**Introduction** China’s restrictive data policies challenge US technology leadership by limiting cross-border data flows, increasing localization and compliance costs for foreign firms, and embedding data governance within a state-centric security and industrial framework. Core elements of this framework — including the Cybersecurity Law, Data Security Law, and Personal Information Protection Law— constrain the scale economies, data aggregation, and interoperability that underpin US strengths in digital services, cloud computing, and artificial intelligence, while supporting the development of China’s domestic digital ecosystems[1][2]. **Contextual background** Data is a critical input for innovation, productivity, and competitiveness in digital services, artificial intelligence, and advanced manufacturing. Cross-border data flows enable centralized cloud architectures, large-scale model training, and global service provision. Restrictions on data movement — commonly described as data localization, security assessment requirements, and cross-border transfer approvals — are widely recognized as trade-relevant regulatory measures that affect market access and firm competitiveness[2][3]. China’s current data governance regime is anchored in three national laws:[1][4] 1. The Cybersecurity Law (2017), which introduced localization and security obligations for “critical information infrastructure” operators; 2. The Data Security Law (2021), which established data classification and security review requirements, including controls on the export of “important data”; and 3. The Personal Information Protection Law (2021), which regulates personal data processing and imposes conditions on cross-border data transfers. Together, these laws form an integrated framework that links data governance to cybersecurity and national security objectives. **How China’s data policies affect US technology leadership** **1.** **Constraints on scale economies and data-driven learning** China’s data localization and cross-border transfer rules — implemented through the Cybersecurity Law and reinforced by the Data Security Law and Personal Information Protection Law — limit the ability of foreign digital firms to combine data generated in China with global datasets. This reduces scale economies and learning effects that are central to competitiveness in cloud computing and artificial intelligence. Firms are often required to localize data storage and processing and to undergo security assessments before transferring data abroad, raising operational costs and weakening the commercial viability of globally integrated digital platforms in the Chinese market[2][3]. **2.** **Competitive advantages for domestic technology firms** By requiring that large volumes of data generated within China remain subject to domestic jurisdiction and regulatory oversight, China’s data regime favors domestic digital platforms and technology firms that can access and process these datasets at scale. This supports domestic innovation and deployment in data-intensive sectors, including artificial intelligence and digital services, while constraining effective participation by foreign competitors[1][4]. The alignment of data governance with broader industrial and security objectives reflects a deliberate policy approach in which data is treated as a strategic resource, reinforcing advantages for domestic firms within China’s digital economy[1]. **3.** **Fragmentation of global digital markets and standards** China’s restrictive data policies contribute to the fragmentation of global digital markets by reducing interoperability between Chinese and foreign digital ecosystems. Divergent regulatory approaches to data governance, cybersecurity, and platform regulation increase barriers to cross-border digital trade and weaken network effects that have historically favored globally scaled US technology firms. Over time, this fragmentation increases the likelihood of parallel digital systems and standards, reducing US influence in global digital rule-setting[2][5]. **Conclusion** China’s Cybersecurity Law, Data Security Law, and Personal Information Protection Law collectively challenge US technology leadership by constraining scale, raising compliance costs, and reshaping competitive conditions in data-intensive industries. These policies strengthen domestic technology ecosystems while accelerating fragmentation in global digital markets. As data becomes increasingly central to innovation and productivity growth, divergence in data governance regimes is likely to remain a structural source of strategic competition between China and the United States.
