ARTICLE
16 April 2025

Beyond The Headlines: DeepSeek And The Ongoing Legal Risks Of Open-Source AI

WL
Withers LLP

Contributor

Trusted advisors to successful people and businesses across the globe with complex legal needs
As AI adoption accelerates across Asia following the launch of DeepSeek, a growing number of AI developers are continuing to turn to open-source models...
United Kingdom Technology

As AI adoption accelerates across Asia following the launch of DeepSeek, a growing number of AI developers are continuing to turn to open-source models to drive faster integration into consumer products and enterprise solutions. Companies like DeepSeek are leading this charge, making powerful AI tools freely available in a bid to lower barriers to entry and encourage innovation. Yet, as open-source AI becomes increasingly embedded in business operations, legal concerns surrounding intellectual property, trade secrets, and data privacy are coming to the fore. Recent debates over the boundaries of open-source use — particularly allegations of proprietary technology being folded into open models — have reignited scrutiny over how businesses can responsibly and lawfully adopt these tools. In this article, we explore the legal implications of leveraging open-source AI models, with a focus on DeepSeek's approach and what it means for businesses navigating this evolving landscape.

1. What is DeepSeek?

DeepSeek is a Chinese AI startup founded in 2023 which recently gained attention in the global tech scene. The company's claim to fame is its high-performance, low-cost large language models which have disrupted traditional players in the AI industry. DeepSeek's AI models, such as V3 and R1, are designed to run more efficiently, requiring fewer computational resources than their competitors, which in turn translates to lower costs.

DeepSeek's technological breakthroughs have attracted global attention, challenging dominant AI providers and reshaping the landscape. However arguably as important is DeepSeek's decision to make its with V3 and R1 models available on an open-source basis, making them freely available for anyone to use and modify, with the company also having plans to open-source five of its models' code repositories.

2. DeepSeek's Decision to Open-Source its Models – What Does That Mean?

Open-sourcing refers to the practice of making the source code of a software application available to the public, allowing anyone to use, modify, and distribute it without having to pay. By open-sourcing its models and underlying code, DeepSeek is making these freely accessible to developers and users worldwide to access, use, modify, and build upon its technology.

This decision stands in contrast to the approach taken by other AI providers, who broadly have followed either a "closed source" approach (e.g. OpenAI's ChatGPT or GitHub Copilot), where the proprietary technology of the underlying code and data is not publicly available for modification, or an "open weight" approach (e.g. Meta's Llama model or models offered by Mistral AI) where only certain data - the weights that help the model make accurate predictions and learn patterns - is made available to developers. These approaches are typical of technology firms that treat AI models as valuable intellectual property and offering access primarily through paid or subscription models.

DeepSeek's decision potentially has broad implications for the AI industry, and may lower barriers to entry and enable more developers to benefit from AI technology without having to incur significant initial financial costs relating to developing and fine-tuning an AI model. Additionally, open-source practices encourage collaboration, allowing developers to contribute to improving the technology. This could accelerate innovation as it invites external expertise to refine and adapt DeepSeek's models to a broader range of applications. Ultimately, this strategy could establish DeepSeek as a leading player in the AI sector, despite its relatively late emergence in the sector, driving wider adoption of its technology.

However, open-source technology inherently present challenges in terms of IP protection, licensing, and data privacy. DeepSeek's move to open-source its technology raises important questions about the legal frameworks that govern the use and distribution of open-source technology, as well as the potential risks involved. These issues will be explored further in the following sections.

3. How Open-Source Practices Challenge Traditional Licensing Methods and What it Means for Businesses That Rely on Proprietary AI

Traditionally, technology providers rely on proprietary licensing methods to protect their intellectual property and generate revenue. With proprietary licensing, technology providers retain control over the software, granting licenses to users based on specific terms and conditions, usually at a fee. These licenses often restrict how the software can be modified, distributed, or used.

In contrast, open-source software is available for free, allowing users to access, modify, and redistribute it. While this fosters innovation and transparency, it disrupts traditional licensing methods. For businesses that rely on proprietary AI – whether as users or technology providers – DeepSeek's open-source decision poses both opportunities and risks.

On the one hand, open-source AI models like DeepSeek's reduce adoption costs, enabling businesses to leverage cutting-edge technology without high licensing fees. On the other hand, the widespread use of open-source AI can undermine traditional business models that depend on licensing revenue, forcing AI providers to reconsider their value propositions.

Businesses relying on proprietary AI must also now confront the legal complexities introduced by open-source alternatives. These include ensure compliance with open-source licenses, protecting proprietary technology when working with open-source models, and evaluating whether open-source options threaten their competitive advantage.

