China’s Data Security Cooperation Initiatives and Their Implications

Wednesday, June 29, 2022

With the launch of its Global Data Security Initiative in 2020 and the recent negotiation of two plurilateral frameworks, one with Arab states and the other with Central Asian economies, China is signaling that it aims to be a standard setter in global data governance, writes Li Xirui of the S Rajaratnam School of International Studies at Nanyang Technological University in Singapore and the Intellisia Institute in Guangzhou. Beijing’s moves, she argues, will intensify the already heated China-US strategic rivalry.

China’s Data Security Cooperation Initiatives and Their Implications

Peering into the future at an ICT and artificial intelligence fair, Jinan: China has begun to put substance onto the concepts outlined in the Global Data Security Initiative announced in 2020 (Credit: Xinhua)

At the recent “China + Central Asia" (C+C5) foreign ministers' meeting, China’s Wang Yi and his counterparts from five Central Asian countries (C5 – Kazakhstan, Kyrgyzstan, Tajikistan, Turkmenistan and Uzbekistan) signed the Data Security Cooperation Initiative of China + Central Asia (C+C5 DSCI). It is the second data security pact that China has inked in the world after it launched the Global Data Security Initiative (GDSI) in 2020; the first was China-League of Arab States (LAS) Cooperation Initiative on Data Security (China-LAS DSCI), which was launched on March 29, 2021.

Some technology analysts have argued that China’s promotion of GDSI slowed down in 2021, but the new cooperation initiative with Central Asia indicates that China is not only still building its global network on data security but it is also becoming clearer and more concrete in setting out the details of cooperation. The C+C5 DSCI puts flesh on the skeleton of the GDSI and builds on the China-LAS DSCI. It also presents more details on China’s construction of its global network on data governance and has major implications for Beijing’s engagement on the issue of global digital governance.

China’s data governance efforts: Adherence to multilateralism? 

First, unlike the previous two initiatives which focused on bilateral and multilateral cooperation centering on China, the C+C5 DSCI mentions the role of the United Nations. In their initiative, China and the C5 recognize the dominant role of the UN in cyber governance. Moreover, they express their support for the establishment of an open-ended ad hoc inter-governmental committee to shape a comprehensive international convention which was decided on in UN Resolution No. 74/247. Although China submitted the GDSI to the UN General Assembly, this is the first time that China has incorporated the UN resolution into its expanding data security cooperation framework outside the structure of the global body.

In addition, the C+C5 DSCI makes it clear that the cooperative framework is based on international law. By explicitly mentioning the UN and international law, China appears to be aiming to integrate and safeguard the UN-centered international system or at least demonstrate that intention. Beijing seems to want to reiterate its commitments to the existing multilateral order, thereby showing that China is a true defender of globalism.

Central Asia and China meeting, 2021: The C+C5 Data Security Cooperation Initiative recognizes the dominant role of the United Nations in cyber governance (Credit: Foreign Ministry of the People’s Republic of China)

Central Asia and China meeting, 2021: The C+C5 Data Security Cooperation Initiative recognizes the dominant role of the United Nations in cyber governance (Credit: Foreign Ministry of the People’s Republic of China)

Second, the previous two initiatives are broad and more about consensus building, but C+C5 DSCI highlights three areas of cooperation:

