In today’s digital era, data is an invaluable asset for businesses, offering opportunities for innovation and competitive advantages. However, effectively monetising data involves navigating complex legal frameworks that govern ownership, protection, and commercialisation. This Article examines key legal provisions under Chinese law that facilitate and regulate data monetisation, focusing on intellectual property (“IP”) rights, trade secret protections, data pledge financing, licensing mechanisms, and compliance challenges.
Data Ownership
The Chinese government recognised the economic attributes and value of large data sets by at least 2019 (if not much sooner), and recognised data as the fifth factor of production, alongside traditional factors, such as land, labour, capital, and technology.
On 10 April 2022, the Chinese government released the Opinions on Building Basic Systems for Data to Better Play the Role of Data Elements (“Twenty Data Measures”; 关于构建数据基础制度更好发挥数据要素作用的意见), which for the first time clearly established a data property rights system, which included ownership rights, usage rights, and management rights.
On 25 December 2024, the National Data Bureau issued the Opinions on Promoting the Development and Utilisation of Enterprise Data Resources (关于推动企业数据资源开发利用的意见), building on the framework established in the Twenty Data Measures. This document affirmed that enterprises could hold a range of data rights over data generated or legally obtained and held during their production and operational activities.
Under the guidance of these regulatory documents, many Chinese cities, such as Shanghai, Beijing, and Shenzhen, have established data exchanges that (i) allow enterprises or government departments (“Listing Entities”) to list data products that can legally circulate for trading and (ii) offer data right registration services for the data to be traded. The procedures for listing data products on different exchanges may vary slightly. For example, at the Shanghai Data Exchange, before data products can be listed for trading, Listing Entities must:
- clearly define the data to be traded;
- conduct a compliance assessment; and
- conduct a quality assessment.
Once Listing Entities complete the above, the Exchange reviews the materials before allowing data to be traded.
Although China has established the groundwork for a data rights system centred around ownership, usage rights and management rights, the specific content and supporting systems for data rights have yet to be determined consistently at a national level. As a result, different regions have explored and established various ways of registering data rights, including:
- Data asset registration (e.g., Guangdong Province, Beijing)
- Data product registration (e.g., Shanghai Data Exchange)
- Data resource notarization (e.g., Jiangxi Province)
- Data element registration (e.g., Guizhou Province)
- Data intellectual property registration
It is important to note that these registrations do not have the legal effect of creating or altering data rights in the sense of property law. The registration certificates issued by relevant institutions serve primarily as proof for enterprises to demonstrate their legal ownership of the related data.
Intellectual Property Rights
Under Article 123 of China’s Civil Code, IP rights grant exclusive control over subject matters such as works, inventions, trademarks, and trade secrets. These rights form the legal foundation for treating data as a proprietary asset. For instance, proprietary datasets—such as customer analytics or operational insights—can, in principle, qualify as trade secrets or works, enabling businesses to monetise them through licensing or sale agreements.
Moreover, the China National Intellectual Property Administration (“CNIPA“) released a list of pilot areas for data intellectual property work in November 2022 and December 2023. Enterprises can apply for data intellectual property registration in 17 cities, including Beijing, Shanghai, and Jiangsu Province. In general, the following requirements must be met for data to be protected as intellectual property:
- It must be legally and compliantly obtained;
- It must be the result of intellectual labour and innovation, possessing creativity;
- It must have practical value; and
- It must not have been publicly disclosed at the time of data intellectual property registration.
Although data intellectual property registration cannot directly confirm the ownership of the data, some courts have recognised it as strong evidence of an enterprise’s legal ownership of the data in practice. For example, in June 2024, a Beijing company was able to rely on such rights to sue a Shanghai company for copyright infringement and unfair competition over illegally obtained Mandarin voice data. The Beijing Internet Court and Intellectual Property Court ruled in favour of the plaintiff, recognising their “Data Intellectual Property Registration Certificate” as evidence of lawful data ownership. The defendant was ordered to pay RMB 102,300 in damages.
Protecting Trade Secrets: Safeguarding Data Value
Trade secrets are defined as confidential technical, operational, or commercial information with economic value (Anti-unfair Competition Law (“AUCL”), Article 9). To monetise data as a trade secret, businesses must implement stringent measures to ensure its confidentiality, as unauthorised acquisition, disclosure, or use constitutes infringement.
Key protections include:
- Prohibited Acts: Theft, bribery, electronic intrusion, or breaches of confidentiality obligations are strictly forbidden (AUCL, Article 9).
- Liability: Infringers face civil penalties, fines of up to CNY 5 million, and punitive damages for bad-faith violations (AUCL, Articles 17 and 21).
- Third-Party Accountability: Even third parties who knowingly benefit from breaches can be held liable (AUCL, Article 9).
These protections enable businesses to monetise their data while deterring misappropriation through severe consequences for infringement. However, due to the unregistered nature of trade secrets, they are perhaps more suitable for businesses to use internally or in exchange for lump-sum payments rather than using a royalty model.
Data Assets on the Balance Sheet
On 1 August 2023, the Ministry of Finance issued the Interim Regulations on the Accounting Treatment of Enterprise Data Resources, which clarified that data resources meeting certain requirements could be recognised as assets for accounting purposes and included on an enterprise’s balance sheet. This process is referred to as “Include Data Assets on the Balance Sheet.” On 8 September 2023, the China Asset Appraisal Association released the Guidelines for Data Asset Valuation, which suggests approaches for valuing data.
