Other BriefingsData as Intellectual Property in China: Legal Developments and Regional Pilots
China is establishing a state-led framework recognizing processed data as a new form of intellectual property (IP), enabling its registration, licensing, and commercialization through formal exchanges. This approach promotes data as a strategic asset while balancing innovation with stringent security and privacy regulations across industries.
In the digital economy, data has become one of the most valuable resources, driving innovation, shaping business strategies, and fueling emerging technologies such as artificial intelligence (AI), cloud computing, and the Internet of Things (IoT). As enterprises and governments increasingly recognize the economic potential of data, the need for clear legal frameworks to govern its ownership, use, and monetization has become a central concern.
China, one of the world’s largest generators and consumers of data, is at the forefront of this global shift. The country is rapidly developing a unique governance architecture to treat data not only as a strategic resource but also as a new category of asset with proprietary value. From policy experimentation in pilot zones to legislative efforts and judicial guidance, China is carving out a path that aims to define data as a form of IP, complete with rights, responsibilities, and commercial potential.
This article explores how China is reframing data as a new type of IP asset. It examines key legal and regulatory developments shaping this transformation, including judicial opinions and draft legislation, while assessing the opportunities and challenges for businesses looking to commercialize data within China’s evolving framework.
Conceptualizing data as intellectual property in China
In traditional IP regimes, rights attach to inventions, creative works, brand identifiers, patents for novel technologies, copyrights for literary works, or trademarks for distinctive logos. Raw data, by contrast, is simply a collection of unstructured facts (sensor readings, transaction logs, or user clicks) that, on its own, lacks the “inventiveness” or “expression” needed to qualify for patent or copyright protection.
To fill this gap, China’s pilot regulations have introduced a sui generis data property rights regime that treats certain datasets as registrable assets. Under Beijing’s Measures for the Registration of Data Intellectual Property (Trial), for example, any “undisclosed dataset that has undergone processing according to specific rules” can be registered with the municipal IP office, conferring usage rights, such as the ability to license, transfer, or pledge the data, without requiring novelty in the patent sense or creativity in the copyright sense.
This new framework draws a clear distinction between three stages of data value creation. Raw data is the unfiltered output from machines or systems—say, a stream of temperature readings or a log of e-commerce clicks.
Once cleaned, structured, anonymized, or aggregated, it becomes processed data, ready for analysis or AI training.
The final step produces data products: value-added insights or services such as real-time traffic forecasts, consumer behavior analytics, or predictive maintenance alerts that can be commercialized under China’s data property-rights regime.
By recognizing processed datasets as intangible assets, China aims to encourage companies to invest in data cleaning and enrichment, knowing they can secure legal certificates to monetize the results.
China’s approach to data in global comparison
Globally, China’s approach sits between the European Union (EU)’s regulator-driven sharing model and the United States (US) market-based patchwork of sectoral rules. The EU’s Data Governance Act (2022/868) focuses on boosting cross-sectoral data sharing—especially of public-sector datasets—by accrediting “data intermediaries” and imposing transparency requirements, while leaving personal data under the General Data Protection Regulation.
In the US, there is no unified data-as-property registry; instead, data governance relies on a mix of federal and state laws—HIPAA for health information, the Gramm-Leach-Bliley Act for financial data, and the California Consumer Privacy Act for broader privacy rights—together with private contracts and industry standards.
The key contrasts are clear. China’s pilot data-IP regimes create a formal registration process, backed by state agencies—the National Data Administration, China National Intellectual Property Administration (CNIPA), and local governments— that grants certifiable usage rights to processed datasets. The EU prioritizes public-sector data reuse through regulated intermediaries, and the US relies on market forces, bespoke contracts, and sectoral regulators.
As a result, China’s model is uniquely state-led, mirroring its broader digital governance philosophy, while still seeking to unlock commercial value by treating refined datasets as a new category of intangible asset.
