The National Commission for Data Protection (CNDP) has issued a public warning about the potential risks of using DeepSeek R1, a Chinese-developed artificial intelligence model. While freely accessible online, the tool lacks compliance with European data protection regulations, including the General Data Protection Regulation (GDPR), according to the Commission.
The warning comes as DeepSeek, available as open-source software on platforms like Hugging Face, raises concerns over data security and privacy, with user input potentially stored, transferred, or analysed without clear safeguards. The absence of a legal representative for the Chinese company in the EU further complicates regulatory oversight and potential recourse in case of data misuse.
To mitigate risks, the CNPD advises against installing DeepSeek in IT environments, warns users not to enter personal or sensitive data, and urges businesses and individuals to prioritise AI tools that comply with EU regulations.
Following the warning, Pirate Party MP Marc Goergen filed a parliamentary enquiry to find out whether the Luxembourg government is considering to officially ban or limit DeepSeek in the Grand Duchy.
In a joint response, Ministers Delles, Obertin, and Margue reiterated the concerns voiced by the CNDP, explaining that government staff received a separate set of guidelines on the use of AI tools at the end of January.
However, while underlining that staff are advised not to feed “unpublished and professional information” into an AI service not sanctioned by the government, the response does not disclose whether or not a potential DeepSeek ban is on the horizon.
