Italy has blocked Chinese DeepSeek AI chatbot over privacy concerns and this is another sign of European regulators getting increasingly wary of AI models which are not complying with strict data protection laws. Italian data protection authority Garante has sent a clear message to the parent companies of DeepSeek – Hangzhou DeepSeek Artificial Intelligence and Beijing DeepSeek Artificial Intelligence.

The two companies insist that they do not operate in Italy and are not bound by the General Data Protection Regulation (GDPR). However, the actions of Garante suggest otherwise as the regulator has given them 20 days to explain the way it collects, stores and processes personal data. It is supposed to be a wake-up call for AI firms worldwide as the era of deploying AI models in global markets without accountability is coming to an end.

OpenAI’s ChatGPT faced a temporary ban in Italy in April 2023 over privacy violations and this has led to a fine of €15 million. OpenAI made adjustments to comply with GDPR to get the ban lifted. The situation of DeepSeek is more complex as its parent companies are not legally based in any EU member state. This means regulators across all 26 other EU nations could open their own investigations. Belgium and Ireland have already launched probes while Spain, Portugal and France are also reviewing the case. DeepSeek may soon find itself locked out of the European market entirely if the investigations lead to similar restrictions.

AI innovation is accelerating, but regulatory frameworks are fragmented and especially for companies which are operating across borders. European regulators have made it clear that compliance with GDPR is non-negotiable, but enforcement remains a challenge when companies are based outside the EU.