Acceptable Use Policy and Prohibited Conduct

What it is

Users are required to comply with all applicable laws when using the model and are prohibited from generating harmful or deceptive content with it.

Why it matters (compliance & governance perspective)

This provision places affirmative compliance obligations on the deploying organization rather than on DeepSeek, meaning that legal responsibility for lawful and non-harmful use of the model's outputs rests with the user or deploying entity.

Consumer impact (what this means for users)

Organizations and developers deploying DeepSeek-R1 in products bear the contractual and legal responsibility for ensuring that the model's outputs comply with applicable laws and do not generate harmful or deceptive content; this obligation is not assumed by DeepSeek under the license.

Institutional analysis (Compliance & governance intelligence)

1) REGULATORY LANDSCAPE: This provision interacts with a broad range of regulatory frameworks depending on the deployment context, including the EU AI Act (which imposes obligations on deployers of AI systems, particularly high-risk systems), FTC regulations on deceptive practices, GDPR where model outputs involve personal data, and sector-specific regulations in healthcare, financial services, and education. The provision does not define 'harmful' or 'deceptive,' leaving the compliance burden on the deploying organization to interpret these terms in light of applicable law. 2) GOVERNANCE EXPOSURE: High for organizations deploying the model in consumer-facing or regulated industry contexts. The broad and undefined nature of 'harmful' and 'deceptive' content means that compliance teams must develop their own content governance frameworks for DeepSeek-R1 outputs, without specific guidance from DeepSeek. This is particularly significant under the EU AI Act, which imposes mandatory risk assessments for certain AI applications. 3) JURISDICTION FLAGS: EU deployers face the most immediate regulatory exposure given the EU AI Act's requirements for high-risk AI systems, which include obligations for transparency, human oversight, and risk management that the license itself does not address. U.S. deployers in regulated sectors (financial services under FINRA/SEC guidance, healthcare under HHS/OCR, education under FERPA) must ensure that model outputs comply with sector-specific content and privacy obligations. 4) CONTRACT AND VENDOR IMPLICATIONS: Organizations using DeepSeek-R1 in B2B contexts should ensure that downstream customer contracts include appropriate acceptable use provisions and that the compliance obligations imposed by this license clause are flowed down to customers who further deploy the model's outputs. Indemnification provisions in customer contracts should address the allocation of liability for harmful or unlawful model outputs. 5) COMPLIANCE CONSIDERATIONS: Deploying organizations should implement content filtering, output monitoring, and human review processes appropriate to their use case and the regulatory environment in which they operate. Legal teams should conduct a regulatory mapping exercise to identify all applicable laws and regulations that the 'comply with applicable laws' requirement implicates for their specific deployment context.

Applicable agencies

Provision details

Other risks in this policy

• Anti-Distillation Clause high
• Commercial Use Threshold (100M MAU) medium
• Attribution and Notice Requirements low
• Prohibition on Misrepresentation of Origin low
• License Grant Scope and Derivative Works medium
• Disclaimer of Warranties medium