Governments and watchdogs worldwide crack down on DeepSeek over data and security risks

DeepSeek Under Global Scrutiny: What Public Agencies Need to Know

DeepSeek, a Chinese AI startup that claims ChatGPT-level performance at lower cost, is facing growing restrictions and reviews across multiple countries. Its own privacy policy says user prompts and uploaded files can be stored on systems in China, which raises data residency and government access concerns for the public sector.

Below is a concise status check by country, followed by practical steps for policy, procurement, and IT security teams.

Government actions by country

• Australia: Banned on all government devices (February).
• Czech Republic: Public administration prohibited from using DeepSeek services (July).
• France: Privacy regulator will question the company about system design and user risks (January 2025). CNIL
• Germany: Regulator asked Apple and Google to remove the app over data safety concerns (June).
• India: Finance ministry directed staff to avoid AI tools, including DeepSeek, for official work (early February).
• Italy: Antitrust probe closed with commitments; in January 2025 the app was blocked over transparency and personal data issues.
• Netherlands: Privacy authority opened an investigation and urged caution (late January). Government later banned civil servants from using the app (July). Autoriteit Persoonsgegevens
• Russia: President Vladimir Putin instructed Sberbank to pursue joint AI projects with Chinese researchers (early February).
• South Korea: New downloads suspended after data protection concerns; temporary ministry block for employees followed; service re-enabled at end of April.
• Taiwan: Government departments barred from using the service over security and censorship concerns (February).
• United States: Administration weighing penalties that could limit access to U.S. tech and possibly U.S. users; lawmakers urged Defense and Commerce to assess risks tied to Chinese AI firms, including DeepSeek (April-August-December).

Why this matters for public agencies

AI tools that route data to overseas infrastructure can expose sensitive material and create compliance gaps. Storage in China may place data under Chinese jurisdiction and potential government access requests.

Even non-classified prompts can reveal policy positions, internal workflows, or contact data. Once ingested, deletion may be slow or incomplete.

Immediate steps for CIOs, CISOs, and procurement

• Issue a clear allowlist/denylist for AI apps on government networks and devices.
• Use enterprise versions with data processing agreements, audit logs, and in-region storage controls.
• Run a data protection impact assessment before deployment; document legal bases and retention.
• Contract for no-training-on-your-data, region pinning, and verifiable deletion timelines.
• Enable gateway controls: URL filtering, CASB, and DLP to block shadow AI usage.
• Segment workloads: keep sensitive prompts on secure, self-hosted or in-region models.
• Train staff on safe prompting and redaction; prohibit pasting sensitive documents into public tools.
• Set an incident playbook for prompt/data exposure, including notification paths and takedown requests.
• Monitor national regulators for new restrictions to stay ahead of app store and network changes.

Questions to ask any AI vendor

• Where is data stored, processed, and backed up? Which sub-processors are involved?
• Is data used for model training or shared across tenants by default?
• What deletion controls are available, and how are they verified?
• Can we pin processing to our jurisdiction and get full audit logs?
• What is the policy for government access requests across jurisdictions?

If your organization is setting AI usage standards or building role-based training, see curated options here: AI courses by job.