These US States Have Outlawed DeepSeek - And More Bans May Be On The Way
DeepSeek came in hot: a low-cost, high-output AI model from a Chinese firm that spread fast across the U.S. user base in early 2025. Then came the pushback. U.S. lawmakers and agencies raised alarms over data flows to China, possible model manipulation under PRC law, and allegations that the system was built with stolen U.S. tech.
An April 2025 report from Congress's Select Committee on the Chinese Communist Party said the app "siphons data back to the PRC, creates security vulnerabilities, and covertly censors and manipulates information pursuant to Chinese law." That triggered a wave of government network bans across states and federal entities.
See the committee page for context, and for background on the legal concern behind data-sharing, review the PRC's National Intelligence Law, which compels access to data held by companies when requested by authorities (reference translation).
Where DeepSeek is banned on U.S. government networks
These actions target government devices and networks. Constituents and private companies aren't restricted under state law at this time.
- Texas
- New York
- Virginia
- Tennessee
- Iowa
- North Dakota
- South Dakota
- North Carolina
- Nebraska
- Arkansas
- Oklahoma
- Alabama
- Kansas
- Georgia
- Pennsylvania
- Oregon
- Nevada
Texas led the way in January 2025 by ordering a block on websites tied to the PRC. Other states quickly followed. Some broadened the scope to include Alibaba's Manus AI and TikTok-adjacent platforms like RedNote and Lemon8.
Federal moves and agency actions
Several federal bodies restricted usage on government systems. The Defense Information Systems Agency blocked access after reports of activity on DoD devices. The Navy banned service members from using the tool in any capacity. NASA's Chief AI officer announced a move to ban the platform inside the agency.
Both the House and Senate reportedly blocked the app on member and staff devices. The Commerce Department joined the restrictions in March 2025. State-level financial systems reacted too, with the Pennsylvania Treasury prohibiting DeepSeek on its network.
What's pending in Congress?
Lawmakers floated multiple approaches, none enacted so far:
- No DeepSeek on Government Devices Act - bans federal employees from using the chatbot on government-owned devices.
- Decoupling America's Artificial Intelligence Capabilities from China Act - aims to restrict U.S. investments, imports, and exports in AI tech with China.
- China Technology Transfer Control Act - shifts AI-related trade controls to the executive branch.
Outside the U.S.
Concern is spreading globally. South Korea removed the app from stores. The Czech Republic, Taiwan, and Australia blocked DeepSeek on government devices. Italy imposed a nationwide ban based on privacy issues.
Germany pushed Apple and Google to pull the app from their stores. Ireland, the Netherlands, France, Croatia, Cyprus, Luxembourg, Portugal, and Greece have considered or initiated regulatory steps.
Meanwhile, adoption is growing across Africa and Latin America. There, DeepSeek operates as both a tool for local AI efforts and a lever for Chinese economic and political influence.
What this means for government teams
Assume any prompt, file upload, or output log could be retrievable by foreign authorities under PRC law. If your agency handles sensitive, controlled, or export-restricted data, the risk profile is obvious.
Even if a full ban isn't in place, treat DeepSeek like a prohibited app on government systems and networks. That includes work phones, BYOD devices with MDM, and shadow IT channels on Wi-Fi.
Action checklist for agencies
- Policy: Update AI acceptable-use policies to name DeepSeek (and similar tools) explicitly. Close loopholes in "personal use on government Wi-Fi."
- Network controls: Block domains, APIs, and app store listings at the firewall and MDM levels. Audit VPN egress routes.
- Procurement: Add supplier attestations on model training data, data residency, and government-access obligations.
- Data handling: Prohibit uploading PII, PHI, CJIS, FCI/CUI, export-controlled, or legal-privileged data to external LLMs without an approved enclave.
- Logging: Monitor DNS, TLS SNI, and proxy logs for access attempts. Alert on known DeepSeek endpoints.
- Training: Brief staff on why these restrictions exist and what's allowed. Include contractors and interns.
- Alternatives: Stand up approved generative AI options with enterprise controls and data residency guarantees.
- Incident response: Create a simple self-reporting path for accidental uploads; document containment and data disclosure steps.
Key nuance for leadership
State bans currently apply to government systems, not private citizens or private-sector networks. But pressure is building. Expect more agency-level directives and fresh legislation targeting usage, investment, and data flows.
If your team needs structured upskilling to use approved AI safely and effectively, see public-sector friendly options here: AI courses by job.
The bigger picture is simple: privacy risk and national security risk are colliding in plain sight. Plan for restricted tools, tighter data controls, and clearer procurement language. You'll move faster later if you draw the lines now.
Your membership also unlocks:
