Luxembourg: National Commission for Data Protection adopted guidelines on use of DeepSeek

On 3 February 2025, the National Commission for Data Protection (CNPD) adopted guidelines on the use of the Artificial Intelligence (AI) tool DeepSeek R1. It raised concerns about data protection risks, including DeepSeek's lack of sufficient safeguards for personal data protection. It highlighted that the AI model, developed in China, does not comply with the General Data Protection Regulation (GDPR) and offers no clear framework for data rights or security. It highlighted that DeepSeek's data controller is not based in the European Union and lacks a legal representative in the region, making it difficult for users to exercise their rights under GDPR, including data access or deletion. The CNPD advised against installing DeepSeek and entering personal data, urging users to choose AI tools that adhere to European regulations.