Federal Contractors Barred from Using DeepSeek AI: Commerce Dept. Mandated to Report on Foreign AI Threats

If you’re a federal contractor or just someone who cares about where your data goes, the Protection Against Foreign Adversarial Artificial Intelligence Act of 2025 is worth paying attention to. This bill essentially has two main jobs: first, it bans a specific foreign-affiliated AI tool from government work, and second, it forces the government to get serious about figuring out which foreign AI platforms pose a national security risk.

The AI Blacklist: No DeepSeek on Government Contracts

Section 2 of the bill is a direct instruction: if you have a contract with the U.S. government, you cannot use the DeepSeek application, or any future version developed by its parent company, High Flyer, to do that government work. Think of it as a hard, immediate firewall against a specific piece of foreign technology being used to handle government tasks. This is a big deal for contractors who might rely on DeepSeek for efficiency, coding assistance, or data analysis. They’ll have to find compliant alternatives, which means time, training, and potentially higher costs.

There is an escape hatch, though. The Secretary of Commerce, after talking with the Secretary of Defense, can grant a waiver. But this isn’t a quick fix. It can only happen if using DeepSeek is “absolutely necessary” for a national security goal related to the contract, or if the use is strictly for research. This narrow exception shows the government is serious about the ban but acknowledges that sometimes, for cutting-edge defense or research work, the tech might be temporarily indispensable. However, the criteria for “absolutely necessary” are pretty vague, which leaves contractors in a bit of a gray area if they try to pursue a waiver.

Mapping the Digital Threats to National Security

Section 3 shifts gears, requiring the Secretary of Commerce to produce a detailed report within one year on the national security threats posed by AI platforms connected to “countries of concern.” This isn't just about DeepSeek; it’s about any large language model or generative AI that has ties to nations already designated as problematic under existing defense laws.

This report is basically a deep dive into the worst-case scenarios. The Commerce Department has to analyze how these foreign governments might use AI for state-sponsored propaganda or censorship. More critically for everyday users, they must investigate the data security risks: Where is U.S. user data stored? How easily could a foreign government, like the Chinese Communist Party, access the data U.S. citizens and businesses feed into these AI tools? They also need to look at the risk of economic espionage—the theft of intellectual property or trade secrets—through these platforms.

This mandatory reporting is a major win for transparency and risk assessment. It forces the government to quantify the real-world danger of using foreign-affiliated AI, from the risk of your company’s trade secrets being leaked to the potential for state actors to influence public opinion through AI-generated content. Ultimately, the report must offer concrete suggestions for new laws or administrative actions needed to plug these security holes, giving policymakers a clear path forward.