China Unveils New Framework To Stimulate Cross-Border Data Flows: Risk or Opportunity for Multinational Companies

New Chinese Framework Announced

In a move that underscores the evolving landscape of global data governance, China announced a new initiative aimed at fostering cross-border data flows. On November 17, Chinese President Xi announced the launch of a “Global Cross-Border Data Flow Cooperation Initiative” while attending the Asia Pacific Economic Cooperation (APEC) leaders meeting in Lima, Peru. The following day, the Cyberspace Administration of China released further details about the initiative, which frames China as a proponent of non-discriminatory and cooperative data policies. However, closer analysis reveals a complex interplay of geopolitical, economic, and regulatory factors behind this initiative.

Why Multinational Companies Should Take Note?

The drop off in foreign direct investment in China is a significant issue the Chinese government is attempting to address. The framework release is in combination with other policies aimed to make China a more investment-friendly environment, such as reforms to deepen China securities capital market, stimulus benefits for Hong Kong, and other economic stabilization measures aimed at creating a more welcoming environment for investors and business leaders. Multinational companies, particularly those who have had existing operations in China and are evaluating how operate in the increasingly challenging geopolitical environment with China, should carefully weigh immediate or long-term financial opportunities against geopolitical and regulatory risks, including the influence such a framework might have on data flows needed for multinationals to comply with applicable non-Chinese laws.

History and Context of China’s Global Cross-Border Data Flow Cooperation Initiative

China’s announcement comes at a time of heightened tensions between the United States and China over new and emerging technologies, including data. The United States is tightening restrictions on flows of sensitive U.S. data to China. On February 28, 2024, President Biden released Executive Order 14117 to prevent access to American’s bulk sensitive personal data. On October 21, 2024, the Department of Justice issued a proposed rule to implement the Executive Order via an expansive new national security regime. It identifies classes of prohibited and restricted transactions, identifies countries of concern (including China) and classes of covered persons to whom the proposed rule applies, and identifies classes of exempt transactions, such as financial services. This initiative is part of broader U.S. strategy—commonly characterized as “small yard, high fences”—to build national security safeguards around data, technology, and other material that has national and economic security implications.

China’s initiative is a strategic response to growing U.S. restrictions. By advocating for non-discriminatory data policies, China is attempting to counter the narrative and U.S. framing that it poses a unique threat to global data privacy and security. China’s initiative explicitly opposes the “over-generalization of data issues as security issues” and the “differentiated formulation of restrictive policies on cross-border data flows targeting specific countries and companies without factual evidence.” The latter appears to be is a reaction to U.S. policies that have targeted Chinese tech companies.

From Security to Connectivity: China’s Shifting Global Data Governance Focus

China’s new Global Cross-Border Data Flow Cooperation Initiative marks a significant evolution from its earlier Global Initiative on Data Security (GIDS), introduced in September 2020. While both initiatives address global challenges surrounding data governance, their priorities reflect China’s shifting economic and strategic goals.

Emerging as a direct counter to U.S.-led frameworks such as the Clean Network program, the GIDS focused on addressing concerns over government access to data without host-country approval, the use of technology for unauthorized surveillance, and the misuse of personal data. By contrast, the 2024 Initiative pivots toward facilitating cross-border data flows. This shift reflects a more pragmatic and economically driven approach, aligning with China’s evolving priorities, including enhancing digital trade and supporting Chinese companies’ global expansion.

APEC and the Global Cross Border Privacy Rules Frameworks

Chinese President Xi’s launch of the initiative at APEC highlights complexities related to establishment of global data governance framework, particularly the APEC Cross-Border Privacy Rules (CBPR) system. CBPR is a voluntary, enforceable, international, accountability-based system that facilitates privacy-respecting data flows among member economies. Compliance professionals, however, should monitor changes in the voluntary nature of the framework.

CBPR is one of the few data transfer frameworks and certification processes in the world. In contrast to the European Union’s use of “adequacy determinations” to essentially force other countries to enact their own version of the EU’s General Data Protection Regulation, CBPR does not require members to harmonize their data privacy laws. 

In 2022, the United States and several other APEC members decided to take CBPR out of APEC in creating a Global CBPR. These countries did this, in part, due to China’s opposition to the growth and reform of the initiative within APEC. But the United States and others wanted to create a Global CBPR for broader reasons, mainly to establish a principles- and accountability-based framework that supports privacy-respecting data flows and a shared sense of trust at a global level. Global CBPR members include Australia, Canada, Japan, Korea, Mexico, the Philippines, Singapore, Chinese Taipei, and the United States. The United Kingdom, Mauritius, Dubai, and Bermuda are all associate members as they consider joining.