Local pilot initiatives
At the local level, pilot programs are giving shape to China’s emerging “data property rights” framework. Initially launched in eight provinces and cities—including Beijing, Shanghai, Jiangsu, Zhejiang, Fujian, Shandong, Guangdong, and Shenzhen—the “data as IP” initiative has since been expanded to nine additional regions, including Tianjin, Hebei, Shanxi, Anhui, Henan, Hubei, Hunan, Guizhou, and Shaanxi.
Approaches vary across jurisdictions, with differences in how data IP is defined, the conditions for registration, the review processes, and the legal effect of registration.
In Shenzhen, the Development and Reform Commission’s Interim Measures on Data Property Rights Registration (effective July 2023) establishes a formal “data property rights” registry. This system creates a “structured framework for data ownership” and promotes open data flow by protecting legitimate rights and facilitating transactions.
Registered data products are reviewed by approved “registration institutions” and overseen by a multi-agency supervisory mechanism, ensuring that data listings are vetted and tracked.
Shenzhen’s measures explicitly aim to treat data assets like other intangible property, by issuing certificates that entitle the holder to use the data and earn profits from it, and even to trade or pledge those rights.
Beijing has taken a parallel approach via its Measures for the Registration of Data Intellectual Property (Trial, 2023). There, the municipal IP Office (representing CNIPA) allows both “data holders” and “data processors” to register protected datasets. Under Beijing’s trial rules, a registered dataset must be “certified or notarized” and undisclosed, but no substantive ownership vetting is done – the mere fact of registration grants rights.
Crucially, Beijing’s framework “downplays data ownership and emphasizes data usage rights”: once registered, data IP certificates can be traded, licensed or used as collateral, with changes logged through mergers or transfers. In practice, this means a company that compiles or refines a valuable database can obtain a certificate to prove its rights, helping to onboard the data to markets or secure financing.
Likewise, Zhejiang province has pioneered its own model: a June 2024 provincial Data IPR Reform Guideline (the first of its kind outside Beijing) sets ambitious targets – over 10,000 data IPRs registered (worth about RMB 5 billion or US$696.5 million) by the end of 2024, scaling to 30,000 (RMB 20 billion or US$2.78 billion) by 2027.
Zhejiang’s plan enumerates 20 supporting measures (covering data valuation, income-sharing, and financial support, among others) under the ethos that “those who contribute will benefit”. In sum, these local pilots are weaving a patchwork of “data asset” rules that treat well-managed datasets as capital, separate from raw ownership.
Registration content and procedures
From the perspective of registration requirements, applicants must submit a registration form along with supporting documentation. For example, in Beijing’s data IP registration system, the registration form requires details such as the name of the data object, industry sector, application scenario, data source and formation date, structure and scale, update frequency, algorithmic rules, evidence of data notarization or certification, sample data, and a letter of commitment.
Shanghai’s system for registering data product IP imposes additional requirements. In addition to basic information—such as the application form, product overview, and application scenario—applicants must also provide an explanation of the substantive processing and innovative work performed on the data, a statement of IP ownership, and a declaration that the data product does not involve state secrets, infringe on personal information, or violate third-party IP rights.
Regarding eligible applicants, the registration entities are typically those who hold or process the data, including natural persons, legal entities, or unincorporated organizations. Registration can be submitted directly by the data holder or through authorized intermediaries, such as law firms, IP agencies, or data companies.
It is worth noting that requirements for notarization or certification before registration vary across pilot regions. For example, under Shanghai’s rules, pre-registration notarization is not mandatory. Instead, once an application passes review, the Shanghai IP Office stores the registered data on a blockchain and issues an official certificate.
Review mechanisms
Currently, most pilot regions conduct formal (procedural) reviews of registration applications. While some do not explicitly state this, their review is limited to verifying the completeness of submitted materials—indicating a focus on formal rather than substantive review. This is the case in places like Jiangsu and Guizhou.
Only Shandong and Hunan have introduced substantive reviews. Shandong uses a two-stage process: a preliminary review by the data IP platform, followed by a secondary review by the IP protection center. Hunan applies a hybrid model combining formal review and checks for “obvious substantive defects.”
