Loading the catalogue…
Loading the catalogue…
ByteDance is a privately held Chinese technology company headquartered in Beijing, operating under Chinese law including the National Intelligence Law, which can compel cooperation with state intelligence services — a fundamental sovereignty risk for EU regulated customers. Its TikTok subsidiary received a €530 million GDPR fine in May 2025 for unlawfully transferring European user data to China, and faces additional EU Digital Services Act proceedings. While ByteDance has substantially increased its open-weights AI model releases (including the Seed-OSS, BAGEL, and Lance families under Apache 2.0 licences), no specific EU AI Act compliance statement has been published, and the compounding risk of Chinese state data access laws makes ByteDance a high-risk supplier for regulated-sector deployment of AI in the EU.
ByteDance is a Chinese company subject to China's National Intelligence Law (Article 7), which requires all organisations and citizens to cooperate with state intelligence activities. This creates a structural, legally compelled data-access risk that cannot be fully mitigated by contractual means. For EU regulated sectors (finance, health, government, legal), this is a sovereign risk of the highest order.
Ireland's DPC issued a €530 million GDPR fine against TikTok/ByteDance in May 2025 — the third-largest GDPR fine ever — for unlawfully transferring EEA user data to China without adequate protection. ByteDance was ordered to suspend data transfers within 6 months if not remediated. TikTok also admitted in April 2025 that European data was stored on Chinese servers, contradicting prior regulatory statements.
A state-affiliated entity (China Internet Investment Fund) holds a 1% 'golden share' in ByteDance's domestic subsidiary Beijing Douyin Information Service Co., granting board representation. Chinese law required this arrangement. While ByteDance asserts this does not extend to international operations, it signals structural CCP linkage at the subsidiary level.
In December 2022, ByteDance confirmed that employees (US and China-based) used TikTok platform access to surveil journalists' IP addresses and locations. The FBI and DOJ reportedly opened investigations. This confirmed misuse of data access controls by insiders — a direct indicator of internal governance failure.
The European Commission preliminarily found TikTok in breach of Digital Services Act transparency obligations in October 2025, specifically failing to provide researchers adequate access to public data and insufficient ad repository compliance. A potential fine of up to 6% of global revenue is possible.
Stanford CRFM analysis (August 2024) estimated ByteDance's MegaScale model may meet the EU AI Act systemic risk threshold (>10^25 FLOPs). ByteDance has published no AI Act compliance statement, no GPAI Code of Practice participation, and no formal training data summary as required under Article 53(1)(d) which became applicable August 2025.
US law (Protecting Americans from Foreign Adversary Controlled Applications Act, April 2024, upheld by Supreme Court January 2025) classifies ByteDance as a 'foreign adversary controlled application'. This is a strong geopolitical risk signal that may affect downstream enterprise procurement decisions in jurisdictions closely aligned with US national security policy.
Stav AI Act assessment
Editorial assessment, not legal advice. Stav's risk ratings, scores, and verdicts are our own analysis of publicly available information and may be incomplete or out of date. Verify independently before making compliance or procurement decisions.
ByteDance has significantly accelerated open-source AI model releases, growing 8–9x from 2024 to 2025 per HuggingFace's Spring 2026 State of Open Source report. Multiple model families (Seed-OSS, BAGEL, Lance) released under Apache 2.0, enabling full auditability and on-premises deployment.
ByteDance publishes arXiv technical papers for substantially all open model releases, with detailed architecture descriptions, benchmark results, and training methodology. Academic collaboration with Tsinghua University documented.
Active community engagement across three HuggingFace organisations (ByteDance, bytedance-research, ByteDance-Seed) with regular model updates, GitHub issue tracking, and explicitly inviting community contributions and bug reports.
ByteDance is one of the most heavily-funded private technology companies globally with backing from Carlyle Group, General Atlantic, Sequoia, KKR, and SoftBank — providing strong financial stability for continued AI research and model maintenance.
