In recent years, overseas generative AI tools such as Copilot, ChatGPT, Claude, and Gemini have gradually entered the daily operations of enterprises. From drafting emails and organizing data to internal collaboration and client communication, these tools have significantly enhanced efficiency. Simultaneously, enterprises operating within China—including subsidiaries established by multinational corporations—inevitably face a series of legal and compliance challenges when utilizing these foreign AI tools.

Since ChatGPT's debut and the rise of DeepSeek for deep reasoning, generative AI tools has become essential for business operations. More and more companies are increasingly embracing AI, albeit cautiously, by permitting workplace use, purchasing enterprise AI subscriptions and creating corporate AI accounts for employees, with the aim of bringing employee AI usage under corporate risk management. When European multinationals, particularly their Chinese subsidiaries, permit employees to use China-based generative AI tools like DeepSeek, Kimi, or Doubao, what legal regimes might apply? This article examines the legal landscapes both in China and the EU from two lenses: AI governance and personal data protection. It addresses a pressing concern for such businesses: which Chinese/EU regulations apply, and how extensive are the compliance obligations? Regarding the AI governance aspect, please read “Legal Considerations for EU Businesses Using China-Based AI Services (Part I: AI Governance)”

Since ChatGPT's debut and the rise of DeepSeek for deep reasoning, generative AI tools has become essential for business operations. More and more companies are increasingly embracing AI, albeit cautiously, by permitting workplace use, purchasing enterprise AI subscriptions and creating corporate AI accounts for employees, with the aim of bringing employee AI usage under corporate risk management. When European multinationals, particularly their Chinese subsidiaries, permit employees to use China-based generative AI tools like DeepSeek, Kimi, or Doubao, what legal regimes might apply? This article examines the legal landscapes both in China and the EU from two lenses: AI governance and personal data protection. It addresses a pressing concern for such businesses: which Chinese/EU regulations apply, and how extensive are the compliance obligations?