One year after DeepSeek burst onto the global AI scene, Theodore Christakis has published two complementary analyses examining the regulatory and legal challenges it poses.
“DeepSeek and the China Data Question” (IAPP, February 2025) focuses on a question many organizations are grappling with: does running DeepSeek locally solve the China data problem? The answer is more nuanced than the binary debate suggests. While self-hosting eliminates cross-border data flows, security researchers have documented vulnerabilities embedded in the model weights themselves—from jailbreaking susceptibility to CCP narrative alignment. The article also examines why the “data transfer” framing used by European regulators may not fit DeepSeek’s direct collection model.
“DeepSeek One Year Later: Regulatory Storm, Global Surge” (AI-Regulation.com, February 2025, co-authored with Pankaj Raj) takes a broader view, documenting government responses across 15+ jurisdictions and assessing their effectiveness. Despite bans, investigations, and warnings, DeepSeek’s global adoption has only accelerated—raising hard questions about the limits of extraterritorial enforcement.
Read the full analyses:
- DeepSeek and the China Data Question (IAPP)
- DeepSeek One Year Later: Regulatory Storm, Global Surge (AI-Regulation.com)
* * *
These statements are attributable only to the author, and their publication here does not necessarily reflect the view of the Cross-Border Data Forum or any participating individuals or organizations.