As for Shanghai, its local rules indicate that a dedicated review guide will be developed to standardize application evaluation—though this has not yet been released. Notably, Shanghai has also formed a specialized review team of over 70 professionals to conduct data IP application reviews, making it the first city in China to implement such a specialized structure.
Legal effect of registration
Among the pilot regions, only Guangdong and Shanghai do not explicitly define the legal effect of data IP (or data product IP, in Shanghai’s case) registration in their local regulations. The remaining pilot regions make some reference to the legal value or evidentiary effect of registration certificates, although the wording is typically simple and varies in clarity.
- In regions such as Zhejiang, Tianjin, Jiangsu, Shaanxi, Hebei, Hubei, Guizhou, and Henan, the registration certificate serves as preliminary proof of data ownership or rights.
- Jiangsu and Hubei go further by specifying that the certificate can be rebutted with contrary evidence.
- Other regions—like Beijing, Shandong, Hainan, Anhui, Shanxi, and Hunan—do not define the certificate’s legal effect but emphasize its use as preliminary evidence in administrative law enforcement, judicial proceedings, or legal supervision.
- Hubei, in particular, stipulates that registered certificates also have a public notice effect, and that unregistered data IP cannot be asserted against bona fide third parties.
Data commercialization pathways
The Chinese government actively encourages data sharing and reuse, especially of public-sector data. New national regulations (effective August 1, 2025) compel government departments to plug into a unified “big data system” and prohibit redundant data collection.
Under these rules, when an agency needs certain information, it must retrieve it from existing shared platforms rather than re-survey citizens. The department requesting data is held responsible for maintaining its security during use. This policy underscores that government data – from urban planning to health registries – is to be treated as a common asset to improve services, not hoarded in silos.
Simultaneously, China is expanding public-private data partnerships. For example, initiatives like “China Data Valley” and regional data ports invite tech firms to collaborate with municipalities on sharing industrial and AI training data.
Even international cooperation is on the table: Shanghai’s government recently announced that its Data Exchange is teaming up with global alternative data platforms (such as BattleFin) to create a “secure and efficient bridge” for overseas companies to trade data in China. Shanghai aims to broaden its exchange’s scope with more overseas data, facilitating two-way data flows that “advance the internationalization of China’s financial markets”.
China’s data exchange platforms are at the forefront of commercialization. In cities like Shanghai, Shenzhen, Guiyang, and Guangzhou, official exchanges serve as intermediaries that list, certify, and transact data products. These exchanges vet data sources, verify that sellers have the proper rights, and even perform due diligence on data quality.
Notably, the Shenzhen Data Exchange has begun linking data assets to finance: in 2023, it brokered a loan from China Everbright Bank to an AI firm (Shenzhen Weiyan Technology) using the company’s data products as collateral. This deal – facilitated by an ecosystem of lawyers, valuers, and IT auditors around the exchange – illustrates how registered data can become recognized capital. Exchanges also address pricing: Chinese regulators are working with experts to develop valuation methods (such as calculating the cost of data collection versus its expected future revenue) and testing them in live markets. Some exchanges even offer third-party services (blockchain timestamping, compliance audits) to build trust, a critical factor given the opaque history of “data silos” in China.
Impact across industries
Across industries, the impacts vary.
In healthcare, personal medical data is highly regulated: PIPL explicitly designates health records as sensitive information requiring patient consent. Hospitals and biotech firms must balance innovation (for instance, AI diagnostics, population health analytics) with tight privacy controls. Meanwhile, the government has launched centralized health-data systems (such as the National Health Big Data Center) to improve care and insurance planning – but those initiatives must now comply with China’s new privacy laws.
In financial services, data controls are intensifying. In December 2024, China’s newly formed financial regulator (NFRA) issued stringent data-security rules for banks and insurers. These Measures classify financial data into tiers (“core”, “important”, “sensitive”) aligned with the national framework, and effectively require almost all financial institutions (including branches of foreign banks) to follow heavy data-security protocols.
