audit logs, SCIM, or Compliance API
- Claude Enterprise adds the governance stack that regulated firms need: audit logs, SCIM, Compliance API, and optional Zero-Data-Retention
- Neither plan provides EU data residency; both default to US infrastructure
- Under DORA (Regulation EU 2022/2554, in force since 17 January 2025), Anthropic is an ICT third-party service provider for in-scope EU financial entities
Plan comparison
Both Team Standard and Enterprise cost around $20 per seat per month on annual billing. The difference is in governance, not price.
| Feature | Team Standard | Team Premium | Enterprise |
|---|---|---|---|
| Price (annual billing) | $20/seat/month | $100/seat/month | ~$20/seat/month access + API usage |
| Min / max seats | 5 / 150 | 5 / 150 | 20 self-serve, no cap |
| Usage included | Yes, capped per session | Yes, 6.25x more | No, metered at API rates |
| GDPR DPA | Yes | Yes | Yes |
| Model training on your data | No | No | No |
| SSO | Google/Microsoft only | Google/Microsoft only | SAML + SCIM |
| Audit logs | No | No | Yes (180-day retention) |
| Compliance API | No | No | Yes |
| Custom data retention | No | No | Yes |
| Zero-Data-Retention (ZDR) | No | No | Optional |
| EU data residency | No | No | No |
| HIPAA / BAA | No | No | Sales-assisted only |
The governance gap
The feature that separates the plans for a regulated firm is the audit log.
Enterprise records roughly 30 event types: user identity, project lifecycle, conversation lifecycle, and file uploads, with a 180-day retention window. The Compliance API makes that log programmable, queryable by user and time range. Your compliance team can use it to meet GDPR Article 15 and 17 requests without manual exports.
Team has no audit logs. You can see aggregate usage data, but not a per-user action trail. For a DORA-regulated firm, that is a compliance gap.
One clarification: Enterprise audit logs record events, not conversation content. Conversation exports are available on both plans. The upgrade gives you the event trail, not access to what your analysts typed.
Both plans protect you from model training: Anthropic does not train Claude on Customer Content from any paid commercial plan. That protection does not exist on Free, Pro, or Max. Since October 2025, consumer plans default to opt-in for model training. If anyone at your firm is using a personal Claude account for work, that is the first compliance problem to resolve.
The data residency gap
Neither plan provides EU data residency. Both process data on US infrastructure by default.
EU-only processing requires routing through AWS Bedrock (Frankfurt, Ireland, or Paris) or Google Vertex AI with EU regional endpoints. Both shift your primary processor from Anthropic to AWS or Google and require a separate DPA review.
A GDPR DPA also does not resolve CLOUD Act exposure. Anthropic is US-headquartered. In June 2025, Microsoft France confirmed under oath before the French Senate that it cannot guarantee data sovereignty against US authorities, even for data stored in France. The same structural risk applies to any US AI provider.
One specific trap for Microsoft 365 users: as of January 2026, Claude accessed via Copilot is explicitly excluded from the Microsoft EU Data Boundary. If your firm relies on that boundary for geographic compliance, it does not extend to Claude.
DORA: four obligations before you go live
DORA (Regulation EU 2022/2554) has been enforceable since 17 January 2025. It applies to investment firms, AIFMs, private credit entities, and other entities listed in Article 2. Under Article 3(19), Anthropic qualifies as an ICT third-party service provider.
Before deploying Claude, your firm must:
- Register the relationship in your ICT register of information
- Include mandatory contractual provisions per DORA Article 30(2), including audit rights
- Monitor concentration risk across your AI vendor portfolio
- Document and test an exit strategy
Enterprise's audit logs and Compliance API directly support the Article 30 audit rights requirement. Team does not. A 2026 analysis by AI Transfer Lab found more than 80% of employees already use unapproved AI tools, with shadow AI breaches adding $670,000 on average to breach costs. Every unsanctioned tool is also an undocumented ICT relationship in your DORA register.
Pricing
Team Standard costs $20 per seat per month on annual billing, with weekly usage limits. Team Premium costs $100 per month and offers roughly five times more session capacity.
Enterprise charges a seat fee for access, then bills all token usage separately at API rates. For document-heavy work, costs are harder to predict without per-user spend caps set at the admin level.
Self-serve Enterprise requires 20 seats minimum and has been available without a sales cycle since February 2026.
Which plan fits your firm
| Your situation | Recommended plan |
|---|---|
| Under 20 people, no regulatory mandate confirmed | Team Standard |
| Power users needing high session capacity | Team Premium |
| DORA-regulated firm requiring a documented audit trail | Enterprise |
| GDPR Article 28 audit rights requirement confirmed | Enterprise |
| EU data residency is a hard requirement | Neither: add Bedrock or Vertex AI routing |
| Piloting with one team before wider rollout | Team, plan migration to Enterprise |
| 20+ seats with SAML/SCIM requirement | Enterprise self-serve |
For EU private capital firms under DORA and AIFMD II, Enterprise is the right default. The audit trail, SCIM, and Compliance API are what your compliance team will need when a regulator asks.
Team is appropriate if no compliance mandate has been confirmed, or if you are piloting before a wider rollout. Plan the move to Enterprise before an audit forces it.
One rule applies on either plan: get employees off Free, Pro, and Max for any business use. Neither includes a GDPR DPA, and all three default to opt-in model training since October 2025.