The Chinese AI application DeepSeek has come under the scrutiny of European regulators amid concerns about privacy and data security. Several countries have already imposed specific restrictions. Poland, meanwhile, is currently monitoring the situation without taking formal action. Meanwhile, data from ESET and DAGMA IT Security show that as many as 66% of employees in Poland use work devices for private purposes[1] — which may increase the risk of uncontrolled information flow.
According to media reports, the Czech Republic has banned the use of DeepSeek’s products and services on public administration devices. This decision follows a high-risk warning issued by the Czech cybersecurity agency NÚKIB[2]. Concerns include data transmission, user identification possibilities, and potential access to information by the Chinese state. The warning, legally binding in the critical infrastructure sector, was based on an analysis of threats to national security.
Similar actions are being taken by other European countries. The German data protection inspector called on Apple and Google to remove DeepSeek from their stores, citing breaches of EU personal data protection regulations[3]. Italy has blocked the availability of the DeepSeek app in its app stores. The Netherlands has banned its use on public administration devices. Belgium recommended officials avoid the tool, Spain is conducting an inquiry, and the UK is monitoring the situation.
In Poland, the Personal Data Protection Office (UODO) issued a warning in February, highlighting potential risks related to DeepSeek’s data collection and the lack of guarantees for proper data protection[4]. At the same time, Deputy Prime Minister and Minister of Digital Affairs Krzysztof Gawkowski stated that the government does not plan to block such services but did not rule out action if threats are confirmed[5]. Since then, no new recommendations or decisions have emerged.
Cybersecurity expert Kamil Sadkowski from ESET comments:
“According to DeepSeek’s privacy policy, user data is stored on servers in China. This may include chat histories, audio files, prompts, and attachments such as images or PDF documents. Users should avoid sending private or sensitive information, both personal and professional. Even seemingly trivial questions about health, politics, or daily issues can be exposed. While this is a familiar warning, caution in sharing personal data applies to every platform — including ChatGPT. However, the fact that DeepSeek stores data in China raises additional questions about how such data might be used or monitored without users’ consent.”
The combination of wide availability and advanced functionality also brings new risks. Unlike closed models, DeepSeek’s reasoning model, R1, offers broader accessibility but is more vulnerable to manipulation. Cybercriminals and state-sponsored groups could exploit its capabilities to optimize malicious code, create dangerous tools, or generate uncontrolled deepfake content. Ultimately, such technologies could be used to manipulate public opinion and influence political attitudes in ways difficult to detect — similar to social media, which in the wrong hands can become powerful tools for mass impact.
It is worth noting that despite the UODO’s early-year warning, Poland has not yet introduced any formal restrictions on DeepSeek usage. Lack of regulation does not mean lack of risk. Users, especially those in public administration and the private sector, should be aware that using AI tools might unknowingly expose not only their personal data but also sensitive organizational information. Thus, digital education and cultivating a culture of caution are essential, especially when using such tools on work devices or with work-related data. It is notable that 66% of employees in Poland admitted using work devices for private purposes in the ESET and DAGMA IT Security study[6]. This phenomenon increases the risk of uncontrolled data flow and should prompt companies and institutions to actively educate their teams on safe use of new technologies.
References:
[1] https://in.eset.pl/cyberportret-polskiego-biznesu
[2] https://nukib.gov.cz/cs/infoservis/aktuality/2279-nukib-vydal-varovani-pred-nekterymi-produkty-spolecnosti-deepseek/
[3] https://www.reuters.com/sustainability/boards-policy-regulation/deepseek-faces-expulsion-app-stores-germany-2025-06-27/
[4] https://uodo.gov.pl/pl/138/3550
[5] https://www.pap.pl/aktualnosci/deepseek-w-instytucjach-rzadowych-gawkowski-nie-rozmawiamy-o-zakazie-korzystania
[6] https://in.eset.pl/cyberportret-polskiego-biznesu
—
Kamil Sadkowski