The inclusion of Data Assets on the Balance Sheet can bring numerous benefits to enterprises at the financial level, including:
- An increase in net assets on the enterprise’s balance sheet.
- Improved credit ratings from some financial institutions.
- Expanded financing channels, as the related data can be used for pledge financing, issuing notes, and other methods to secure additional funding.
According to statistics from third-party agencies, as of the end of September 2024, 53 A-share listed companies had completed the process of including Data Assets on their Balance Sheets. In practice, enterprises typically cooperate with law firms and accounting firms to inventory and organise their data assets, assess the compliance and value of the data, and ultimately select the appropriate data to be included on the balance sheet. Additionally, to verify the authenticity of these data assets, enterprises often register data rights through data exchanges or other platforms.
Data Pledge Financing: Using Data as Collateral
Article 440 of the Civil Code allows certain rights—such as patents, copyrights, and accounts receivable—to be pledged as collateral. While data is not explicitly listed, businesses can potentially pledge proprietary datasets as IP assets if they have a “Data Intellectual Property Registration Certificate”.
GU Wenhai, Deputy Director of the Zhejiang Intellectual Property Office, has been quoted as saying: “So far, 14 enterprises in the province have obtained RMB 97 million ($13.6 million) through financing of IPR in data” in an article on Data Intellectual Property Registration Certificates.
Many banks have also started offering financing and credit services for data assets, including large state-owned banks, such as the Industrial and Commercial Bank of China (“ICBC”) and China Construction Bank, as well as regional banks like Shanghai Bank and Beijing Bank. For example, in December 2024, under the guidance of the Shanghai Intellectual Property Bureau, the Shanghai Data Exchange, in collaboration with ICBC’s Shanghai and Wuhan branches, completed the first data product intellectual property pledge financing case in Shanghai. The core asset pledged was a data platform developed by a Wuhan company, which provides book information queries and visual analyses. After obtaining a data intellectual property registration certificate, the Wuhan company utilised the Shanghai Data Exchange for data product intellectual property valuation, asset trading, pledge registration and other services, and secured a loan of RMB 100 million from ICBC.
In principle, pledge financing allows businesses to unlock liquidity without relinquishing ownership. This is a positive development in a world with an increasingly knowledge-based economy. However, Data Intellectual Property Registration Certificates will more often than not have the following features, which could make them less than ideal forms of security:
- Intangibles can be challenging to value.
- Data can be copied and disseminated, which could suddenly reduce its value.
- The shelf-life of data can be short, which could make it unsuitable for long-term financing.
- The use of data is not always obvious in the real world, which could make enforcement rather impractical.
Data Licensing: Monetising Through Contracts
Technology contracts (Civil Code, Articles 843–877) provide a framework for data licensing and transfer. Key considerations include:
- Contract Essentials: Agreements should specify the scope of use, payment terms (e.g., lump sums or royalties), confidentiality clauses, and ownership of derived innovations (Civil Code, Articles 845–846).
- Licensor Obligations: Data providers must ensure the reliability, accuracy, and confidentiality of the data (Civil Code, Articles 868–870).
- Compliance: Licensing contracts must not restrict technological competition or development (Civil Code, Article 864).
For example, a company licensing customer behaviour data must outline clear terms for usage limits, royalties, and penalties for breaches. Failure to comply may result in contract invalidation (Civil Code, Article 850).
On April 18, 2025, the National Data Bureau issued draft model contracts for data transactions — including the Data Provision Agreement, Data Processing Entrustment Agreement, Data Integration and Development Agreement, and Data Intermediary Agreement. The drafts are intended to serve as references for parties involved in data transaction activities and have been released for public consultation.
Compliance Hurdles: PIPL and Data Privacy
China’s Personal Information Protection Law (“PIPL”) contains stringent rules for processing personal data. Key requirements include:
- Separate Consent: Individuals must provide separate consent for data sharing, including details of the recipient and intended processing (PIPL, Article 23).
- Anonymisation: Only anonymised data is exempt from PIPL restrictions (Article 4). However, the legal standard for anonymisation is currently high and essentially requires irreversible de-identification. In practice, true anonymisation can significantly damage the practical value of a data set.
Non-compliance with the PIPL can result in significant fines and reputational damage. Businesses must implement robust consent mechanisms and should attempt to adopt effective data anonymisation strategies (where possible) to mitigate these risks.
Global Challenges
The EU Data Act, which governs the use of and access to certain types of data generated by products or services in the EU, mandates FRAND (fair, reasonable, and non-discriminatory) contract terms for the mandatory sharing of specific data types. Its approach to unlocking the overall value of data is very different to the approach in China (which is arguably more incentive base). This might be a result of the context in both regions. Namely, a lot of Chinese data is being processed by Chinese companies, while a lot of EU data is being processed by non-EU companies.
The EU Data Act can impact Chinese companies, such as those with IoT products or services in the EU, by requiring them to share data within the EU on FRAND terms. This could arguably affect the overall value of their data.
While this article focuses on Chinese law, it is worth noting that FRAND issues have led to significant amounts of forum shopping and litigation in relation to Standards Essential Patents. Although the interaction between EU and Chinese data laws is beyond the scope of this discussion, businesses operating globally must be aware of these evolving frameworks.
Conclusion
Successfully monetising data requires balancing value creation with adherence to legal frameworks. By securing intellectual property rights, crafting compliant licensing agreements, and prioritising privacy protections, businesses can unlock revenue opportunities while mitigating risks.