4. Implications for IP, Trade Secrets, and Data Privacy

DeepSeek's decision to open-source its AI models raises important questions related to IP protection, trade secrets, and data privacy, which are discussed below.

a. IP Protection in Open-Source Models

IP protection is a significant concern for businesses that rely on AI technology. AI companies, especially those developing proprietary models, must navigate complex IP laws to ensure their innovations are protected. In the case of open-source models like DeepSeek's, IP protection becomes more challenging.

Open-source software typically operates under licenses that allow users to use, modify, and distribute its source code. However, some of these licenses could require that derivative works created by a user to also be released under the same open-source license, potentially limiting the ability to protect such derivative works as proprietary IP.

Businesses that build upon or incorporate DeepSeek's open-source models must therefore be cautious about how they protect their own IP. For instance, if a business develops a proprietary product using an open-source model, they may face challenges in ensuring that their own innovations remain protected, especially if they are required to release derivative works under open-source licenses.

b. Trade Secret Risks for Businesses Which Build on Open-Source Models

Trade secrets represent another potential concern for businesses using open-source models. Trade secrets are valuable, confidential business information, such as algorithms, formulas, or processes, that give a company a competitive edge. When using open-source AI models, businesses risk inadvertently disclosing proprietary methods or algorithms when modifying or building on the open-source code.

If a business incorporates open-source models into its products, it must be vigilant in protecting its own trade secrets. For example, if proprietary methods are mixed with open-source code, there is a risk that confidential business processes could be exposed or reverse-engineered by competitors.

As discussed above, some open-source licenses require that modifications be made public, which could potentially expose proprietary trade secrets. Businesses therefore need to carefully evaluate which open-source AI models they adopt and how they incorporate these into their products and services.

c. Data Privacy Risks for Businesses Using DeepSeek's Open-Source Models

Data privacy is a critical consideration when adopting any AI model, particularly when utilising open-source technology. Businesses incorporating a DeepSeek model into their operations or tech stack must ensure that the use of the model complies with local data privacy regulations when using the technology and that personal data and other sensitive information is adequately safeguarded. This is particularly pertinent in the EU, given that DeepSeek's approach to data privacy is under scrutiny from European data protection authorities, due to concerns over a lack of compliance with the GDPR.

5. Other Legal Challenges for Businesses Using DeepSeek's Open-Source Models

In addition to IP, trade secrets and data privacy, businesses must also address contract obligations when integrating open-source models. Commercial contracts, particularly those related to software development or AI deployment, may include clauses which mandate the use of proprietary models or restrict the use of open-source technology. Businesses that wish to incorporate DeepSeek's open-source models into their offerings must ensure that such integrations do not conflict with existing contractual commitments.

6. What Businesses Should Consider Before Relying on Open-Source Models

Before adopting open-source AI models such as those offered by DeepSeek, businesses should carefully consider several factors:

  • Licensing Terms: Ensure that any use of open-source models is in full compliance with the terms of the license under which they are provided.
  • Intellectual Property Protection: Businesses must evaluate how open-source license terms may affect their ability to protect their own IP. This may involve seeking legal counsel to navigate the complexities of open-source licensing and IP protection.
  • Trade Secret Safeguards: If a business plans to build proprietary products using open-source models, it must take steps to protect its trade secrets and prevent confidential information from being inadvertently disclosed.
  • Data Privacy: Consider the choice of open-source AI model in the context of the business' local data privacy compliance requirements, and what (if any) operational changes are required from a data privacy perspective.
  • Security Risks: Open-source models, like any software, can be vulnerable to cyberattacks. Businesses must assess the security risks associated with using open-source models and take steps to mitigate these risks.
  • Liability and Accountability: Open-source models may come with limited or no warranties, which can expose businesses to greater risks. It is crucial to understand the implications of using such technology, particularly if it fails to meet business expectations or causes harm.

7. Conclusion

DeepSeek's decision to open-source its AI models represents a significant shift in the AI landscape, presenting both opportunities and challenges for businesses. While open-source models, such as DeepSeek's, offer access to advanced technology at a lower cost than proprietary models, they also come with legal complexities, including IP, trade secrets, data privacy, and licensing concerns.

To successfully leverage open-source AI while mitigating risks, businesses must proactively address legal compliance, IP protection, and risk management. By carefully considering the legal implications and seeking expert guidance, businesses can harness the full potential of open-source AI while safeguarding their competitive edge in an increasingly digital world.

For advice on AI licensing, development or compliance matters, or if you have any questions on this topic, please get in touch with your usual Withers contact or the authors of this article.

This document (and any information accessed through links in this document) is provided for information purposes only and does not constitute legal advice. Professional legal advice should be obtained before taking or refraining from any action as a result of the contents of this document.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More