  • China and the C5 vow to coordinate and cooperate at the national, regional and international levels to prevent and stop cybercrimes and terrorism that involve information and communication technology (ICT). Such an undertaking is an extension of existing cooperation between China and C5 in combating terrorism. It signals that China’s global network on digital governance will be built upon its existing partnerships.
  • Both the GDSI and the China-LAS DSCI only note that countries cannot ask for data transfers without complying with the laws in place in the countries where the data reside. But in the C+C5 DSCI, for the first time China explicitly advocates that enterprises store data in the countries where they operate. This request should be understood as a part of China’s sovereignty-oriented cyber governance approach. Anticipating that China will overtake the United States to become the largest data-generating country in the world by 2025, Beijing needs to have a say in international norms and standard-setting with regard to data by pushing forward its concept of data sovereignty to international audiences. Meanwhile, given the high value of data as “new oil” and its “weaponization” in a world where geopolitical rivalries are intensifying, China urgently needs to make sure that its huge market size and consequent ability to produce a significant amount of data are strengths not weaknesses.
  • China and the C5 vow to explore what they can do together to combat the illegal use of ICT. This implies that China still treats states as the major actors in data governance, even though China welcomes non-state actors such as non-governmental institutions, technical communities and ICT enterprises to join its efforts to promote data security.

Third, the C+C5 DSCI clearly states that China and C5 will explore the possibility of setting out a unified code of ethics to guide suppliers of ICT products and services in their respective countries. In past years, China’s efforts in constructing a Digital Silk Road have concentrated on enhancing infrastructure connectivity. Nowadays, as a part of “contributing Chinese wisdom to world development”, Beijing has made setting international norms and standards on digital governance one of the key goals in its 14th Five-Year Plan for National Informatization. In this context, the C+C5 DSCI is one of the first steps in this effort. Going beyond the international regulations ensuring the security of data and ICT-based business operations, China is more interested in shaping a moral ground on which the digital economy and newly emerging technologies should be regulated, guided by principles of governance as well as plain regulations.

Fourth, the C+C5 DSCI puts more emphasis on the protection of private property and the public interest. For instance, both the GDSI and the China-LAS DSCI assert that ICT enterprises must not force users to upgrade product systems. The C+C5 DSCI, however, adds a precondition: Those companies can push for mandatory system upgrades if it is to protect users’ private property and was in their public interest. The C+C5 DSCI adds that countries should enhance cooperation in combating ICT which threaten national political, economic and social security. With these additional terms, the C+C5 DSCI arguably indicates at least an intention to protect both individual human rights and national security at the same time. It is a manifestation of Xi Jinping’s “holistic view of national security” and an integral part of the country’s Global Security Initiative (GSI).

China’s activism for global digital governance

In recent years, China has focused on global digital governance. The number of Chinese officials in the secretariats of international standard-setting organizations has increased dramatically. China, meanwhile, has actively participated and even led in the negotiation of the Regional Comprehensive Economic Partnership (RCEP), which represents the first attempt to craft a data governance framework without the dominating presence of either the European Union (EU) or the United States. In signing the RCEP, includes a chapter on e-commerce, China has essentially departed from its longstanding hard stance on data sovereignty, making its first-ever commitment to binding prohibitions against the localization of data facilities and data.

Last year, China took further steps in this direction by filing applications for memberships in Comprehensive and Progressive Agreement for Trans-Pacific Partnership (CPTPP) and the Digital Economy Partnership Agreement (DEPA), both of which are known to have even higher standards in their data and digital trade provisions than the RCEP. China’s increasing enthusiasm in existing international standard-setting organizations and the mega-FTAs is part of its efforts to influence the shaping of global digital governance, as demonstrated by Beijing’s launch of the GDSI and its pursuit of the China-LAS DSCI and the C+C5 DSCI.

When China announced the GDSI in 2020, the initiative was more of a broad and vague consensus-building framework which lacked content. Gradually, however, China has started putting substance onto the concepts, with the C+C5 DSCI one of the very first efforts to do so. It thus has important implications for Beijing’s approach to global digital governance.

Smart city system display at big data expo in Guiyang: China will integrate elements relating to data and emerging technologies into existing regional and global cooperative frameworks (Credit: Xinhua)

Smart city system display at big data expo in Guiyang: China will integrate elements relating to data and emerging technologies into existing regional and global cooperative frameworks (Credit: Xinhua)

First, China is intent on showing firm support for UN-based global governance, even with regard to newly emerging technologies. In future, the role of the UN may be given greater emphasis in frameworks of digital governance initiated by Beijing. Its inclusion of data governance in free-trade arrangements and its pursuit of plurilateral data governance frameworks are two parallel lines in the effort to global digital governance.