ByteDance has invested substantially in Project Clover — a multi-billion dollar initiative to build EU/EEA-local data infrastructure and security oversight for TikTok's European operations, including third-party monitoring. This demonstrates some responsiveness to EU regulatory requirements, even if insufficient in the DPC's assessment.
Published safeguards & certifications
Privacy policy review
Creator profile
Stav compliance has not yet scored ByteDance. Scores are published once the policy review and infrastructure assessment complete.
Findings
Citations gathered when the Compliance Curator last reviewed this creator’s public-facing documents. Grouped by source so the picture stays auditable.
“ByteDance and Tencent each increased releases by eight to nine times. ”
“Seed-OSS is a series of open-source large language models developed by ByteDance's Seed Team, designed for powerful long-context, ... [2025/08/2...”
“BAGEL is licensed under the Apache 2.0 license. ”
TikTok is owned by ByteDance, which is a private Chinese company headquartered in Beijing.
The Associated Press reported that ByteDance is based in Beijing, but registered in the Cayman Islands.
Shou Zi Chew, who became TikTok's CEO in 2021, is one of 12 executives reporting to ByteDance CEO Liang Rubo—a reminder that TikTok belongs to a ...
TikTok’s parent company ByteDance Ltd. was founded by Chinese entrepreneurs, but today, roughly sixty percent of the company is beneficially owned by ...
An additional concern is China’s National Intelligence Law, which provides in Article 7 that all Chinese “organizations and citizens shall support, as...
A federal law requiring ByteDance to divest TikTok's U.S. operations was signed in April 2024 and upheld by the Supreme Court in January 2025. As of e...
ByteDance Ltd., TikTok’s parent company, and its affiliates will own less than 20 percent of the US-based entity. The joint venture will have a new bo...
TikTok is owned by ByteDance, which is a private Chinese company headquartered in Beijing.
The Associated Press reported that ByteDance is based in Beijing, but registered in the Cayman Islands.
Shou Zi Chew, who became TikTok's CEO in 2021, is one of 12 executives reporting to ByteDance CEO Liang Rubo—a reminder that TikTok belongs to a ...
TikTok’s parent company ByteDance Ltd. was founded by Chinese entrepreneurs, but today, roughly sixty percent of the company is beneficially owned by ...
An additional concern is China’s National Intelligence Law, which provides in Article 7 that all Chinese “organizations and citizens shall support, as...
A federal law requiring ByteDance to divest TikTok's U.S. operations was signed in April 2024 and upheld by the Supreme Court in January 2025. As of e...
ByteDance Ltd., TikTok’s parent company, and its affiliates will own less than 20 percent of the US-based entity. The joint venture will have a new bo...
“Our code is released under the Apache 2.0 License,, while our models are under the CC BY-NC 4.0 License.”
“The European Commission, the executive arm of the European Union, said on Friday that it had preliminarily found both TikTok and Meta in breach of its...”
“An additional concern is China’s National Intelligence Law, which provides in Article 7 that all Chinese “organizations and citizens shall support, as...”
“Based on estimates from Epoch, 8 models (Gemini 1.0 Ultra, Llama 3.1-405B, GPT-4, Mistral Large, Nemotron-4 340B, MegaScale, Inflection-2, Inflection-...”
“The GPAI Code of Practice is a voluntary compliance tool submitted to the Commission by independent experts, which offers practical guidance to help p...”
“The full decision will be published by the DPC in the coming weeks, providing additional insight into the specific violations and required remedia Ti...”
“ByteDance Ltd., TikTok’s parent company, and its affiliates will own less than 20 percent of the US-based entity. The joint venture will have a new bo...”
“TikTok’s parent company ByteDance Ltd. was founded by Chinese entrepreneurs, but today, roughly sixty percent of the company is beneficially owned by ...”
“The Associated Press reported that ByteDance is based in Beijing, but registered in the Cayman Islands. ”
“The Irish Data Protection Commission, TikTok’s primarily regulator in Europe, hit the app-maker with a fine of €530 million ($600 million) on Friday f...”
