Your company didn't ban DeepSeek because of data privacy

A lot of companies banned DeepSeek. Almost none of them applied the same scrutiny to OpenAI or Anthropic.

When DeepSeek disrupted the industry in early 2025, corporate IT departments moved fast. Board memos flew, firewalls went up, and companies like Microsoft and Telstra enacted internal bans. The stated concern was that Chinese law could compel DeepSeek to hand over user data. It was framed as a security decision. It was not examined enough as a competitive one.

Nobody asked the obvious follow-up question.

The structural hypocrisy

All of these platforms send your data to external servers. All of them operate under the laws of their home country, and those laws can compel data sharing with state intelligence agencies. If your data sits in a US cloud, it can be subject to US national security processes. If it sits in a Chinese cloud, it can be subject to China’s national security laws.

The actual risk profile did not change.

The flag on the server did.

What makes this particularly hard to defend is that DeepSeek’s open-source models do not contain mechanisms that would allow the Chinese government to siphon user data. Companies including Microsoft, Perplexity, and Amazon can host them on their own infrastructure. The security argument most corporate IT departments repeated only applies cleanly to DeepSeek’s direct API and app. It does not apply to the model itself.

This is not a defense of DeepSeek. It is an observation about the quality of reasoning behind the bans.

What OpenAI and Anthropic were actually doing

While companies were busy writing DeepSeek bans into their AI policies, the US frontier labs were doing something worth examining more closely.

OpenAI submitted a policy proposal to the Trump administration’s AI Action Plan, describing DeepSeek as “state-subsidized” and “state-controlled,” and recommending that the US government consider restrictions on PRC-produced models. OpenAI, a closed-source company, was simultaneously pushing policy positions that would restrict Chinese open-source competitors while also arguing that training on copyrighted material should be treated as fair use. DeepSeek’s disruption was the vehicle for a policy wishlist that predated it.

Anthropic’s playbook was similar. The company spent more than $1 million lobbying on AI policy, export controls, infrastructure, and governance in Q3 2025. In February 2026, it published a national-security framed argument accusing three Chinese AI companies, DeepSeek, Moonshot AI, and MiniMax, of running “distillation attacks” using roughly 24,000 fake accounts to extract Claude’s capabilities.

The framing was national security. The underlying reality was closer to a terms-of-service dispute.

Distillation, training a smaller model using outputs from a larger one, is a standard machine learning technique. Anthropic itself uses distillation to produce smaller, cheaper versions of its own models. What the Chinese labs allegedly did may have breached contract terms. Anthropic’s choice to label it a national security threat, and to put DeepSeek first in the narrative for maximum political salience in Washington, was a calibrated decision, not a neutral one.

The irony that followed was almost too on the nose. After years of framing China as the existential threat to democratic AI, Anthropic was reportedly threatened with a US federal supply-chain risk designation, while DeepSeek was not given that designation.

The system produced exactly the outcome it deserved.

This has happened before

The DeepSeek story follows a familiar pattern. OpenAI explicitly drew the Huawei parallel in its own lobbying documents, warning that, as with Huawei, there was significant risk in building on top of DeepSeek models.

The comparison is instructive, not because the risks are identical, but because the playbook is familiar: a Chinese technology company gains serious competitive ground, Western incumbents respond with restrictions framed as security measures, and the underlying competitive motivation goes largely unexamined.

Huawei’s 5G infrastructure was a genuine and complex security debate. DeepSeek’s open-source models hosted on AWS infrastructure are a different proposition. Treating them as equivalent is either sloppy analysis or deliberate conflation.

What performative governance actually looks like

Most organizational AI policies were not written by people who understood data architecture. They were written by people responding to headlines, legal pressure, and the instinct to be seen doing something.

The result is predictable. DeepSeek gets blacklisted by urgent executive directive. ChatGPT and Claude get enterprise-wide license allocations. The US legal implications of the latter go unexamined. The open-source distinction of the former goes unmentioned. The policy signals caution without actually understanding what it is being cautious about.

This is performative governance. A compliance label on a geopolitical reflex.

If your AI security policy only fires when it detects a specific country of origin, it is not a data privacy policy. The data does not know which flag it is flying under. The risk framework should be consistent regardless, and it almost never is.

The practical question is simple: would the same data, sent to a different jurisdiction, trigger the same review?

What good governance actually requires

This is not an argument for ignoring provenance. Where data goes, who controls the infrastructure, and what legal regime governs it are legitimate questions. The problem is that most organizations ask them selectively, guided more by geopolitical optics than technical substance, and further guided by the lobbying of the companies whose products they are approving.

Rigorous AI governance looks like this: every model evaluated against the same framework, regardless of where it was built. Every API call assessed for data exposure. Every vendor’s terms of service actually read. Every hosting arrangement understood for what it is.

That standard has to apply to OpenAI, Anthropic, DeepSeek, and whatever model your team quietly started using last month because someone found it faster.

The standard does not change based on the accent of the founder.

Apply it consistently, or stop calling it a policy.

Sources

Keep Reading

Related Posts