Italy’s data protection authority, Garante, has launched a formal investigation into DeepSeek AI, the Chinese artificial intelligence lab, over concerns related to the collection, processing, and storage of European user data.
The regulator has issued requests for information to DeepSeek’s offices in Hangzhou and Beijing, demanding clarity on whether user data from Italy and other European countries is being transferred to and stored on servers in China. The company has until February 17 to respond.
The investigation stems from concerns about DeepSeek’s compliance with the General Data Protection Regulation (GDPR), the European Union’s strict data privacy law governing how companies handle personal data.
Garante is also questioning whether DeepSeek uses web scraping to train its AI models and, if so, whether both registered and non-registered users have been adequately informed.
In an official statement, the Italian authority emphasized the scale of the potential risks involved, stating, “The data of millions of Italians is at risk.” This marks one of the first regulatory actions against DeepSeek in Europe, adding to a growing wave of scrutiny from global regulators and industry leaders.
Microsoft and OpenAI Investigating Possible Data Theft by DeepSeek AI
Beyond regulatory concerns in Europe, DeepSeek AI is also facing an internal investigation from Microsoft and OpenAI over allegations that its models may have been trained using unauthorized OpenAI data.
Microsoft security researchers believe a group of users extracted significant amounts of data from OpenAI’s API in late 2024 and that this data may have been used to develop DeepSeek’s AI models.
Related: DeepSeek Drops Another OpenAI-Buster With Janus Multimodal Models, Outpacing DALL-E 3
While OpenAI has not officially confirmed the extent of the data breach, it has previously warned that unauthorized access to its training data could enable rival AI firms to replicate its models at a fraction of the cost.
Microsoft, which has a multibillion-dollar investment in OpenAI, has also expressed concerns about the security of proprietary AI data, particularly as competition in the AI sector intensifies.
DeepSeek has not publicly commented on the allegations, but if proven, it would represent one of the most extensive cases of AI intellectual property theft to date. The investigation adds another layer of complexity to the regulatory scrutiny the company is now facing.
DeepSeek’s Rapid Growth and the Questions It Raises
DeepSeek has positioned itself as a challenger to U.S. AI firms, gaining widespread attention by offering a free AI chatbot that has rapidly climbed to the top of Apple’s App Store rankings in multiple countries, including the United States.
The company has marketed its AI assistant as a low-cost alternative to models like OpenAI’s ChatGPT, claiming that it has achieved comparable performance at a fraction of the cost.
DeepSeek’s executives state that the company developed its AI model, DeepSeek-R1, for just $5.6 million—a figure that contrasts sharply with the hundreds of millions typically spent by major AI firms to train similarly advanced models.
The company has also asserted that it used only 2,048 Nvidia H800 GPUs, a restricted version of the more powerful H100 chips, which are subject to U.S. export controls.
However, many experts have questioned how DeepSeek was able to achieve such cost efficiency while producing a model that reportedly rivals industry leaders.
Training large-scale AI models typically requires substantial computational resources, making it unlikely that DeepSeek’s success is solely the result of superior engineering. This skepticism has fueled speculation that the company may have used data obtained from OpenAI to accelerate its development process.
Scale AI CEO Suggests DeepSeek Used Smuggled Nvidia H100 GPUs
Concerns about DeepSeek’s hardware access have been amplified by comments from Alexandr Wang, CEO of Scale AI, who has suggested that the company may be using high-end Nvidia H100 GPUs despite U.S. restrictions. Speaking in an interview with CNBC, Wang claimed, “DeepSeek has about 50,000 Nvidia H100 GPUs. They can’t talk about it because it violates U.S. export controls.”
If accurate, this statement directly contradicts DeepSeek’s claim that it relied solely on H800 units, which are less powerful and were specifically designed to comply with U.S. trade restrictions on China. The discrepancy raises questions about how DeepSeek may have obtained such a large supply of restricted hardware, particularly given that H100 chips are among the most sought-after components for AI development.
DeepSeek has not responded to Wang’s allegations, but if the claims are substantiated, it could lead to further regulatory scrutiny and potential sanctions against the company.
Global Security Concerns Surrounding DeepSeek AI
Beyond Europe, DeepSeek’s operations have drawn concern from national security officials in the United States and Australia. In Washington, authorities are reviewing whether the Chinese AI firm poses a broader security risk, particularly given its rapid rise and potential links to unauthorized data acquisition.
In Australia, Treasurer Jim Chalmers has publicly advised caution regarding DeepSeek’s AI products. Speaking to reporters, Chalmers stated, “We would urge Australians to be cautious about this new technology.”
He also confirmed that Australian officials are continuously assessing security risks associated with AI applications developed by companies with ties to China.
These warnings reflect a broader concern that AI technologies developed by Chinese firms could be used for surveillance, data harvesting, or other activities that conflict with Western security interests.
Investigative Journalist Links DeepSeek to OpenAI Researcher’s Death
Amid the growing controversy surrounding DeepSeek, investigative journalist George Webb has raised concerns about a possible connection between the company and the death of former OpenAI researcher Suchir Balaji.
Balaji, who specialized in AI training pipelines, was found dead in his San Francisco apartment in November 2024. Authorities ruled his death a suicide within 40 minutes of arriving at the scene, but Webb and others have questioned whether the case was properly investigated.
Webb has suggested that Balaji may have been preparing to disclose details about OpenAI’s training data being used by DeepSeek before his death.
In a statement, Webb said, “Balaji was found dead in his San Francisco apartment, and within 40 minutes, it was ruled a suicide. No real investigation, no effort to connect the dots. But if you look at what he was working on—training data pipelines, WebGPT, datasets that could be lifted and repurposed—the implications are chilling.”
While there is no confirmed link between Balaji’s death and DeepSeek, the timing and circumstances have fueled speculation. The allegations, if substantiated, would suggest that DeepSeek’s AI development may have been aided by access to proprietary OpenAI data obtained through undisclosed means.
Potential Consequences for DeepSeek and AI Regulation
If Italy’s Garante determines that DeepSeek has violated GDPR, the regulator could impose heavy fines or even restrict the company’s ability to operate within the EU.
The watchdog has previously taken strong action against AI firms, including a temporary ban on OpenAI’s ChatGPT in 2023 and a €15 million fine against OpenAI in December 2024 for privacy violations.
Consumer rights organizations such as Euroconsumers and Italy’s Altroconsumo have also expressed concerns about DeepSeek’s data handling practices, calling for stricter regulatory oversight. These groups argue that companies operating in Europe must be held to the same transparency and accountability standards as other AI firms.
Beyond GDPR concerns, DeepSeek is facing increasing pressure to disclose more information about its AI training process, data sources, and hardware acquisition.
If regulators and industry leaders determine that the company benefited from unauthorized OpenAI data or smuggled hardware, it could face legal challenges and restrictions on its AI products in multiple jurisdictions.
Table: AI Model Benchmarks – LLM Leaderboard
[table “18” not found /]Last Updated on March 3, 2025 11:35 am CET
