I must admit that I am a bit confused and my answer may not be the one you're looking for.

Looking at the big picture this kind of approach sounds a bit like shared hosting - it's not, but the approach sounds like this. If I was one of your Enterprise customer I would probably involve the legal teams of both parties and make sure that I am not sharing any resources with any other of your customers.

You mentioned that they're not sharing any services, data etc. between them and I don't understand why you're trying to cramp them all on a shared platform and bill them by usage / individually.

I'd say that this will be a problem in the future and you should start thinking of decoupling these customers unless you have some licensing concerns behind the scene.

If you don't have a license issue then why don't you split these customers across multiple GCP Projects, completely isolated and easy to track in terms of billing and resources? I mean GCP really shines when it comes to security, billing and large scale projects, it's kinda the right Cloud provider for exactly this kind of project that you have. I think you're overengineering things if you go down the route of labels and / or tags and I'd say you'll kill your product. I'd recommend go the KISS (keep it simple, stupid) way and don't call a VM (GCP / real world) like for example EC2 (AWS / stretched... sorry elastic), it's just a VM isn't it?

I'll simply split this across multiple GCP projects and I'll take advantage of:

- Individual billing for each customer

- Individual / "dedicated" resources for each customer, isolation

- Avoid things like for example a customer wants its own data within the EU walls due to some regulations or internal policies etc.

- Avoid impacting (or losing) all users at once due to a breach.

... and the list can go on, but I think you got the point. They are Enterprise customers, they should get the same level of services.