Global AI Regulations Roundup: Top Stories of February 2025

Securiti has initiated an AI Regulation digest, providing a comprehensive overview of the most recent significant global developments, announcements, and changes in the field of AI regulation. Our website will regularly update this information, presenting a monthly roundup of key activities. Each regulatory update will include links to related resources at the bottom for your reference.

North and South America Jurisdiction

1. Minnesota Attorney General Publishes Report On Harmful Effects Of Emerging Technologies Such as AI & Social Media

Date: February 4, 2025
Summary: Attorney General Keith Ellison released a detailed report on the harmful effects of emerging technologies such as AI and social media on the young citizens of Minnesota. The report contains a detailed examination of the harms caused by these technologies, an analysis of the design features causing the harm, evaluation of legislative efforts, and policy recommendations for the Minnesota legislature. As far as AI is concerned, it focuses on the unregulated use of chatbots and potential for GenAI to be used in deepfakes. Furthermore, the report recommends prohibiting the "deceptive patterns", limiting engagement-based optimization algorithms and their use in educational settings, increasing the transparency and empowering the users and guardians.

2. Coalition Of US State Attorney General Blocks Elon Musk & DOGE's Access To Americans' Sensitive Data From The Treasury Department

Date: February 8, 2025
Summary: A coalition of state Attorneys General in the US has secured a federal court order blocking Elon Musk's attempts to access Americans' sensitive data through the US Treasury.

A federal judge granted the temporary restraining order (TRO) that blocks "political appointees, special government employees, and any government employee detailed from an agency outside the Treasury Department from accessing the Treasury Department payment systems or any other data maintained by the Treasury Department containing personally identifiable information."

The order comes after the coalition filed a lawsuit last week alleging the Trump administration's illegal attempts to provide Musk and his Department of Government Efficiency (DOGE) with unauthorized access to the Treasury Department's central payment system and, therefore, to Americans' most sensitive personal information, including bank account details and Social Security numbers.

The restraining order is temporary, but it blocks the defendants from granting access to any Treasury payment recording, payment systems, or any other data maintained by the Treasury containing personally identifiable information and/or confidential financial information of payees other than to civil servants that need to access such systems to perform their jobs as described by the Bureau of Fiscal Services (BFS) and have passed all background checks and security clearances and taken all information security training called for in federal statues and Treasury regulations.

Any prohibited individuals that have had access to such information since January 25, 2025, must immediately destroy any and all copies of materials downloaded from Treasury records and systems. Read More.

3. New York Governor Announces Statewide Ban On DeepSeek Use On Government Devices & Networks

Date: February 10, 2025
Summary: New York Governor Kathy Hochul has announced a statewide ban on downloading DeepSeek on government devices and networks.

This comes after concerns over DeepSeek's potential connection to foreign government surveillance programs that could lead to data and technology theft. The ban is in line with the state's Acceptable Use of Artificial Intelligence Technologies policy that evaluates AI systems and ensures agencies' vigilance. Furthermore, the move builds on the Governor's 2024 guidance related to AI use in government, meant to drive innovation, increase operational efficiencies, and deliver better service to New Yorkers without compromising their privacy or exposing them to additional risks. Read More.

4. Virginia Passes New Law Regulating Development & Deployment Of High-Risk AI Systems

Date: February 20, 2025
Summary: The Virginia legislature passed HB 2094, which regulates the development and deployment of high-risk AI systems within the state.

Based on Colorado's AI Act, HB 2094 is narrower in scope. It only applies to cases where an AI system output would serve as a "principal basis" for a consequential decision without human review, oversight, involvement, or intervention. However, unlike Colorado's AI Act, it does not have any public reporting obligations apart from transparency requirements for high-risk GenAI systems related to the production and modification of synthetic content.

If the Governor approves, the law will become effective from July 1, 2026. Read More.

EMEA Jurisdiction

5. Provision On Prohibited AI Practices & Literacy Come Into Effect

Date: February 2, 2025
Summary: Key parts of the EU's AI Act took effect on February 2, 2025. These include the rules of AI literacy and prohibited AI practices as outlined in Article 5. These banned AI practices pose significant risks, including manipulation techniques, exploiting vulnerabilities, social scoring, crime risk profiling, unauthorized facial recognition, emotion detection, biometric categorization, and certain uses of 'real-time' biometric identification. Similarly, Article 4 requires all AI system providers and deployers to ensure their employees have appropriate training and information on how the AI system is used. The rest of the AI Act will take effect on August 2, 2026, except for rules on general-purpose AI models and penalties, which will be enforced from August 2, 2025. Read More.

6. EU Commission Releases Guidelines On Prohibited AI Practices Per The AI Act

Date: February 4, 2025
Summary: The EU Commission has released its guidelines on prohibited AI practices outlined in the AI Act. These practices are considered unacceptable owing to the risk they pose to European values and fundamental rights.

Some of the specifically banned practices include harmful manipulation, social scoring, and real-time remote biometric identification. The guidelines are meant to ensure the consistent and effective implementation of the AI Act across the EU while offering valuable insights into how the Commission interprets the prohibitions. However, the guidelines are non-binding, with the CJEU holding the final authority on legal interpretations. Read More.

7. EU Commission Releases Guidelines Defining "AI System” Under AI Act

Date: February 6, 2025
Summary: The European Commission has released guidelines clarifying the definition of an AI system per the AI Act. These guidelines are meant to assist providers and relevant stakeholders in determining whether software can be considered an AI system, facilitating the application of the AI Act's rules. The guidelines are non-binding and expected to evolve over time, with regular updates meant to ensure practical experiences and emerging questions are effectively addressed. Read More.

Asia Jurisdiction

8. Chinese PPC Releases Privacy Policy Details For DeepSeek

Date: February 3, 2025
Summary: The PPC has released details on the privacy policy of all the major entities associated with DeepSeek. The privacy policy outlines the following:

• All personal information collected through DeepSeek's services will be stored on servers in the People's Republic of China.
• The stored data will be governed by Chinese laws, including the Personal Information Protection Law (PIPL), Cybersecurity Law, Data Security Act, and National Information Law. Read More.

9. Japan Instructs Ministries To Avoid DeepSeek Use

Date: February 3, 2025
Summary: The Japanese government has instructed its ministries and agencies to avoid using AI developed by DeepSeek, citing concerns over data privacy practices. Government institutions using GenAI must avoid inputting confidential information into such models, and any such use is subject to prior approval. It further stated that its ministries would collaborate on all AI-related issues while engaging with their international counterparts via global frameworks. Read More.

10. South Korea’s PIPC Investigates DeepSeeks Data Privacy Practices

Date: February 7, 2025
Summary: The PIPC has investigated DeepSeek to uncover how Hangzhou DeepSeek Artificial Intelligence and Beijing DeepSeek Artificial Intelligence collect, use, store, and share personal data. The investigation included a comparative analysis of DeepSeek's privacy policies and ToS while collaborating with various international data protection agencies and discussions with China diplomatically. Currently the PIPC has temporarily suspended the services of Hangzhou DeepSeek Artificial Intelligence Co., Ltd. due to deficiencies in privacy policies and non-compliance with the PIPA. Read More.

11. Taiwan's Digital Affairs Ministry Bans Use Of DeepSeek AI

Date: February 10, 2025
Summary: The Ministry of Digital Affairs in Taiwan has restricted its agencies from using DeepSeel owing to the various cybersecurity risks associated with it, such as potential leaks and data transmission interception. This restriction is in line with previous policies that have prohibited the use of such foreign technology in sensitive sectors. Read More.