With e-commerce reaching staggering heights, the narrative of digital trade is often celebrated for its exponential potential to elevate businesses, large and small, to global platforms, and for driving a services-led economic revolution. The $2.41 trillion digital economy underscores the critical role of data flows in international trade.

However, this very backbone of digital trade — the free flow of data — now carries with it an intrinsic risk, transforming every business into a potential node of vulnerability. The cyber theft of intellectual property and personal data is emerging not just as a commercial hazard but as an acute national security threat. The 2017 WannaCry ransomware attack, which paralyzed over 200,000 computers across 150 countries, and the NotPetya attack, which caused unprecedented disruption to supply chains and major businesses like Maersk, highlight the critical need for countries to strengthen their defenses.

Policy development in the digital trade domain is witnessing unprecedented complexity. The European Union’s General Data Protection Regulation (GDPR) marked a significant policy shift, setting new global standards for data protection and influencing digital trade practices worldwide. Similarly, India’s draft e-commerce policy and the United States’ proactive measures through the Cybersecurity and Infrastructure Security Agency (CISA) reflect diverse, national strategic approaches to navigating digital trade regulation and cybersecurity.

One of the most contentious issues in the realm of digital trade is data localization, which states that data on a nation’s citizens or residents should be collected, processed, and stored inside the nation’s boundaries. This requirement stipulates that the data should also be accessible to that country’s government, ostensibly for regulatory and security purposes.

Russia’s 2015 data localization mandate epitomizes the practice of data localization. It requires that Russian citizens’ personal data be stored domestically, pushing international firms to migrate their servers to comply or face sanctions. This move, paralleled by China’s Personal Information Protection Law, underscores a tightening grip over digital sovereignty, aiming to shield data from foreign espionage while asserting control over digital realms.

Similarly, India’s evolving policy reflects a balancing act between boosting local data processing and guarding against foreign surveillance and digital colonization, a concern echoed by Vietnam’s 2019 cybersecurity law. These laws have sparked international debate over their implications on global digital trade, raising alarms about heightened operational costs, the emergence of trade barriers, and the potential stifling of the digital economy’s growth.

Data localization policies, while aiming to safeguard data and enhance national security, risk undermining the trust foundational to digital trade. Such policies burden multinational corporations, especially tech companies, which rely on the global flow of data to drive innovation. Additionally, these policies may result in a fragmented approach to data storage and security, making it more challenging to maintain a unified cybersecurity defense.

Against this backdrop of regulatory challenges, the private sector emerges as a pivotal force in shaping the future of digital trade. Tech giants and startups alike prioritize growth and innovation, with companies like Amazon and Google revolutionizing global commerce through their platforms. However, their operations raise questions about data privacy, market dominance, and cybersecurity. The Apple vs. FBI conflict over iPhone encryption illustrates the tension between private-sector innovation and government security concerns, highlighting the complexities of balancing privacy with national security.

Responding to these complexities, the United States-Mexico-Canada Agreement (USMCA) introduced a digital trade chapter. By limiting member states’ capacity to enforce data localization, the USMCA proposes a model that aims to balance the economic benefits of free data flows with security concerns. However, it includes exceptions for legitimate public policy objectives, providing a flexible framework that can adapt to varying national security needs.

Nevertheless, the dynamic nature of technology and cybersecurity means that the agreement will need continuous updates to remain relevant. Moreover, its impact is inherently limited to North America and might not directly influence countries with different digital trade and security postures, such as China and the EU. The challenge lies not just in crafting regulations that can adapt to the rapid pace of technological change but also in achieving an international consensus that respects the diverse security and economic interests of different nations.

In response to these challenges, Japan has championed the notion of Data Free Flow with Trust (DFFT) on the international stage. DFFT aims to establish a set of common rules that enable the free flow of data across borders while ensuring robust privacy and security protections. One of its focus areas is making national data governance systems interoperable, rather than identical, recognizing that trust is a fundamental component of the digital economy.

Beyond DFFT, there are other international efforts aimed at harmonizing digital trade regulations while addressing security concerns. The World Trade Organization (WTO) continues to hold dialogues that seek to address issues related to digital trade. Similarly, the Digital Economy Partnership Agreement (DEPA) between Singapore, Chile, and New Zealand represents an attempt to develop a modern digital trade agreement that covers digital identity, data flows, and personal data protection, among other areas.

As digital trade becomes a pillar of the global economy, nations worldwide have adopted diverse policy approaches to secure their digital spaces while fostering economic growth. The national responses reflect a spectrum of strategies, from stringent data localization to liberalized data flow frameworks, each presenting unique challenges and trade-offs.

To strengthen our digital defenses, countries must come together around a common framework that goes beyond just national policies. This approach needs to be rooted in strong international cooperation, ensuring that data not only moves freely but also securely, adhering to international standards like those set by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). It’s about building a collective commitment to protect our digital infrastructures.

Additionally, the private sector’s critical role cannot be emphasized enough. Businesses must prioritize cybersecurity, integrating it thoroughly within their operations and leadership structures. This includes appointing seasoned executives such as Chief Information Security Officers (CISOs) to top roles and cultivating a cybersecurity-aware culture across all levels of the organization. This culture should empower employees to use advanced digital tools securely.

