Concerns over data leaks regarding the AI chatbot developed by the Chinese AI startup DeepSeek are growing, leading to an increasing number of global corporations and government agencies blocking access to the service.
Nadir Izrael, Chief Technology Officer (CTO) of cybersecurity firm Armis, stated, “Hundreds of companies, particularly those associated with governments, are blocking employee access to DeepSeek due to potential data leaks to the Chinese government and vulnerabilities in personal information protection.”
According to Izrael, approximately 70% of Armis’ client companies have requested to block access to DeepSeek. Similarly, network security firm Netskope reported that 52% of its client companies have entirely blocked access to DeepSeek. He pointed out, “The biggest concern is the potential data leak to the Chinese government,” emphasizing that “the issue is that users cannot determine where their information is being transmitted.”
According to DeepSeek’s privacy policy, the company collects users’ keyboard patterns, text, audio, files, feedback, and chat history for AI model training purposes. It also explicitly states that, at its discretion, it may share this information with law enforcement agencies and public institutions. Furthermore, DeepSeek’s privacy terms clarify that user data is collected and stored on servers in China, and any legal disputes will be governed by Chinese law.
These concerns are also spreading in Europe. The Italian Data Protection Authority (Garante) has decided to block DeepSeek’s service in Italy due to insufficient information regarding its privacy policies. Consequently, the DeepSeek application has been removed from both the Apple and Google app markets in Italy. Garante has launched an official investigation, demanding more detailed explanations regarding the types of personal data collected, data sources, collection purposes, legal grounds, and whether data is stored in China.
DeepSeek has recently launched a free AI assistant service and is rapidly expanding, claiming to provide more efficient performance with less data compared to existing AI services. However, as regulations on data protection and data sovereignty tighten, analysts predict that Europe’s regulatory measures will hinder Chinese AI companies’ global market expansion.
Meanwhile, cybersecurity experts investigating DeepSeek’s security have discovered an externally accessible database containing some of DeepSeek’s chat records, backend details, and log data.
As of now, DeepSeek has not released an official statement and appears to be considering whether to provide the information requested by Italian authorities to resume its service or to reassess its European market entry strategy. With the European Union (EU) implementing the AI Act this year and strengthening regulations on AI companies, Chinese AI firms are expected to face even greater challenges in entering the European market.
