DeepSeek-V3 became the most downloaded app across the world in Apple’s app stores less than one week after its release, including in the United States. Employers should be aware of this new AI and how its use could impact their companies.

DeepSeek is a new generative artificial intelligence (AI) company based in China that made a big splash in the news because of the dramatic technological efficiency in its DeepSeek-V3 model compared to the models by rivals OpenAI, Meta and Google. DeepSeek-V3 became the most downloaded app across the world in Apple’s app stores less than one week after its release, including in the United States. Employers should be aware of this new AI and how its use could impact their companies.

Even before DeepSeek upended the AI market, companies should have been developing and refining AI policies for their employees because using any open AI tool presents a host of ethical, legal, quality-control and data security risks. When not sufficiently managed by humans, an AI tool can lead users unwittingly to subject their companies to regulatory mistakes, discrimination claims and intellectual property issues, among other potential problems.

These concerns are heightened when using AI companies based out of China—or what the U.S. government refers to as a “country of concern” relating to national security technologies and products. (Note that the Biden administration made this declaration in October 2024; the new Trump administration may take a different view.)

AI tools often rely on open input-output mechanisms where users feed information to the system and receive processed outputs. Without strict controls, U.S. employees might inadvertently expose sensitive company data, trade secrets or intellectual property to the Chinese government when using DeepSeek. Once shared, this information could become part of DeepSeek’s AI learning model, creating risks of unauthorized access or misuse. Without a clear understanding of how DeepSeek secures, and handles submitted data, U.S. employers risk losing control over their critical assets.

U.S. employers should also be concerned that current policies governing data protection and trade compliance may not align with the practices of foreign-owned AI. Many U.S. companies are subject to stringent data security laws like the California Consumer Privacy Act (CCPA), even if located outside of California. If China-owned AI products like DeepSeek do not adhere to these standards, companies using them could face legal consequences, reputational damage and loss of customer trust. It is crucial to ensure any AI platform used by employers complies fully with all relevant governmental regulations.

Another reason for evaluating the risk potential for the use of foreign-owned AI tools like DeepSeek is the need to thoroughly understand how data is controlled and managed. Transparency regarding data storage, access permissions and third-party sharing agreements is often limited with foreign-owned AI platforms. Until companies can confidently assess the security protocols and data governance frameworks employed by these tools, they should restrict employee usage. This precautionary approach minimizes exposure to potential risks while allowing time for a comprehensive evaluation.

A Jan. 29 Mashable article quoted NordVPN cybersecurity expert Adrianus Warmenhoven’s take on where and how DeepSeek stores user data: “DeepSeek’s privacy policy, which can be found in English, makes it clear: user data, including conversations and generated responses, is stored on servers in China.”

“This raises concerns because of data collection outlined—ranging from user-shared information to data from external sources—which falls under the potential risks associated with storing such data in a jurisdiction with different privacy and security standards,” Warmenhoven added, according to the article.

Another aspect of DeepSeek’s news breakout are suggestions by OpenAI, the creator of ChatGPT, that its Chinese competitor stole OpenAI data. While tech columnists enjoy the apparent irony of this situation, the risk of trade secret leakage via DeepSeek cannot be overstated.

Trade secrets are a cornerstone of competitive advantage, and their exposure can have severe financial and strategic consequences. Employees might unknowingly input sensitive information into AI, such as upcoming product designs or innovative processes. If this data is not securely handled, it could be accessed by unauthorized parties or even competitors. By proactively analyzing the risk of use of China-owned AI products like DeepSeek, U.S. companies can better safeguard their intellectual property.

Reprinted with permission from the February 4, 2025 edition of Legal Tech News © 2025 ALM Media Properties, LLC. All rights reserved. Further duplication without permission is prohibited, contact 877-257-3382 or reprints@alm.com.