Is DeepSeek Safe for Work? Privacy, GDPR, and HIPAA Risks in 2026
Sonomos Research
The Sonomos research team writes about AI privacy, data protection, and how to use generative AI safely at work.
Short answer: The hosted version of DeepSeek — the DeepSeek app, the deepseek.com chat interface, and the DeepSeek API — sends prompts and conversation data to servers in the People's Republic of China and is governed by Chinese law. It offers no enterprise Data Processing Addendum (DPA), no Business Associate Agreement (BAA), and no EU or US data residency. For regulated organisations, the hosted DeepSeek service is not suitable for processing personal data, protected health information, or confidential business data in 2026. The open-weight DeepSeek models (R1, V3) are a separate matter: when self-hosted on infrastructure you control, the data-transfer-to-China problem does not arise — but most users are using the hosted service, not a private deployment. This guide explains the distinction and the specific risks.
What DeepSeek is — and why the architecture matters
DeepSeek is an AI company based in Hangzhou, China. Its DeepSeek-V3 and DeepSeek-R1 reasoning models drew enormous attention in early 2025 for matching frontier-model performance at a fraction of the training cost. That capability is real. The privacy and compliance picture, however, is driven less by the model and more by where the hosted service processes data and which laws govern it.
There are two very different ways to use DeepSeek, and conflating them is the most common mistake organisations make:
- The hosted service — the DeepSeek mobile app, the web chat at deepseek.com, and the DeepSeek API (platform.deepseek.com). All of these transmit your input to DeepSeek's infrastructure in China.
- The open-weight models — DeepSeek published the model weights for R1 and V3 under a permissive licence. These can be downloaded and run on your own servers or a third-party cloud, with no data leaving your environment.
Almost all of the regulatory risk attaches to the hosted service. The rest of this guide is about that service unless stated otherwise.
The core issue: data goes to China and is governed by Chinese law
DeepSeek's own privacy policy states that the personal information it collects is stored on servers located in the People's Republic of China. The data it collects includes the text and files you enter, your chat history, device and network information, IP address, and — per the policy — "keystroke patterns or rhythms."
Because the service is operated from China, it is subject to Chinese law, including:
- The PRC National Intelligence Law (2017), Article 7 of which requires organisations and citizens to "support, assist, and cooperate with" state intelligence work.
- The Data Security Law and Cybersecurity Law, which impose data-localisation and government-access provisions.
For an EU controller, a US covered entity, or any organisation with confidentiality obligations, this is a structural problem that cannot be configured away on the hosted service. There is no enterprise tier that relocates the data outside China or inserts the contractual protections regulated buyers require.
Government and regulator actions against DeepSeek (2025)
DeepSeek is unusual among major AI tools in how quickly it drew direct regulatory and government action:
- Italy (Garante). Italy's data protection authority opened an inquiry and ordered DeepSeek's apps removed from Italian app stores in early 2025 over the lawful-basis and transparency questions around its data processing.
- South Korea (PIPC). South Korea's Personal Information Protection Commission suspended new downloads of the DeepSeek app pending a review of its data practices.
- Government-device bans. Multiple governments restricted DeepSeek on official devices, including Australia, Taiwan, and a number of US federal agencies and state governments (Texas, New York, and Virginia among them).
- A security exposure. Independent researchers reported a publicly accessible DeepSeek database that exposed chat logs and operational secrets — a reminder that the data-handling concerns are not only theoretical.
The pattern is the same one seen with the highest-risk providers: enforcement and restriction at the company and service level, not just disputes over a specific feature.
DeepSeek's compliance posture in summary (2026)
| Attribute | Hosted DeepSeek service | | --- | --- | | Data residency | China (PRC) | | Governing law | Chinese law (incl. National Intelligence Law) | | Enterprise DPA (GDPR Art. 28) | No | | Lawful EU transfer mechanism (SCCs / adequacy) | No — China has no EU adequacy decision | | BAA for HIPAA workloads | No | | EU / US data residency option | No | | Training on your inputs | Yes, per consumer policy | | Government / regulator actions | Italy (Garante), South Korea (PIPC), multiple device bans | | SOC 2 / ISO 27001 (enterprise-grade attestations) | Not publicly available |
Is DeepSeek GDPR compliant?
No, not on the hosted service. Two independent failures apply:
- No Article 28 basis. There is no enterprise DPA, so an EU controller cannot establish the controller–processor relationship the GDPR requires before a vendor processes personal data on its behalf.
- No lawful international transfer. China has no EU adequacy decision, and there is no DPA to attach Standard Contractual Clauses to. Transfers of EU personal data to DeepSeek's Chinese infrastructure therefore occur without a Chapter V transfer mechanism — and to a jurisdiction whose state-access laws make supplementary-measures analysis especially difficult.
The Garante's action in Italy underscores that European authorities are already treating DeepSeek as a high-risk processor.
Is DeepSeek HIPAA compliant?
No. DeepSeek does not offer a Business Associate Agreement, which is a precondition for any vendor that will create, receive, maintain, or transmit protected health information on a covered entity's behalf. Without a BAA, sending PHI to the hosted DeepSeek service is a HIPAA violation regardless of any other safeguard. The cross-border processing in China compounds the problem.
