Your company didn't ban DeepSeek because of data privacy

A lot of companies banned DeepSeek. Almost none of them appeared to apply the same level of scrutiny to OpenAI or Anthropic.

That inconsistency is the real governance problem.

When DeepSeek disrupted the industry in early 2025, corporate IT departments moved quickly. Board memos flew, firewall rules changed, and companies such as Microsoft treated the app as too risky for internal use. The stated concern was data exposure and the possibility that Chinese law could compel access to user data.

That concern is not imaginary. Jurisdiction, infrastructure control, vendor terms, retention policy, and national-security law all matter.

The problem is that most organizations did not apply a consistent model-risk framework. They treated one geopolitical signal as urgent while leaving other external AI systems inside the business with a much lighter review.

Nobody asked the obvious follow-up question: would the same data, sent to a different jurisdiction, trigger the same review?

The structural hypocrisy

All hosted AI tools create a data-governance question. The relevant questions are not limited to the country on the press release. They include what data is sent, where it is processed, who can access it, how long it is retained, whether it trains the model, what the contract allows, and what legal regime applies.

If your data sits in a US cloud, it can be subject to US legal processes. If it sits in a Chinese cloud, it can be subject to Chinese legal processes. If it sits in any third-party AI workflow without clear controls, the governance issue is already present.

The actual risk profile did not magically begin with DeepSeek.

The flag on the server made the risk easier to notice.

What makes this hard to defend is the way the conversation blurred the app, the API, the open-weight model, and self-hosted deployments. The security argument applies most cleanly to DeepSeek’s direct app and hosted API. It does not apply in the same way to every deployment of an open model, especially if a company hosts it inside its own controlled infrastructure.

This is not a defense of DeepSeek; it is an observation about the quality of reasoning behind the bans.

What OpenAI and Anthropic were actually doing

While companies were busy writing DeepSeek bans into AI policies, the US frontier labs were doing something worth examining more closely.

OpenAI submitted a policy proposal to the US AI Action Plan process describing DeepSeek as “state-subsidized” and “state-controlled,” and recommending restrictions on PRC-produced models. That may be a defensible policy position, but it is also a commercial position from a closed-source incumbent responding to a low-cost open competitor.

Anthropic’s playbook was different, but the pattern still matters. In 2026, Anthropic publicly accused DeepSeek-linked activity of using large-scale fake-account networks to run distillation attacks against Claude. If true, that is a serious terms-of-service and security issue.

It also is not the same thing as a generic data-privacy argument.

Distillation, training a smaller model from the outputs of a larger one, is a known machine-learning technique. The governance question is whether the access was authorized, whether the terms were breached, and whether the behavior creates security, IP, or competitive risk. Calling every version of that issue “national security” makes the policy conversation less precise, not more.

The irony that followed was almost too on the nose. After years of framing China as the existential threat to democratic AI, Anthropic was reportedly threatened with a US federal supply-chain risk designation, while DeepSeek was not given that designation.

The system produced exactly the outcome it deserved.

This has happened before

The DeepSeek story follows a familiar pattern. OpenAI explicitly drew the Huawei parallel in its own policy arguments, warning that building on top of DeepSeek models could carry similar risks.

The comparison is instructive, not because the risks are identical, but because the playbook is familiar: a Chinese technology company gains serious competitive ground, Western incumbents respond with restrictions framed as security measures, and the underlying competitive motivation goes largely unexamined.

Huawei’s 5G infrastructure was a genuine and complex security debate. DeepSeek’s open models hosted inside a controlled environment are a different proposition. Treating them as equivalent is either sloppy analysis or deliberate conflation.

What performative governance actually looks like

Most organizational AI policies were not written by people who understood data architecture. They were written by people responding to headlines, legal pressure, and the instinct to be seen doing something.

The result is predictable. DeepSeek gets blacklisted by urgent executive directive. ChatGPT and Claude get enterprise-wide license allocations. The US legal implications of the latter go under-examined. The open-source distinction of the former goes unmentioned. The policy signals caution without actually understanding what it is being cautious about.

This is performative governance: a compliance label on a geopolitical reflex.

If your AI security policy only fires when it detects a specific country of origin, it is not a data privacy policy. The data does not know which flag it is flying under. The risk framework should be consistent regardless, and it almost never is.

What good governance actually requires

Good AI governance needs a repeatable operating model. NIST’s AI Risk Management Framework is useful here because it pushes organizations toward governance, mapping, measurement, and management of AI risk rather than one-off panic decisions. NIST’s Generative AI Profile adds more specific attention to data, model, content, and misuse risks around generative systems.

That standard should have existed before DeepSeek became a headline.

Every model should be evaluated against the same framework, regardless of where it was built. Every API call should be assessed for data exposure. Every vendor’s terms of service should be read. Every hosting arrangement should be understood for what it is. Every team should know which data can enter which tool, under which review path, with which retention and escalation rules.

That standard has to apply to OpenAI, Anthropic, DeepSeek, and whatever model your team quietly started using last month because someone found it faster.

The practical move is not to ban nothing; it is to stop pretending that a ban list is the same thing as governance.

This is the kind of operating model I focus on in the AI Integration Workshop: not “use AI more,” but what data can move where, which workflows are eligible, who reviews output, how model risk is handled, and what the team does when a tool becomes politically or technically risky overnight.

Apply the standard consistently, or stop calling it a policy.

Sources

Keep Reading

Related Posts