Second, China will integrate elements relating to data and emerging technologies into existing regional and global cooperative frameworks. In other words, China is willing to tailor the contents of data and broader technology cooperation according to the needs of its partners and the characteristics of existing partnerships such as its cooperative and integrative initiatives with ASEAN such as RCEP.

Third, China will beef up its efforts to set not only international standards and regulations in technology but also norms and ethical principles. Such efforts go beyond the details of the mechanisms it negotiates and are founded on governance ideology, which is more fundamental and critical to how the new technologies and digital economy should be regulated.

Fourth, data sovereignty or cyber sovereignty will still be a major feature of China’s approach in governing digital technologies, both domestically and internationally. Beijing, however, may seek to uphold and promote this principle more smartly and less noticeably. For instance, China is no longer insisting on imposing strict data localization requirements but is advocating the principle of storing data in the countries where the data are generated.

Fifth, at least in the short term, China is unlikely to let non-state actors set the tone for the negotiations over digital governance. Although the Chinese government has been encouraging non-state actors to contribute more to digital governance, they will remain in supporting roles.

Finally, since data security is a pillar of China’s national security, expecting Beijing to make significant changes in the short term in its approach to regulating data flows would not be realistic.

Inspecting servers in Jiujiang: Beijing will beef up its efforts to set not only international standards and regulations in digital governance but also norms and ethical principles (Credit: humphery /

Inspecting servers in Jiujiang: Beijing will beef up its efforts to set not only international standards and regulations in digital governance but also norms and ethical principles (Credit: humphery /

China enters the standard-setting game

Given the significant impact of emerging technologies in geopolitics, digital governance, especially of cross-border data flows, has been a hot playground even before China stepped up its activism in the area. The EU and the United States, for example, have struggled to set the rules for transatlantic data flows for years. Nowadays, China’s ambitions and activities signal that Beijing has joined the game, which the West has dominated so far. Although China has used the EU’s General Data Protection Regulation (GDPR) for reference in many of its own data-governance efforts, it has been accused of promoting so-called “digital authoritarianism”, a third model of data governance and broad digital governance in addition to the EU’s human rights-focused model and the American market-oriented one.

China’s entry into the game has already provoked countermeasures from the West, especially the US, further complicating landscape. In May, while on a trip to Japan, American President Joe Biden announced his administration’s long-awaited Indo-Pacific Economic Framework (IPEF). One of major goals of the IPEF is to build a global network of partners and allies to compete with China’s economic influence and power in the Asia Pacific and beyond.

The IPEF, which now includes the US and 13 other countries in the region, identifies the setting of standards for cross-border data transfers and data localization and addressing issues relating to the connected economy such as privacy, discriminatory and unethical use of artificial intelligence (AI) as one of the initiative’s four major pillars. (The other pillars are supply chains, climate, and taxation and corruption.) This seems designed as a direct response to Beijing’s efforts and its achievements so far in global data and digital governance. With the China-US geopolitical rivalry heating up, Washington’s steadfast advocacy for the free flow of data and its insistence on letting market forces direct data governance will only widen the gap between the two countries on this critical issue.

Opinions expressed in articles published by AsiaGlobal Online reflect only those of the authors and do not necessarily represent the views of AsiaGlobal Online or the Asia Global Institute


Li Xirui

Li Xirui

S Rajaratnam School of International Studies (RSIS), Nanyang Technological University (NTU), and Intellisia Institute

Li Xirui is pursuing doctoral studies at the S Rajaratnam School of International Studies (RSIS) of Nanyang Technological University (NTU) in Singapore. She is also a non-resident research fellow at the Intellisia Institute in Guangzhou, China.

Recent Articles
Recent Articles