As we navigate the evolving landscape of digital trade, nations and corporations must strive for a balanced approach that respects both the economic potential and the security imperatives of our interconnected world. International cooperation and adherence to global standards are crucial in forging a unified strategy that protects against cyber threats while facilitating free data flows.

The private sector must prioritize cybersecurity, embedding it within their strategic and operational frameworks, and cultivating a culture of security awareness among all employees. Only through such a comprehensive and harmonized approach can we ensure that digital trade continues to be a driver of economic prosperity without compromising national security. This path requires ongoing vigilance, adaptability, and collaboration across borders to effectively meet the challenges posed by technological advancements and the global nature of cyber threats.

The post The Invisible Borders: Navigating Trade and Security in the Digital Age appeared first on WITA.

Raimondo also emphasized the sheer number of electric vehicles that China is exporting. Indeed, China has become a battery electric vehicle (BEV) export behemoth. Europe has become the top destination for Chinese BEV exports, for now, and exports could continue to rise due to cost reductions and synergies with China’s shipbuilding complex. Responding to these dynamics could prove challenging for the United States and Europe, given the competing priorities of decarbonization, economic goals, and the mitigation of security risks.

Working with allies and partners, the United States should adopt a joint, balanced approach to Chinese BEV exports by following pragmatic interim guidance while comprehensively studying the security risks these vehicles could pose. These interim steps should include preventing Chinese-made electric vehicles with sensors from reaching locations sensitive to US and allied security, such as military installations, and restricting them altogether from Guam, Okinawa, and other places relevant to Taiwan and South China Sea-related contingencies. Such interim measures would help keep the United States and its allies secure while the risks that Chinese BEVs ultimately pose are determined.

Chinese BEV exports to Europe are surging

China’s overall BEV exports rose 70 percent in 2023, reaching $34.1 billion. The European Union (EU) is the largest recipient of Chinese BEV exports, accounting for nearly 40 percent of them. Other European countries (Albania, European Free Trade Association members, North Macedonia, Ukraine, and the United Kingdom) held a 15 percent share of Chinese shipments in the same year.

China’s growing BEV shipments to Europe have vastly increased its share of the European market. Chinese manufacturers’ share of the Western European new BEV passenger car market stood at 9.3 percent in the fourth quarter of 2023, an astonishing rise from 2019, when China’s share in the total European BEV market only reached 0.5 percent.

In the Western Hemisphere, China’s exports to Mexico are worth watching carefully, as the country often serves as a backdoor to the US market. Still, Chinese BEV exports to Mexico are minor, totaling only $257 million in 2023, less than Canada, which imported $1.6 billion over the same period. In other words, there is greater risk of BEV trade “leakage” to the United States from Canada than Mexico—at least for now.

What about plug-in hybrids?

The above chart does not include China’s exports of plug-in hybrid electric vehicles (PHEVs), which use batteries to power an electric engine and fuel to power an internal combustion engine. In 2023, China’s exports of PHEVs totaled $4.3 billion, or around just one-eighth of BEV exports that year. Many Chinese plug-in hybrids in 2023 went to Brazil—and to Russia, via both direct and indirect trade. Kyrgyzstan’s reported imports of Chinese plug-in hybrids reached $651 million in 2023, or about 5 percent of its gross domestic product at current prices. While Kyrgyzstan is notionally the third-largest importer of Chinese-made PHEVs, it is a near certainty that some of these shipments were in fact destined for another country, as Central Asian countries, especially Kyrgyzstan, often serve as a waypoint for Chinese exports ultimately bound for Russia.

The United States is a significant purchaser of plug-in hybrids, but it’s not currently purchasing many Chinese-made models either directly or indirectly. Chinese PHEV exports to parties of the United States-Mexico-Canada (USMCA) trade agreement totaled only $132 million in 2023.

The Chinese electric vehicle tsunami hasn’t hit the US—yet

Indeed, Chinese-made electric vehicles haven’t played a sizable role in the US market, at least not yet. China directly shipped just $368 million in BEV exports to the United States in 2023. Conversely, the EU exported nearly $7.4 billion to the United States that year, according to official US trade data.

The United States doesn’t currently import Chinese BEVs at scale largely because it places a 27.5 percent tariff on Chinese-made cars, along with other restrictions. Still, this tariff may not ultimately prevent Chinese autos from reaching the United States.

Chinese BEVs are already significantly less expensive than Western autos. Chinese automaker BYD’s Seagull, for instance, sells for only twenty thousand dollars in Latin America, while China’s electric vehicle producers are currently engaged in a price war with one another. China’s electric vehicle producers are competitive due in part to genuinely impressive innovations; synergies with China’s industrial capacity, including its shipbuilding sector; and economies of scale. But massive subsidies from China’s national, provincial, and even local governments are also an important factor.