“The Doubao LLM family powers consumer assistant experiences and enterprise scenarios, with daily token calls reaching about 16.4 trillion by May 2025,...”
“A federal law requiring ByteDance to divest TikTok's U.S. operations was signed in April 2024 and upheld by the Supreme Court in January 2025. As of e...”
“In December, TikTok admitted that ByteDance employees used the app to track the location of journalists reporting critically on the company through th...”
“The fine is the third-largest issued under the EU’s General Data Protection Regulation (GDPR). It follows a lengthy investigation that concluded ByteD...”
“Shou Zi Chew, who became TikTok's CEO in 2021, is one of 12 executives reporting to ByteDance CEO Liang Rubo—a reminder that TikTok belongs to a ...”
“TikTok is owned by ByteDance, which is a private Chinese company headquartered in Beijing. ”
As classified under Regulation (EU) 2024/1689.
Provider of GPAI model with systemic risk (>10^25 FLOPs).
Based on estimates from Epoch, 8 models (Gemini 1.0 Ultra, Llama 3.1-405B, GPT-4, Mistral Large, Nemotron-4 340B, MegaScale, Inflection-2, Inflection-...
The GPAI Code of Practice is a voluntary compliance tool submitted to the Commission by independent experts, which offers practical guidance to help p...
The Irish Data Protection Commission, TikTok’s primarily regulator in Europe, hit the app-maker with a fine of €530 million ($600 million) on Friday f...
The fine is the third-largest issued under the EU’s General Data Protection Regulation (GDPR). It follows a lengthy investigation that concluded ByteD...
The full decision will be published by the DPC in the coming weeks, providing additional insight into the specific violations and required remedia Ti...
In December, TikTok admitted that ByteDance employees used the app to track the location of journalists reporting critically on the company through th...
ByteDance and Tencent each increased releases by eight to nine times.
Seed-OSS is a series of open-source large language models developed by ByteDance's Seed Team, designed for powerful long-context, ... [2025/08/2...
BAGEL is licensed under the Apache 2.0 license.
Our code is released under the Apache 2.0 License,, while our models are under the CC BY-NC 4.0 License.
The European Commission, the executive arm of the European Union, said on Friday that it had preliminarily found both TikTok and Meta in breach of its...
The Doubao LLM family powers consumer assistant experiences and enterprise scenarios, with daily token calls reaching about 16.4 trillion by May 2025,...
Based on estimates from Epoch, 8 models (Gemini 1.0 Ultra, Llama 3.1-405B, GPT-4, Mistral Large, Nemotron-4 340B, MegaScale, Inflection-2, Inflection-...
The GPAI Code of Practice is a voluntary compliance tool submitted to the Commission by independent experts, which offers practical guidance to help p...
The Irish Data Protection Commission, TikTok’s primarily regulator in Europe, hit the app-maker with a fine of €530 million ($600 million) on Friday f...
The fine is the third-largest issued under the EU’s General Data Protection Regulation (GDPR). It follows a lengthy investigation that concluded ByteD...
The full decision will be published by the DPC in the coming weeks, providing additional insight into the specific violations and required remedia Ti...
In December, TikTok admitted that ByteDance employees used the app to track the location of journalists reporting critically on the company through th...
ByteDance and Tencent each increased releases by eight to nine times.
Seed-OSS is a series of open-source large language models developed by ByteDance's Seed Team, designed for powerful long-context, ... [2025/08/2...
BAGEL is licensed under the Apache 2.0 license.
Our code is released under the Apache 2.0 License,, while our models are under the CC BY-NC 4.0 License.
The European Commission, the executive arm of the European Union, said on Friday that it had preliminarily found both TikTok and Meta in breach of its...
The Doubao LLM family powers consumer assistant experiences and enterprise scenarios, with daily token calls reaching about 16.4 trillion by May 2025,...