Italy's data protection authority has taken significant action against DeepSeek, citing serious concerns about the handling of personal data and potential national security threats. On January 30, 2025, the Garante, Italy's privacy watchdog, blocked access to the Chinese AI firm DeepSeek, initiating an investigation due to its inadequate transparency and response to inquiries surrounding user privacy.
DeepSeek, operated by Hangzhou DeepSeek Artificial Intelligence and Beijing DeepSeek Artificial Intelligence, contended they do not operate within Italy's jurisdiction and claimed they were not subject to European data regulations. The Garante's findings reveal deep-rooted issues arising from DeepSeek's rapid rise, triggering heightened scrutiny from lawmakers and regulators alike. Concerns have particularly emerged over its privacy policies, potential alignment with Chinese censorship, and broader national security ramifications.
Cybersecurity firms have discovered significant vulnerabilities within DeepSeek's large language models (LLMs). These vulnerabilities allow users to exploit the systems using jailbreak techniques, enabling the generation of harmful content, including instructions for creating weapons and malicious code for cyberattacks. This alarming trend reflects broader insecurities pervasive within many AI networks.
Adding to the urgency of the matter, AI security firm HiddenLayer has raised ethical questions relating to DeepSeek’s data sources, positing the likelihood of unauthorized incorporation of information from OpenAI's datasets. This raises significant concerns over copyright and intellectual property issues, precisely the kind of complexity authorities are grappling with as AI technologies evolve.
Comparative vulnerabilities also surfaced recently within other AI platforms. OpenAI, for example, managed to patch issues detected within its ChatGPT-4o model. Such issues allowed attackers to manipulate chatbot responses, provoking questions about the robustness of these systems. Likewise, vulnerabilities have emerged within Alibaba’s Qwen 2.5-VL model and GitHub’s Copilot.
Such widespread cybersecurity challenges reflect the precariousness of AI technologies and illuminate the potential risks associated with their rapid deployment without strict regulatory oversight. The scrutiny faced by DeepSeek serves as not only a wake-up call for the company but also as broader commentary on the need for stringent data governance and ethical standards within the AI industry.
For now, the blockage of DeepSeek by Italy's Garante marks a pivotal moment, illuminating the intersection of privacy, security, and technology. It also brings forth pressing questions about the alignment of US chip exports with AI developments. The increasing need for transparency isn't merely about compliance; it's about safeguarding public interests and securing the technology on which modern societies increasingly rely.