China's State Council has issued a comprehensive plan to promote the high-level institutional opening up of the China (Shanghai) Pilot Free Trade Zone (FTZ) by aligning it with high-standard international economic and trade rules.

The free trade zone will take the lead in establishing institutional systems and supervision models that align with high-standard economic and trade rules, and move to build itself into a national demonstration zone for institutional opening up.

A total of 80 measures, covering seven areas, were outlined in the plan including initiatives to facilitate trade in goods and services, promote digital trade and enhance intellectual property rights (IPR) protection, among others.

High-standard digital trade rules will be implemented in the Shanghai FTZ, according to the plan. The FTZ will explore a mechanism for legal, safe and convenient cross-border data flow, accelerate efforts to empower industries with digital technology and foster new competitiveness in digital trade.

Prof. Yanqing Hong from the Beijing Institute of Technology, a respected Chinese data law scholar, conducted a quick analysis of the data part of the plan. He used to contribute to the drafting of numerous Chinese data laws.

II. Accelerating the Expansion of Trade in Services

(2)Financial Services

2.Under the framework of the national system for the management of cross-border data transmission security, financial institutions are allowed to transfer the data necessary for their daily operations to overseas locations. In cases involving the outbound transfer of financial data, regulatory authorities may adopt regulatory measures based on national security and prudential principles, while ensuring the security of important data and personal information.

In this measure, the first sentence is easily understandable and represents a typical logic of economic and trade clauses. The emphasis lies in the second sentence, “regulatory measures based on national security and prudential principles.” How should we understand this? The answer can be found in the provisions of the Comprehensive and Progressive Agreement for Trans-Pacific Partnership (CPTPP) regarding the cross-border flow of financial data.

From the provisions of the CPTPP, it can be seen that member countries are allowed to take measures to restrict the cross-border flow of data based on prudential principles. Clearly, national security is another permissible reason for such measures.

(3). Facilitation of Customs Clearance

19.While ensuring data security, support the construction of the Shanghai International Trade “Single Window” for cross-border data exchange systems; adopt internationally recognized standards and accessible open standards to enhance system compatibility and interoperability; through international cooperation, share information, experiences, and best practices in the development and management of data exchange systems, and jointly develop pilot projects for data exchange systems.

Measure 19 is a clause under customs clearance facilitation, focusing primarily on data exchange and standardization during the customs clearance process.

IV. Pioneering the Implementation of High-standard Digital Trade Rules

(1)Cross-border Data Flow

24. Enterprises and individuals may provide data to overseas locations if it is necessary for their business operations and complies with the national requirements for the security management of cross-border data transmission.

25. In accordance with the system of classifying and protecting data, support the Shanghai Pilot Free Trade Zone in taking the lead in developing a catalog of important data. Guide data processors to conduct self-assessment of data export risks and explore the establishment of a legal, secure, and convenient mechanism for cross-border data flow to enhance the facilitation of such flow.

27. Implement a certification system for data security management to guide enterprises in improving their data security management capabilities and levels through certification, and to establish standards or best practices that comply with the requirements for the protection of personal information.

Article 24 is also from the perspective and logic of trade and economic terms, supporting the default legality of cross-border data flows for business operations, provided that they comply with national requirements for the secure management of cross-border data transmission.

Article 25 itself embodies the meaning of Article 21 of the Data Security Law - "Regions and departments should establish a system for the classified protection of data and determine specific catalogs of important data for their respective regions, departments, as well as relevant industries and fields, and give priority protection to the data included in the catalogs." Therefore, the Shanghai Free Trade Zone is able to establish a catalog of important data.

Article 27 encourages the implementation of certification in data security and personal information protection.

(3) Open Data Sharing and Governance

33. Establish a sound data sharing mechanism to support enterprises in legally and compliantly sharing data, promoting innovation in big data applications. Support the establishment of international open source promotion institutions and participation in the construction of the global open source ecosystem. Support the exploration of data trading services, construction of key infrastructure for data trading and circulation with the transaction chain as the core, creation of innovative platforms for the circulation of data elements, and the formulation of standards and rules for the registration of data and software assets.

34. Expand the scope of government data openness, clarify the ways to access and use public data, and publish a catalog of open data sets. Explore the development and utilization of public data, and encourage the development of products and services based on data sets.

These provisions are largely derived from the Notice of the General Office of the Shanghai Municipal People's Government on Printing and Distributing the "Action Plan for Promoting the Innovative Development of Data Factor Industry Based on the New Track of Digital Economy (2023-2025)", also known as the "Shanghai Data Twenty Articles".

(2) Patents

43. Protection shall be provided for undisclosed test data of newly approved agricultural chemicals that are marketed and sold in China. Even if another patent for the chemical has expired in China, the protection for the data should continue to be granted for the duration of the data protection period.

This section is a measure to strengthen the protection of experimental data.

VIII. Strengthening Risk Prevention and Control System Construction

76.Establish a risk warning system. Utilize new technologies to enhance regulatory efficiency and employ big data analysis techniques to identify and assess risks. Implement risk-based supervision based on the severity of risks.

77.Strengthen financial risk prevention and control. Financial regulatory authorities shall adopt reasonable measures based on the principle of prudence to protect the legitimate rights of financial consumers and ensure the stable operation of the financial system. Carry out information sharing, regulatory cooperation, and cross-border risk disposal cooperation in accordance with laws and regulations. Enhance the collection, monitoring, and utilization of cross-border payment and settlement data. Ensure effective risk isolation through regulatory innovations such as “sandbox supervision.” Adhere to licensing requirements for financial business operations and strengthen the monitoring and prevention of related risks through risk alerts, risk control indicator calculations, and information reporting.

78.Enhance regulatory recognition and cooperation. Learn from international practices and rules, consider accepting reports from other countries’ regulatory agencies, explore the establishment of a regulatory recognition mechanism, and ensure data exchange, mutual recognition of outcomes, collaborative work, and law enforcement assistance. Establish cooperation mechanisms with overseas cybersecurity institutions to promote the development of global solutions for cybersecurity issues.

This section mainly pertains to provisions regarding the use of data to support risk prevention, risk disposal, regulatory enforcement, and other aspects.