Kirill Chernovol on the tightening of control over foreign AI systems

Kirill Chernovol, researcher at the International Best Practices Analysis Department of the Gaidar Institute predicted that regulators would strive in future to ensure compliance of all digital services with security, transparency and data localization requirements.

In February 2025, regulators in the EU, the United States and Australia imposed restrictions on the use of the Chinese DeepSeek chatbot, as it was unclear how the company stored and processed user data. Deep Seek also transfers foreign users’ data to China and it raises questions about the legitimacy of such transfers between jurisdictions, the study notes.

«Different countries tend to tighten control over foreign AI systems, especially when it comes to services that work with personal data and have vague processing mechanisms. Regulators will strive to ensure that all digital services, regardless of their country of origin, meet security, transparency and data localization requirements. This reflects the overall trend towards national sovereignty protection in the digital sphere," Kirill Chernovol notes.

According to Kirill Chernovol, it is already clear that countries concerned about foreign access to their citizens' data are taking measures to limit the use of such systems in government agencies. «In future, such a policy may spread to broader market segments, as well," Kirill Chernovol predicts.

Bans in the US and Europe

In January-February 2025, several US states — New York, Texas, Virginia, Kansas and other — banned the use of DeepSeek on government employees' devices, as the app can transfer user data to the Chinese government. Kansas proposed a special bill prohibiting the use of «dangerous» platforms on government devices and networks, the study says.

Kirill Chernovol notes that both the regulation aimed at controlling cross-border data transfers and the requirements to openness in data processing will be tightened in the near future. «Such regulation has been introduced, for example, in the EU, as well as in some states of the United States. Institutions determining countries to which a data transfer is permitted will also be developed," Kirill Chernovol said. For example, in Russia, Roskomnadzor has approved a list of 89 countries to which data can be transferred if the regulator is notified and has no objections.