China’s Domestic Data Governance Approach

Despite the call in China’s 2024 Initiative for non-discriminatory data policies, there are concerns over China’s domestic approach to data governance, which includes measures such as restrictions on data flows and government access to data. Chinese laws like its broad Cybersecurity Law and Data Security Law, but also various sectoral laws and regulations, require firms to store certain types of data within its borders (a concept known as “data localization”). The European Data Protection Board’s report on government access to data in third countries highlights the extensive powers that Chinese authorities have over data. These perspectives illustrate the challenges China faces in reconciling domestic regulations with its global advocacy for open data flow.

China’s Evolving Data Governance Landscape and Economic Motivations

Over the past few years, China’s regulatory stance on cross-border data transfers has evolved. Cross-border data transfers were once subject to stringent scrutiny in China, including pre-transfer security assessments. However, China has made a concerted effort via recent regulatory adjustments to narrow the impact of restrictions to specific sensitive data categories, such as important data, core data, or national secrets, and sensitive data processors like “Critical Information Infrastructure Operators” and large internet platforms.

These changes reflect a growing recognition of the need to balance China’s security concerns with economic imperatives. Restrictions on cross-border data transfers have a chilling effect on investment by foreign firms, particularly data-intensive businesses. In the first half of 2024, foreign direct investment in China reached $69.93 billion, a 29 percent decrease from 2023. Another motivation for China’s efforts to enact data governance changes is that many Chinese companies are expanding their global operations, which means they benefit from cross-border data flows. China’s initiative tries to at least signal that it wants to strike a better balance to promote the transfer of non-sensitive data and provide exemptions for certain types of data transfers to avoid stifling innovation and foreign digital trade and investment.

Geopolitical and Trade Considerations

China’s 2024 Initiative has geopolitical implications beyond the United States. By advocating for free data flows, China seeks to position itself as a supporter of global digital free trade. The new initiative also aligns with its broader goals, including applications to join the Comprehensive and Progressive Agreement for Trans-Pacific Partnership (CPTPP) and the Digital Economy Partnership Agreement (DEPA). The Initiative’s reference to digital free trade zones and the negative list system is an attempt to showcase China’s commitment to liberalizing data flows. However, meeting the ambitious commitments set out in the CPTPP and DEPA will require additional efforts.

China’s efforts, thus far, have been met with skepticism from countries like Australia, Japan, Singapore, and New Zealand. These countries point to China’s historically restrictive approach to data flows and argue that letting China join (without further major reforms) could undermine these initiative’s ambitious data-related provisions and commitments.

Implications of the U.S.’s Withdrawal from Digital Trade Negotiations

Ironically, the United States’ decision in October 2023 to withdraw from World Trade Organization negotiations on data flows, data localization, and other digital provisions created opportunities for China to position itself as a constructive stakeholder in the development of international digital trade frameworks. The rationale articulated by the USTR—that the United States requires more space to address domestic policy issues—reveals a similarity with Beijing’s own vision for cyber sovereignty in that it allows broad and discretionary government control over data. U.S. trading partners in the Asia-Pacific were also frustrated about USTR Tai’s lack of action on data flows and digital trade at the Indo-Pacific Economic Framework. It will be a matter of waiting to see if U.S. trading partners find a more thoughtful and receptive partner on digital trade in the second Trump administration. They’ll also be looking to see if the Trump administration keeps or revises the various data- and cloud-related national security executive orders given how these impact U.S. digital trade and data policy.

Conclusion: Navigating U.S.-China Data Flows and Digital Trade Will Likely Get Even More Complicated

China’s global initiative on cross-border data-flow cooperation is both a tit-for-tat response to U.S. restrictions and an effort to advance its global trade and technology interests. It encapsulates the complex dynamics of global data governance and trade. While it aims to position China as a proponent of digital free trade and liberal data flows, its own domestic data governance practices and the geopolitical context suggest more strategic motives. As the global digital economy continues to evolve, the interplay between national security, economic interests, and international cooperation will shape the future of data governance. China’s Initiative is a significant development in this ongoing narrative, reflecting both the enormous challenges and opportunities in achieving a balanced and open global data governance and digital trading system. It also raises multiple questions and issues that the second Trump administration will need to answer and address.