By Ruoxin Su, 20 July 2025
In an era where data is the new oil, the rules governing its flow across borders are a critical subject of international debate. China plays a significant role in this debate—a digital powerhouse whose approach to data governance is often viewed through the simplistic lens of control and restriction. However, a recent research paper, "Adaptive Sovereignty: China’s Evolving Legislative Framework for Transnational Data Governance", published by HALL researcher Ruoxin Su in Politics and Governance, invites us to look beyond the pure lens of legislation and appreciate the nuanced, adaptive, and increasingly influential nature of China's strategy for transnational data governance. This blog will introduce the core analysis and viewpoints of this paper, revealing a legislative framework that is far more dynamic and strategic than is commonly understood.
The paper argues that to truly comprehend China's role in shaping transnational data governance, we must move beyond the well-trodden path of analyzing its digital infrastructure exports and the related global implications—which was described as “Beijing effect” by Matthew S. Erie and Thomas Streinz in the paper “ The Beijing Effect: China's 'Digital Silk Road' as Transnational Data Governance”. Instead, the authors direct our attention to the intricate and evolving legal architecture that underpins China's approach to transnational data governance. By examining central-level legislation from 2016 to 2024, the paper uncovers its strategic innovation, and a delicate balancing act between national sovereignty and selective engagement with the global digital economy.
From Data Localization Mandate to a Multi-Layered System
The journey of China's transnational data governance framework begins with the landmark 2016 Cybersecurity Law. This law, often seen as the cornerstone of China's data security regime, established broad principles of cybersecurity and data localization. However, the paper emphasizes that this was just the beginning. Over the past eight years, China has built upon this foundation, creating a multi-layered and increasingly sophisticated legal regime. This paper narrates the legislative evolution as a four‑stage process:
(a) Prior to 2016: legislative vacuum with no specific legal framework governing cross‐border data flows;
(b) From 2016 to 2020: introducing key concepts such as data localization through the Cybersecurity Law and beginning to establish mechanisms for assessing the security of cross‐border data transfers;
(c) From 2021 to 2023: a surge in legislative refinement (including the promulgation of the Personal Information Protection Law, Data Security Law, and several binding rules issued by the Cyberspace Administration of China), characterized by systematic and detailed legal requirements for data protection and cross‐border data governance;
(d) From 2023 to the present: a shift toward a more flexible approach to regulating cross‐border data transfers, signaling potential relaxation in oversight (marked by the promulgation of the Provisions on Promoting and Regulating the Cross-Border Flow of Data in 2024).
This evolution has been characterized by a move away from rigid, one-size-fits-all regulations towards a more flexible and adaptive system in China’s transnational data governance. The paper highlights that this is not a random process but a calculated response to both internal and external pressures. Domestically, China is grappling with the need to foster its burgeoning digital economy while maintaining social and political stability. Internationally, it faces the challenge of integrating with a global data ecosystem that is largely shaped by Western norms and regulations.
The result is a transnational data governance legal framework that balances stringent sovereignty claims with a surprising degree of selective openness—where this paper advances the concept of “adaptive sovereignty”. While China remains firm on its right to control data within its borders, it has also gradually introduced mechanisms that allow for the relaxed cross-border flow of data under specific conditions. This pragmatism is a key feature of China's evolving strategy, allowing it to reap the benefits of global data flows while mitigating the perceived risks.
The Geopolitics of Data: A Pragmatic and Adaptive Approach
The paper argues that China's legislative framework for transnational data governance is not just a matter of domestic policy; it is a key instrument of its geopolitical strategy. In a world where data is a source of economic and political power, the ability to shape the rules of the game is of paramount importance. China's adaptive legal framework is a testament to its ambition to become a major player in this new global order.
This adaptive approach is evident in the way China has responded to the evolving international landscape. For instance, in response to the EU's General Data Protection Regulation (GDPR), China has introduced its own set of data protection standards that, while different in some respects, share a common emphasis on individual data rights. This demonstrates a willingness to engage with international norms while tailoring them to its own national context. Another example is China’s security assessment mechanism for regulating cross-border data flows involving data deemed relevant to national security, critical sectors, or the public interest. This mechanism, rarely seen in the data protection law other jurisdictions, reveals China’s unique concerns in the national data security—specifically, the desire to retain state oversight over information that could affect strategic industries, public governance, or broader geopolitical interests. This approach underscores a risk-based model that prioritizes security and sovereignty, while still allowing for limited and conditional openness when deemed compatible with national objectives.
Furthermore, the paper points to the strategic use of distinctive legal mechanisms as a tool of exerting transnational influence, such as taking reciprocal countermeasure against foreign countries’ discriminatory data protection restrictions and restricting foreign government from accessing personal data stored in China. By gradually developing a comprehensive and sophisticated legal framework for data governance, China is not only regulating its own digital space but also setting a precedent for other countries to follow. This is particularly true for developing nations that are looking for a model of data governance that balances economic development with national security.
Redefining the "Beijing Effect"
The concept of the "Beijing effect", originally developed by Matthew S. Erie and Thomas Streinz, has been used to describe China's growing influence on the global digital landscape through the export of its digital infrastructure and surveillance technologies, especially through the Digital Silk Road. However, the authors of the paper propose a significant expansion of this concept, arguing that an equally important vector of influence lies in China’s evolving legal architecture of transnational data governance. This can be understood as a legislative dimension of the “Beijing effect”. It recognizes that China is not just a cross-border provider of digital hardware but also a purveyor of ideas and models for data governance.
While China’s model continues to emphasize state‐led data sovereignty, its recent legislative adjustments suggest a more adaptive strategy that accommodates global trade and technological collaboration. As such, the “Beijing effect” should be viewed as a dynamic, evolving framework, with China’s legislative approach serving as both a response to international regulatory competition and a proactive tool for shaping global data governance norms. By actively shaping the legal and regulatory environment, China is subtly but surely influencing the future of the global digital ecosystem.
(The cover image was created by ChatGPT.)
