Source: European Parliament
The Commission assesses on an ongoing basis possible security concerns associated with DeepSeek artificial intelligence (AI) models.
Open-source general-purpose AI (GPAI) models, such as DeepSeek, placed on the EU market must comply with the GPAI obligations of the EU AI Act[1] if the models present systemic risks.
These include technical documentation, model evaluations, assessment and mitigation of systemic risks, and cybersecurity protection. These rules enter into application on 2 August 2025 and will ensure that GPAI models available to EU users are safe and trustworthy.
Moreover, any transfer of personal data to China by DeepSeek needs to take place in compliance with the EU’s General Data Protection Regulation (GDPR), which safeguards the fundamental right to privacy and personal data protection. The enforcement of the GDPR is the competence of the national data protection authorities in the Member States.
The Commission also observes relevant developments in Member States and third countries . DeepSeek is banned on devices used in the Australian government and the Danish Parliament, while the Italian data protection authority blocked DeepSeek, as the model provider failed to comply with privacy rules. Taiwan advises against its use by government officials, and the United States are considering a government device ban.
- [1] https://eur-lex.europa.eu/eli/reg/2024/1689/oj/eng.