The Czech National Cyber and Information Security Agency (NÚKIB) has issued a warning against using products from the Chinese AI company DeepSeek, citing significant security concerns and potential risks linked to Chinese state influence. Critical infrastructure facilities are particularly at risk.
On Thursday, 10 July 2025, NÚKIB published an official alert concerning the use of products, services, and applications developed by DeepSeek, especially in the context of critical IT infrastructure. The warning covers not only traditional software but also websites, online services, and application programming interfaces (APIs) associated with DeepSeek or its affiliates.
The warning is primarily aimed at public authorities under the Cybersecurity Act. For these institutions, the alert becomes binding once it is published on NÚKIB’s digital notice board. Affected organisations must incorporate the threat into their risk assessments and implement appropriate security measures. NÚKIB rates the risk as high, indicating that the likelihood of a security-related incident is considered very high.
Public also urged to exercise caution
Although the warning is legally binding only for entities subject to the law, NÚKIB is also urging the general public to be cautious. Individuals in key positions – such as in politics, public administration, or the judiciary – are strongly advised to avoid using DeepSeek products altogether. In such cases, the careless handling of sensitive data could have serious consequences, the agency warns.
Reasons for concern: data protection, de-anonymisation, and Chinese legislation
NÚKIB cites serious concerns regarding data protection and the potential misuse of information by state actors in the People’s Republic of China. For example, excessive data collection could result in the de-anonymisation of users. The Chinese legal environment – to which DeepSeek is fully subject – allows for possible access to data by government authorities and is considered particularly problematic.
This assessment is echoed by NÚKIB director Lukáš Kintr. In a statement, he said: “Our analysis is based on both our own findings and information from international partners. The way DeepSeek products handle data poses a significant risk to national cybersecurity. In light of recent revelations regarding the cyberattack on the Foreign Ministry, allegedly carried out by the Chinese group APT31, our concerns are more than justified. Beijing is once again demonstrating its willingness to act against the interests of the Czech Republic.”
Government imposes further restrictions
Alongside the warning, the Czech government has adopted a binding package of measures: ministries and central authorities are now prohibited from using DeepSeek products and services for official activities – whether on work devices or other state IT systems.
The full warning and further technical details (ENG) are available on the NÚKIB website.
