Why was DeepSeek restricted in Italy?

In late January 2025, the Garante questioned DeepSeek about the data collected and its storage on servers in China, then ordered an urgent limitation on processing Italian users' data over insufficient information and legal bases. The app was removed from stores in the country.

Did other countries restrict DeepSeek?

Yes, several restricted the app on government devices (South Korea, Australia, Taiwan), and the Czech Republic banned it across public administration in 2025, with European authorities also opening reviews.

What's the lesson for my own data?

Once sent, your data can be stored under a jurisdiction you don't control. The fix doesn't depend on the provider: anonymize the sensitive data before sending, so no real information crosses borders.

All articles

News & incidents5 min read

DeepSeek: why countries restricted the AI app — and the lesson for your data

In early 2025, Italy restricted DeepSeek and other countries banned it from public devices, over data stored in China. What the case teaches about where your data travels.

By Pierre de ONYRIJune 12, 2026

In early 2025, Italy's data protection authority (the Garante) restricted DeepSeek after questioning the company about the data it collected and its storage on servers in China; several governments then banned the app from their devices. Beyond the geopolitical context, the case illustrates a question valid for any AI: once sent, where does your data go, and which jurisdiction governs it? The only answer you truly control is not to send the sensitive data.

What happened

In late January 2025, the Garante asked DeepSeek to clarify what personal data was collected, its sources, purposes, legal basis, and whether it was stored on servers in China. DeepSeek's privacy policy states user data is stored in China. On January 30, 2025, the authority ordered an urgent limitation on processing Italian users' data — the app was notably removed from app stores in the country. The concerns centered on insufficient information, the absence of clear legal bases, and storage outside the EU.

Not just Italy

The Italian restriction wasn't isolated: several authorities restricted the app, especially on official devices.

South Korea, Australia and Taiwan: restrictions on government devices.
Czech Republic: ban across public administration (2025), with the cyber agency flagging a risk of unauthorized access.
Other European authorities opened reviews of the data processing.

Diagram: at top, sensitive data (amber) leaves the user for a distant server under another jurisdiction, which a regulator's shield tries to stop; at bottom, anonymized data sends only tokens across (cobalt), with nothing at stake. — After reporting by Al Jazeera, The Record and the BBC on the restrictions targeting DeepSeek (2025).

The real question: where your data goes, and who governs it

The DeepSeek case highlights a point that goes beyond any one provider: entrusting text to an AI means sending it to infrastructure whose location and applicable law you don't choose. Depending on the hosting country, the rules for access, retention and disclosure to authorities differ — and you don't control them.

You assume	The reality
“My data stays near me”	It can be stored under another jurisdiction
“The same rules apply everywhere”	Access and retention vary by hosting country
“I'll be able to have it deleted”	Your rights depend on the applicable law, not your choice

Once sent, location and applicable law slip out of your hands.

The lesson for your data

In practice, you don't choose the country each prompt lands in. But you choose what you put in it. If the sensitive data is never transmitted, the jurisdiction question becomes moot for that data.

1Assume any sent text can be stored under a jurisdiction you don't control.
2Remove the sensitive data before sending, whatever the provider.
3Keep the token↔value mapping local, to stay in control of the original.

That's ONYRI Sanitize's approach: the engine detects sensitive data and replaces it with reversible tokens before sending; detection and the mapping stay in your browser, and only anonymized text reaches the AI. Wherever the conversation goes, and whatever the jurisdiction, it doesn't contain your real information.

Frequently asked questions

Why was DeepSeek restricted in Italy?: In late January 2025, the Garante questioned DeepSeek about the data collected and its storage on servers in China, then ordered an urgent limitation on processing Italian users' data over insufficient information and legal bases. The app was removed from stores in the country.
Did other countries restrict DeepSeek?: Yes, several restricted the app on government devices (South Korea, Australia, Taiwan), and the Czech Republic banned it across public administration in 2025, with European authorities also opening reviews.
What's the lesson for my own data?: Once sent, your data can be stored under a jurisdiction you don't control. The fix doesn't depend on the provider: anonymize the sensitive data before sending, so no real information crosses borders.

Sources & references

“Which countries have banned DeepSeek and why?” — Al Jazeera
“Italy blocks Chinese AI tool DeepSeek over privacy concerns” — The Record (Recorded Future News)
Coverage of the restrictions targeting DeepSeek (privacy / data) — BBC

Keep your sensitive data in your browser

ONYRI Sanitize detects and masks your sensitive data before it reaches the AI, then restores the answer — from names to API keys.

Anonymize my prompt