China is building a data exchange, outsourcing governance through the Digital Silk Road, and treating data as a national asset – not a right to privacy.
The TL;DR
China regards data as a factor of production, not a right to privacy or a business asset, and is building an economic infrastructure around it: regulated data exchange, 30+ new standards expected by 2026, and the Digital Silk Road that exports governance structures around telecommunications hardware to developing countries. The EU spent a decade making GDPR the global benchmark for data protection, but China’s model offers something Brussels can’t: the roads, cables, data centers, and exchanges needed to make the data economy work. A country that builds infrastructure may set the standard.
The European Union treats data as a right to privacy. The United States considers it a business asset. China considers it a factor of production, a national economic resource in terms of land, labor, capital, and technology. That difference, which sounds like something to say, produces a data management framework that is structurally different from anything created by Brussels or Washington, and it’s a Chinese model, not a European one, that many developing countries are paying close attention to.
Since late 2025, Beijing has pursued what it calls “AI-plus”, a powerful strategy for the adoption of AI in all industries that have data at its core. The National Data Administration, which was created in 2023, organized three national conferences on data work and designated seven states as Pilot Zones for the Development of the Digital Economy. More than 30 new standards covering public data, data infrastructure, AI agents, high-quality data sets, and data cataloging are expected to be released by 2026. China doesn’t just control data. Build an entire economic infrastructure around it.
The outline
China’s data management is based on what legal experts call “3+1=4”: three core laws, the Law on Cybersecurity, the Law on Data Security, and the Law on Personal Information Protection, and one administrative regulation, the Regulation on Network Data Security Management, which is implemented through four sets of specific laws. The framework establishes a layered system of cross-border data flow where the identity of the data processor, the type of data involved, and the scale of the external transfer determine which of the three main transfer methods are applicable: security checks, standard contractual arrangements, or personal information protection certification.
The PIPL, which became fully operational in November 2021, is often compared to the GDPR. Comparisons are misleading. GDPR prioritizes individual rights and transparency under a democratic legal framework. PIPL prioritizes national sovereignty and national security under a governance model where the state’s interest in data control takes precedence over the individual’s right to privacy. Both laws govern data. They control it for very different purposes.
💜 for EU tech
The latest talk from the EU tech scene, a story from our genius founder Boris, and some incredible AI art. It’s free, every week, in your inbox. Register now!
The EU AI law came into force with the aim of setting a global standard for managing AI, and its approach, risk-based classification, transparency requirements, and protection of fundamental rights, reflects the same philosophy that produced the GDPR: human rights first, economic utility second. The Chinese framework is changing what matters. Economic utility first. State security is second. Third party rights. The question is which order the world will accept.
Exchange
The most distinctive feature of China’s approach is its creation of data exchanges: regulated markets where data is bought and sold as a commodity. Shanghai, Shenzhen, Beijing, Guiyang, and Guangzhou all operate data exchanges where companies and government agencies list data products, negotiate prices, and perform operations under common terms. The Shanghai Data Exchange has listed more than 5,000 data products by 2025. The combined trade volume of all major Chinese markets was valued at 87.7 billion yuan in 2022 and is expected to reach 515.6 billion yuan in 2030.
No comparable infrastructure exists in Europe or the United States. The EU’s Data Act develops new rules to give users more control over data from connected devices, but does not create a marketplace for trading that data. The American approach leaves data transactions almost entirely to private markets, with no federal data exchange infrastructure and no national data management equivalent to China’s NDA. China is building the pipeline for a data economy that treats information as a tradable commodity, complete with exchanges, pricing mechanisms, standardized contracts, and legal oversight. It is the only major economy to do so on a national scale.
Export
China’s Digital Silk Road, which is the technical arm of the Belt and Road Initiative, has signed digital cooperation agreements with more than 16 countries and is building telecommunications infrastructure, data centers, submarine cables, and 5G networks throughout Southeast Asia, Central Asia, Africa, and Latin America. The infrastructure is compatible with the management model. Countries that adopt Chinese-built digital infrastructure often use Chinese-influenced data management frameworks, not because Beijing wants them to but because the technology and regulatory assumptions are designed to work together.
The Cyberspace Administration of China has provided training to partner countries on Internet monitoring, content management, and data management. Chinese technology companies operating in Belt and Road countries are required by Chinese law to store certain data on servers in China and submit it to security inspections, creating a de facto system of data autonomy that flows toward Beijing. The European Digital Networks Act attempts to create a competitive digital infrastructure, but does so within a framework that prioritizes interoperability and openness. The Chinese approach prioritizes control and integration with its digital ecosystem.
For developing countries choosing between governance models, the Chinese approach has practical advantages. It comes with infrastructure funding. It comes with effective and affordable technology. It comes with training and institutional support. The GDPR, in contrast, is a regulatory framework without an infrastructure system. It tells countries how to manage data but does not help them build networks to collect, store, and process it.
The competition
The European AI consortium launched an open LLM to challenge the US-China duopoly, and the three-way competition between American, European, and Chinese approaches to data acquisition and AI governance is now one of the defining features of global technology policy. The American model relies on corporate self-regulation and industry-specific regulations. The European model relies on total control and individual rights. The Chinese model relies on national guidance, data markets, and data management as national infrastructure.
Each model has blind spots. The American approach leaves people with less protection and creates a fragmented regulatory environment that varies from region to region. The European approach imposes compliance costs that disadvantage small companies and has been criticized for stifling innovation. The Chinese approach concentrates the power of data on the government and raises legitimate concerns about surveillance, censorship, and the use of data management as a tool of political control.
The UK’s data reform bill deviates from the GDPR, suggesting that even within Western democratic culture, the European model is not holding up as a universal standard. Countries buy data management structures that match their economic conditions, political systems, and development priorities. The Chinese model, which provides a complete package of infrastructure, technology, regulations, and institutional support, is a compelling option for governments that want to build a digital economy without importing European legal philosophy or American corporate governance.
Poles
The question of which data management model exists is not an abstract one. It determines who controls the AI training data that will power the next generation of language models, autonomous systems, and decision-making algorithms. It determines whether data flows freely across borders or pools in national reserves. It determines whether people have reasonable control over their personal information or whether that control rests with states and companies. China’s model, with its data exchange, its management of data as a factor of production, and its integration of governance and infrastructure, is designed to ensure that China has access to the world’s largest, most organized, and most controllable data pools. When other countries use the same framework, those pools are connected under standards influenced by China.
The EU has spent ten years building the GDPR into a global benchmark. It has succeeded in making privacy-by-design a standard that technology companies around the world must adopt. China is trying something very ambitious: not just to set rules for how data is protected, but to build the economic infrastructure for how data is valued, traded, and used as a national asset. The world may not follow China’s political system. But it may adopt the Chinese framework for data management, because it is the only one that comes with the roads, cables, data centers, and exchanges needed to make it work. In data management, like so much else, the country that builds the infrastructure sets the standard.
