TL; DR
China treats data as a factor of production, not as a privacy right or a corporate asset, and is building an economic infrastructure around it: regulated data exchange, more than 30 new standards expected by 2026, and a Digital Silk Road exporting governance frameworks alongside telecommunications equipment to developing countries. The EU spent a decade making GDPR the global benchmark for data protection, but China’s model offers something Brussels can’t: the roads, cables, data centers and exchanges needed to make the data economy work. The standard can be determined by the country building the infrastructure.
The European Union treats data as a right to privacy. The United States treats it as a corporate asset. China treats it as a national economic resource, along with factors of production, land, labor, capital and technology. This distinction, which sounds like an abstraction, creates a framework for data governance that is structurally different from anything Brussels or Washington have built, and it is the Chinese model, not the European model that much of the developing world follows most closely.
Since the end of 2025, Beijing has been pursuing what it calls the “AI-plus” initiative, an aggressive AI deployment strategy across data-centric industries. The National Information Administration established in 2023 organized three national information work conferences and designated seven provinces as Digital Economy Innovation Development Pilot Zones. More than 30 new standards are expected to be released in 2026, covering public data, data infrastructure, artificial intelligence agents, high-quality datasets, and data cataloging. China doesn’t just regulate data. It builds an entire economic infrastructure around it.
Frame
China’s information management is based on what legal practice calls the “3+1=4” structure: three main laws, the Cyber Security Law, the Data Security Law and the Personal Data Protection Law, plus one administrative regulation, the Network Data Security Management Regulation, implemented through four specific sets of rules. The framework establishes a layered regime for cross-border data flows, where the identity of the data processor, the type of data involved and the scale of the outbound transfers determine which of three main export mechanisms apply: security assessments, standard contractual agreements or personal data protection certification.
The PIPL, which came into full force in November 2021, is often compared to the GDPR. The comparison is wrong. GDPR prioritizes individual rights and transparency within a democratic legal framework. PIPL prioritizes state sovereignty and national security under a governance model where the state’s interest in data control trumps the individual’s right to privacy. Both laws regulate data. They regulate it for radically different purposes.
💜 of EU technology
The latest rumblings from the EU tech scene, a story from our wise founder Boris and some questionable AI art. Free in your inbox every week. Register now!
EU AI law launched with ambition to set global standard for AI governanceand its approach, risk-based classification, transparency requirements and protection of fundamental rights reflect the same philosophy that created the GDPR: individual rights first, economic benefit second. China’s framework subverts this priority. First of all, economic benefit. Second state security. Individual rights third. The question is what order the rest of the world will adopt.
Exchanges
The most distinctive feature of China’s approach is its creation of data exchanges: regulated markets where data is bought and sold as a commodity. Shanghai, Shenzhen, Beijing, Guiyang, and Guangzhou operate data exchanges where companies and government agencies list data products, negotiate prices, and conduct transactions on standard terms. Shanghai Data Exchange has listed more than 5,000 data products by 2025. The total trading volume of China’s major exchanges is estimated at 87.7 billion yuan in 2022 and is projected to reach 515.6 billion yuan by 2030.
There is no similar infrastructure in Europe or the United States. The EU’s Data Act introduces new rules to give users more control over the data they receive from connected devicesbut it does not create a market for trading this data. The American approach leaves data transactions almost entirely to private markets, with no federal data sharing infrastructure and no national data governance equivalent to China’s NDA. China is plumbing for an information economy that treats information as a tradable asset class, complete with exchange, pricing mechanisms, standardized contracts and regulatory oversight. It is the only major economy to do so nationally.
Export
China’s Digital Silk Road, the technological component of the Belt and Road Initiative, has signed digital cooperation agreements with more than 16 countries and built telecommunications infrastructure, data centers, submarine cables and 5G networks across Southeast Asia, Central Asia, Africa and Latin America. Infrastructure carries with it a management model. Countries that adopt Chinese-built digital infrastructure often adopt Chinese-influenced data governance frameworks not because Beijing demands them, but because the technology and regulatory assumptions are designed to work together.
The Cyberspace Administration of China has conducted training on internet monitoring, content management and data management for partner countries. Chinese technology companies operating in the Belt and Road countries must, under Chinese law, store certain data on servers in China and submit it to security inspections, creating a sovereignty regulation of the actual data moving toward Beijing. The European Digital Networks Act seeks to create a competitive digital infrastructurebut it does so within a framework that favors interoperability and openness. China’s approach prioritizes control and integration with its own digital ecosystem.
For developing countries choosing between governance models, the Chinese approach has practical advantages. It comes with infrastructure funding. It comes with functional and affordable technology. It comes with training and institutional support. GDPR, by contrast, is a regulatory framework without infrastructure software. It tells countries how to manage data, but does not help them build networks to collect, store and process it.
Competition
Europe’s artificial intelligence alliance has launched an open LLM to challenge the US-China binaryand the three-way competition between American, European, and Chinese approaches to data and AI governance is now one of the defining features of global technology policy. The American model is based on corporate self-regulation and sector-specific laws. The European model is based on comprehensive regulation and individual rights. The Chinese model is based on state direction, data markets, and the treatment of data as national infrastructure.
Every model has blind spots. The American approach leaves individuals with minimal protections and creates a fragmented regulatory landscape that varies by state. The European approach imposes compliance costs that disadvantage smaller companies and has been criticized for slowing innovation. The Chinese approach concentrates data power in the state and raises legitimate concerns about the use of data management as a tool for surveillance, censorship, and political control.
The UK data reform bill is different from the GDPReven suggested that the European model does not hold as a universal standard within the Western democratic tradition. Countries shop for information management frameworks that fit their economic circumstances, political systems, and development priorities. Offering a complete package of infrastructure, technology, regulation and institutional support, the Chinese model is an attractive option for governments looking to build a digital economy without importing European legal philosophy or American corporate dominance.
stakes
The question of which information management model is dominant is not abstract. It defines who controls the AI training data that will power the next generation of language models, autonomous systems and decision-making algorithms. It determines whether data flows freely across borders or pools in national reservoirs. It determines whether individuals have meaningful control over their personal data, or whether that control rests with states and corporations. By sharing information, treating data as a factor of production, and integrating management with infrastructure, the Chinese model is designed to provide China with access to the world’s largest, most structured, manageable data pools. If other countries adopt the same framework, these pools are interconnected according to Chinese-influenced standards.
The EU has spent ten years making GDPR a global benchmark. It has succeeded in making privacy by design a standard that technology companies around the world have to adopt. China is attempting something more ambitious: not just setting the rules for how to protect data, but also building the economic infrastructure for how data is valued, traded, and positioned as a national asset. The world may not accept China’s political system. But it can adopt China’s data management framework because it is the only system that comes with the roads, cables, data centers and exchanges needed to make it work. In data management, as in many other areas, the country that builds the infrastructure sets the standard.