Separately, fintech firms and data aggregators are partnering with data exchanges to monetize nontraditional data: for example, alternative datasets (like consumer transaction trends or mobility patterns) are now being sold to Chinese asset managers via platforms such as Shanghai’s and Shenzhen’s exchanges.
In smart cities and IoT, municipal governments leverage shared data on traffic, utilities, and citizen services under integrated systems. New national rules mandate that city departments tap public data platforms rather than duplicate data collection. Technology companies building urban AI, 5G, and satellite networks can thus access vast public data pools – but must rigorously encrypt it and follow security review procedures in case the data is deemed “important” or personally identifiable.
Finally, AI is a cross-cutting case study. Chinese tech giants are racing to train large models, and the government is already drafting standards for “data annotation security” and secure pre-training datasets. However, sourcing massive amounts of proprietary or personal data raises compliance hurdles. In essence, each sector sees a tension: data-driven growth versus new legal constraints.
Challenges and uncertainties
These ambitious reforms come with major challenges and uncertainties.
First, the very nature of “data property” remains unsettled. As one analysis notes, data is a “semi-public good” and rights are ambiguous, so transactions were long in a legal limbo.
Only with the 2022 20 Data Measures did Beijing articulate a framework dividing data rights into three layers – ownership of resources, rights to process/use, and rights to commercialize. This creates a basis for registration, but gray areas persist (for example, who owns data generated jointly by a city and a tech provider?). Courts and regulators currently apply a patchwork of laws (IP, anti-unfair competition, security laws) case-by-case, so businesses face uncertainty about what protections truly apply.
Second, compliance risks are real. Violating Data Security Law (DSL, 2021) or the Personal Information Protection Law (PIPL, 2021) can trigger heavy penalties (fines up to RMB 50 million (US$6.965 million) or five percent of turnover, plus business suspension) and even criminal liability for data crimes.
Companies must navigate overlapping authorities—such as the National Data Administration, the Cyberspace Administration of China, the Ministry of Industry and Information Technology, and industry regulators—and fast-changing rules. For example, cross-border data transfers now require a cascade of approvals (security assessments, certifications, or standard contracts), though new 2024 rules have introduced some exemptions and flexible thresholds.
Even within China, “important data” subject to government catalogues must stay protected; enterprises often must appoint data-security officers, classify all data assets, and undergo periodic audits. International firms in China must also consider extraterritorial reach: PIPL’s strict consent rules can implicate the processing of any Chinese personal data even if done abroad.
Third, valuation and market trust remain hurdles. Unlike stocks or real estate, data is intangible and non-rivalrous, making price discovery difficult, and unregulated “data black markets” have proliferated.
To attract sellers to formal exchanges, China is trying to build trust (through certification, legal certificates, blockchain traceability) and to offer financing opportunities (as in the Shenzhen loan example above).
But disputes over ownership or misuse of data can still arise. Additionally, strict security reviews (especially for “core” data in sectors like finance or utilities) could slow cross-border cooperation and stifle some uses of data.
About Us
China Briefing is one of five regional Asia Briefing publications, supported by Dezan Shira & Associates. For a complimentary subscription to China Briefing’s content products, please click here.
Dezan Shira & Associates assists foreign investors into China and has done so since 1992 through offices in Beijing, Tianjin, Dalian, Qingdao, Shanghai, Hangzhou, Ningbo, Suzhou, Guangzhou, Haikou, Zhongshan, Shenzhen, and Hong Kong. We also have offices in Vietnam, Indonesia, Singapore, United States, Germany, Italy, India, and Dubai (UAE) and partner firms assisting foreign investors in The Philippines, Malaysia, Thailand, Bangladesh, and Australia. For assistance in China, please contact the firm at china@dezshira.com or visit our website at www.dezshira.com.
- Previous Article Does Your Business Need to File DPO Information With the CAC?
- Next Article
