What happned if the device used for personal usage although it is in zero touch portal and emm bind? Is it illigal based on google policy?

Hi, no thats not a problem.

What the company finally uses those devices for is their own thing.

There can also be other reasons to enroll devices not to an EMM but keep them in the ZTP.

We also provide devices unmanaged (removed ZT config but still in the portal) to employees as they can privately use them but we don't want to manage them and get them back when they leave or we need to exchange.
Also if they are supposed to enroll it as a BYOD device, you need be not assigned to any ZT config/EMM. But they need to stay in the portal (the company is still the owner) as long as the company is not providing them as a gift (if the user gets the device as its own, then it would be illegal only).

Also if you need to test or provide devices for testing/troubleshooting to other companies you work with, may need to unbind them as those companies don't have access to the EMM.

Just 2 examples.

So, just in short: As long both know that the company stays as the owner, it should stay in the ZTP.

And even then, the company can't get any hands on it's data or so. The only thing might happen if the company assign a configuration to this device and next time device boots up after a wipe, it will end up in the EMM and not usable (most likely) for the user as a private device anymore.