TL;DR
China treats data as a factor of production, not a privacy right or corporate asset, and is building economic infrastructure around it: regulated data exchanges, more than 30 new standards expected by 2026, and a Digital Silk Road that exports governance frameworks along with telecoms hardware to developing countries. The EU spent a decade making GDPR a global benchmark for data protection, but China’s model offers something Brussels can’t: the roads, cables, data centers and exchanges needed to make a data economy work. The country that builds the infrastructure can set the standard.
The European Union treats data as a right to privacy. The United States treats it as a corporate asset. China treats it as a factor of production, a national economic resource on par with land, labor, capital and technology. That distinction, which sounds like an abstraction, is producing a data governance framework that is structurally different from anything Brussels or Washington have built, and it is the Chinese model, not the European one, that much of the developing world is watching more closely.
Since the end of 2025, Beijing has carried out what it calls an “AI-plus” initiative, an aggressive AI adoption strategy across industries with data at the center. The National Data Administration, created in 2023, has organized three national data work conferences and designated seven provinces as Digital Economy Innovation Development Pilot Zones. More than 30 new standards are expected to be published in 2026, covering public data, data infrastructure, artificial intelligence agents, high-quality data sets, and data cataloguing. China does more than just regulate data. It is building an entire economic infrastructure around it.
The framework
China’s data governance is based on what legal professionals call a “3+1=4” structure: three fundamental laws, the Cybersecurity Law, the Data Security Law and the Personal Information Protection Law, plus one administrative regulation, the Regulation on Network Data Security Management, implemented through four sets of specific rules. The framework establishes a layered regime for cross-border data flows in which the identity of the data processor, the type of data involved and the scale of outbound transfers determine which of three main export mechanisms applies: security assessment, standard contractual agreements or personal information protection certification.
The PIPL, which came into full force in November 2021, is often compared to the GDPR. The comparison is misleading. The GDPR prioritizes individual rights and transparency under a democratic legal framework. The PIPL prioritizes state sovereignty and national security under a governance model in which the State’s interest in data control takes priority over the individual’s right to privacy. Both laws regulate data. They regulate it for fundamentally different purposes.
The 💜 of EU technology
The latest rumors from the EU tech scene, a story from our wise founder Boris and some questionable AI art. It’s free, every week, in your inbox. Register now!
The EU AI Law came into force with the ambition of establishing a global standard for AI governance.and its approach – risk-based classification, transparency requirements and protection of fundamental rights – reflects the same philosophy that produced the GDPR: individual rights first, economic utility second. China’s framework reverses that priority. First the economic utility. State security in second place. Third individual rights. The question is what order the rest of the world will adopt.
the exchanges
The most distinctive feature of China’s approach is the creation of data exchanges: regulated markets where data is bought and sold as a commodity. Shanghai, Shenzhen, Beijing, Guiyang and Guangzhou operate data exchanges where companies and government agencies list data products, negotiate prices and execute transactions under standardized terms. The Shanghai Data Exchange listed more than 5,000 data products by 2025. The combined trading volume on China’s major exchanges was valued at 87.7 billion yuan in 2022 and is projected to reach 515.6 billion yuan in 2030.
There is no comparable infrastructure in Europe or the United States. EU Data Law promotes new rules to give users more control over data on connected devicesbut it does not create a market to commercialize that data. The U.S. approach leaves data transactions almost entirely in the hands of private markets, with no federal data-sharing infrastructure or national data management equivalent to China’s NDA. China is building the pipelines for a data economy that treats information as a tradable asset class, with exchanges, pricing mechanisms, standardized contracts and regulatory oversight. It is the only major economy that does so on a national scale.
the export
China’s Digital Silk Road, the technological component of the Belt and Road Initiative, has signed digital cooperation agreements with more than 16 countries and built telecommunications infrastructure, data centers, submarine cables and 5G networks in Southeast Asia, Central Asia, Africa and Latin America. Infrastructure carries with it a governance model. Countries that adopt Chinese-built digital infrastructure often adopt Chinese-influenced data governance frameworks, not because Beijing demands it but because the technology and regulatory assumptions are designed to work together.
The Cyberspace Administration of China has provided training to partner countries on Internet monitoring, content management and data governance. Chinese technology companies operating in Belt and Road countries are required by Chinese law to store certain data on servers in China and undergo security checks, creating a de facto data sovereignty arrangement that flows in the direction of Beijing. Europe’s Digital Networks Act attempts to build a competitive digital infrastructurebut it does so within a framework that prioritizes interoperability and openness. China’s approach prioritizes control and integration with its own digital ecosystem.
For developing countries choosing between governance models, the Chinese approach has practical advantages. It comes with infrastructure financing. It comes with operational and affordable technology. It comes with training and institutional support. The GDPR, by contrast, is a regulatory framework without an infrastructure program. It tells countries how to govern data, but it doesn’t help them build networks to collect, store and process it.
the competition
European AI alliance has launched an open LLM to challenge the US-China duopolyand the three-way competition between American, European and Chinese approaches to data management and AI is now one of the defining features of global technology policy. The US model is based on corporate self-regulation and sector-specific laws. The European model is based on comprehensive regulation and individual rights. The Chinese model is based on state governance, data markets and the treatment of data as national infrastructure.
Every model has blind spots. The US approach leaves people with minimal protection and creates a fragmented regulatory landscape that varies by state. The European approach imposes compliance costs that hurt smaller companies and has been criticized for slowing innovation. The Chinese approach concentrates data power in the state and raises legitimate concerns about surveillance, censorship, and the use of data governance as a tool of political control.
UK data reform bill differs from GDPRsuggesting that even within the Western democratic tradition, the European model does not hold up as a universal standard. Countries are seeking data governance frameworks that fit their economic circumstances, political systems, and development priorities. China’s model, which offers a complete package of infrastructure, technology, regulation and institutional support, is a compelling option for governments that want to build a digital economy regardless of European legal philosophy or American corporate dominance.
What’s at stake
The question of which data governance model prevails is not abstract. Determine who controls the AI training data that will power the next generation of language models, autonomous systems, and decision-making algorithms. Determines whether data flows freely across borders or accumulates in national reservoirs. Determines whether individuals have meaningful control over their personal information or whether that control rests with states and corporations. China’s model, with its data exchanges, its treatment of data as a factor of production, and its integration of governance with infrastructure, is designed to ensure that China has access to the largest, most structured and governable data sets in the world. If other countries adopt the same framework, those groups become interconnected under standards influenced by China.
The EU spent a decade turning the GDPR into a global benchmark. It managed to make privacy by design a standard that technology companies around the world must adapt to. China is trying something more ambitious: not just setting rules for how data is protected, but building the economic infrastructure to value it, trade it, and use it as a national asset. The world may not adopt China’s political system. But it can adopt China’s data governance framework, because it is the only one with the roads, cables, data centers and exchanges necessary to make it work. In data governance, as in many other things, the country that builds the infrastructure sets the standard.