The open-weight exception
The analysis changes if — and only if — you run DeepSeek's open-weight models on infrastructure you control (your own servers, your VPC, or a compliant cloud region). In that configuration:
- No prompt data is transmitted to DeepSeek or to China.
- You — not DeepSeek — are the data controller and processor, so your existing GDPR and HIPAA controls apply to the deployment as they would to any self-hosted model.
- The Chinese-law and data-residency concerns about the service fall away, because there is no service in the loop.
This is a meaningful distinction for engineering teams evaluating the models on their merits. But it requires a deliberate self-hosting decision. The default consumer and API experience is the hosted service, which carries all the risks above. You should also still review the model licence and conduct your own security evaluation of any open weights before production use.
What organisations should do
- Treat the hosted DeepSeek app, website, and API as unsanctioned for any work involving personal data, PHI, cardholder data, source code, or confidential business information.
- Add DeepSeek to your acceptable-use policy and block it on managed devices, alongside other tools without enterprise data-protection commitments. (See our AI Acceptable Use Policy template.)
- Address the BYOD and personal-account gap. Employees using DeepSeek through personal phones or accounts for work tasks still create controller-level exposure for the organisation. A browser- and device-level control that detects and blocks sensitive data before it reaches an AI tool closes that gap in a way an AUP alone cannot.
- If your engineering team wants the models, evaluate a self-hosted open-weight deployment under your own governance rather than the hosted API.
Frequently asked questions
Is the DeepSeek API safer than the app?
No. The DeepSeek API (platform.deepseek.com) routes requests to the same Chinese infrastructure and is governed by the same law. Using the API instead of the app does not change the data-residency or lawful-basis analysis.
Does DeepSeek train on my inputs?
On the consumer service, yes — DeepSeek's policy permits using inputs to improve its services. There is no enterprise tier with a contractual no-training commitment comparable to what OpenAI, Anthropic, Google, and Microsoft offer business customers.
Can I use DeepSeek if I don't put any personal data in it?
The narrow case for use without GDPR exposure is the same as for any tool without a DPA: prompts containing no personal data — general technology questions, public information, abstract problem-solving. But given the device-level government bans and the keystroke and device data the app itself collects, many organisations restrict the app entirely rather than rely on users to self-censor every prompt.
Is it safe to use DeepSeek for personal, non-work use?
That is a personal risk decision. As an individual you are not acting as a data controller, so the GDPR controller–processor framework does not apply in the same way. But you are still sending your prompts, device data, and keystroke patterns to servers in China under Chinese law. For anything sensitive — health, finances, identity, employer information — that is a meaningful exposure.
We let engineers run DeepSeek-R1 locally. Is that a problem?
Running the open weights on infrastructure you control does not transmit data to DeepSeek or China, so the service-level concerns do not apply. Govern it as you would any self-hosted model: access controls, logging, and a security review of the weights and runtime.
The bottom line
The hosted DeepSeek service — app, website, and API — stores prompt and conversation data in China under laws that compel cooperation with state intelligence, offers no DPA, no BAA, no lawful EU transfer mechanism, and no enterprise data-residency option, and has already drawn enforcement and device-level bans across multiple jurisdictions. For regulated work in 2026, it should be treated as unsanctioned and blocked on managed devices. The open-weight models are a genuinely different proposition when self-hosted under your own controls — but that is a deliberate engineering deployment, not the default way people use DeepSeek.
Related guides
- Is Grok GDPR Compliant? A 2026 Guide for European Teams
- GDPR and AI: A 2026 Compliance Guide for European Teams
- Best AI Privacy Tools for ChatGPT, Claude, and Gemini in 2026
- AI Acceptable Use Policy: A 2026 Template for Organizations
- How to Protect Sensitive Data When Using ChatGPT, Claude, and Gemini
Protect your data while using AI
Sonomos detects and masks sensitive information before it reaches AI models. 100% local, zero data collection.
Install FreeRelated Articles
The Colorado AI Act (SB 24-205): A Compliance Guide for 2026
Colorado's SB 24-205 is the first comprehensive, risk-based US state AI law, imposing a duty of care against algorithmic discrimination in high-risk AI systems. After a delay, it takes effect June 30, 2026. Here are the developer and deployer obligations and how to prepare.
Texas TRAIGA: The Responsible AI Governance Act Compliance Guide (2026)
The Texas Responsible AI Governance Act (HB 149) takes effect January 1, 2026. It targets specific intentional misuses of AI — behavioural manipulation, unlawful discrimination, certain biometric and government uses — and is enforced by the Texas AG with a 60-day cure period. Here is what TRAIGA requires and how to prepare.
AI Agents and Data Privacy: Operator, Computer Use, and Agentic Browsing in 2026
AI agents that browse, click, and act on your behalf see far more than a chat prompt — whole screens, your logged-in sessions, and untrusted web content that can hijack them via prompt injection. Here are the real privacy and security risks of agentic AI, and the controls that hold up in 2026.
