South Korea has formally suspended new downloads of the Chinese AI chatbot DeepSeek, citing concerns over data privacy and compliance with domestic regulations. The suspension took effect on 15 February, according to the Personal Information Protection Commission (PIPC).
While downloads are currently restricted in domestic app marketplaces, the web-based service remains accessible.
The decision follows PIPC’s analysis of DeepSeek’s data handling practices, which revealed deficiencies in communication functions and personal information processing procedures with third-party service providers.
Shortly after its launch, DeepSeek was found to have inadequately addressed South Korea’s data protection laws, which saw regulators issue a formal order on 31 January 2025, demanding compliance.
DeepSeek’s Response and Regulatory Actions
In response to regulatory scrutiny, DeepSeek appointed a local representative on 10 February this year and acknowledged its failure to fully take into account South Korea’s privacy laws when debuting its service.
The company has since expressed its commitment to cooperating with authorities and implementing necessary improvements to align with the Personal Information Protection Act.
PIPC stressed that the suspension is only temporary to give DeepSeek time to address compliance shortcomings.
Future Compliance Measures and Policy Developments
To prevent similar lapses, PIPC plans to strengthen oversight and improve regulatory guidance for all AI services operating in South Korea. The agency is closely monitoring DeepSeek’s remediation efforts and says it hopes to expedite the review process, using past insights from investigations into other major AI services such as OpenAI, Google, and Microsoft.
While previous compliance evaluations have taken up to five months, regulators anticipate a faster resolution in this case due to accumulated expertise.
South Korea is also exploring policy reforms to boost regulatory enforcement for AI services, particularly those operated by foreign entities. The government says it is working on strengthening the legal framework to balance AI innovation with data protection, too.
Plans are also in place to present updated compliance guidelines for international AI developers at the upcoming Global Privacy Assembly (GPA) in Seoul this September.
Guidance for Existing Users
Although new app downloads are paused, those who have installed DeepSeek on their devices can carry on using it. But, they are urged to exercise caution and avoid sharing personal information on the platform.
PIPC says it will assess how current user data is being processed and stored and take extra measures if needed to ensure compliance with privacy regulations.
South Korea’s National Intelligence Service (NIS) recently criticized DeepSeek for excessive data collection and its use of personal information for AI training. Security researchers also identified vulnerabilities in the company’s Android and iOS apps, where some data was transmitted to servers unencrypted, raising more concerns about user privacy and data security.
As South Korea ups its AI governance game, DeepSeek must implement major changes to carry on operating as normal in the country.
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.