France’s data privacy authority, the CNIL, announced on Thursday that it will question DeepSeek to assess the workings of its AI system and potential privacy risks for users. The Chinese AI startup gained international attention after revealing that training its DeepSeek-V3 model required less than $6 million in Nvidia H800 computing power.
A CNIL spokesperson confirmed that its AI department is currently analyzing DeepSeek’s tool and will engage with the company to understand its system and data protection measures. The French regulator is among the most active in Europe, having previously fined tech giants like Google and Meta for privacy violations.
DeepSeek is also under scrutiny in other parts of Europe. Italy’s data protection authority recently requested details on its handling of personal data, while Ireland’s Data Protection Commission has inquired about data processing practices related to Irish users.
The European Union maintains strict privacy protections under its General Data Protection Regulation (GDPR), widely regarded as one of the world’s most comprehensive data privacy laws. GDPR violations can result in fines of up to 4% of a company’s global revenue. Additionally, new EU AI regulations impose transparency obligations on high-risk AI models, with penalties ranging from 7.5 million euros (or 1.5% of turnover) to 35 million euros (or 7% of global turnover), depending on the severity of violations.
As regulatory scrutiny intensifies, DeepSeek faces mounting pressure to demonstrate compliance with European data protection standards.