Furthermore, Chinese auto exports will soon no longer be constrained by insufficient transoceanic carrier ships. BYD, in tandem with CIMC Raffles of Yantai, launched China’s first car carrier built specifically for the purpose of exporting Chinese-made autos. Earlier this week, thousands of BYD vehicles were unloaded in Germany on the first of eight ships commissioned by the company. The state-run People’s Daily reported earlier this year that a single company, the Chinese shipping giant COSCO, has ordered twenty-four large vehicle carriers.

China’s shipbuilding sector and industrial capacity should not be underestimated: China’s civilian shipbuilding production stood at 49 percent of the global market share in the first eight months of 2023. Working together and reinforcing each other, Chinese electric vehicle producers and shipbuilders will enable the country to ship more autos abroad—including, potentially, to the United States.

Additionally, Chinese autos might make their way to the United States via investments in third countries, especially Mexico. Not only does Mexico border the United States, but it is also deeply integrated into USMCA supply chains. Case in point: General Motors, Ford, BMW, and Audi are all currently producing electric vehicles in Mexico. China’s BYD is reportedly scouting locations to build production facilities in Mexico, then export the vehicles across the border into the United States in order to avoid tariffs.

Barring a policy response, it is likely only a matter of time before China’s electric vehicles will be well positioned to enter the US market either directly via export or indirectly via re-exports from, or investment in, third countries such as Mexico.

Managing a flood of Chinese-made electric vehicles

Chinese exports pose dilemmas for policymakers on both sides of the Atlantic. Electric vehicles help accelerate decarbonization and may already be more economically competitive than traditional internal combustion engine vehicles. But leaving Western electric vehicle supply chains in the hands of a formidable rival poses obvious economic and strategic risks.

Chinese electric vehicle exports to Europe face increasing pushback on economic and security grounds. The European Commission, citing unfair subsidies, has launched an investigation into whether China’s BEV value chains receive subsidies that are illegal under global trade rules.

Washington, Brussels, and other capitals should engage in a comprehensive and thorough evaluation of the risks of Chinese BEVs to determine where Chinese-made automobiles do—or do not—pose risks. In the meantime, US and allied policymakers should take some interim measures to mitigate these risks.

For starters, Chinese BEVs with sensors should not be allowed near sensitive locations, as the video and imaging capabilities of these electric vehicles could enable real-time, on-the-ground surveillance. Consequently, Taiwan should continue to restrict inbound shipments of mainland Chinese-made electric vehicles, especially those with sensors. Chinese electric vehicles should also not be allowed in Guam and should be restricted around other US and allied military installations.

Chinese manufacturers and China’s foreign ministry may grouse about any restrictions on BEV exports. These objections can largely be dismissed, as the Chinese government has itself imposed restrictions on Teslas. Still, Chinese automakers will find it in their long-term self-interest for Western countries to determine the rules of the road. If Western countries can determine where Chinese BEVs do not pose risks, it would create greater certainty for trade and investment.

Chinese-made electric vehicles pose a thorny dilemma for Washington and Brussels, with complicated trade-offs. Policymakers do not have a lot of time, as Chinese exports appear set to rise sharply amid their domestic price war and a growing transoceanic car carrier fleet. While Washington, Brussels, and other capitals need to comprehensively examine the security risks of Chinese BEV imports, interim risk mitigation measures are appropriate until the totality of the costs and benefits are better understood.

Joseph Webster is a senior fellow in the Global Energy Center and the editor of the China-Russia Report. This article reflects his own personal opinion.

To read the full blog post as it appears on the Atlantic Council website, click here.

The post China Has Become an Electric Vehicle Export Behemoth. How Should the US and EU Respond? appeared first on WITA.

Of special concern are signs that the Intelligence Law’s drafters are trying to shift the balance of these legal obligations from intelligence “defense” to “offense”—that is, by creating affirmative legal responsibilities for Chinese and, in some cases, foreign citizens, companies, or organizations operating in China to provide access, cooperation, or support for Beijing’s intelligence-gathering activities.

The new law is the latest in an interrelated package of national security, cyberspace, and law enforcement legislation drafted under Xi Jinping. These laws and regulations are aimed at strengthening the legal basis for China’s security activities and requiring Chinese and foreign citizens, enterprises, and organizations to cooperate with them. They include the laws on Counterespionage (2014), National Security (2015), Counterterrorism (2015), Cybersecurity (2016), and Foreign NGO Management (2016), as well as the Ninth Amendment to the PRC Criminal Law (2015), the Management Methods for Lawyers and Law Firms (both 2016), and the pending draft Encryption Law and draft Standardization Law.

A comparison of the final version of the National Intelligence Law and the penultimate draft issued on May 16 indicates that its authors had to soften some of these requirements and make it less explicit about to whom they apply. But the law’s broad language still imposes serious new security obligations, and the authors will probably get another opportunity to tighten these rules if detailed implementing regulations for the law are drawn up in the future.

Initial press coverage of the Intelligence Law spotlighted concerns that it would grant intelligence officials the right to enter otherwise restricted facilities, examine private records, investigate and question personnel, and access or even requisition communications or transport equipment owned by companies or individuals. But while the new law does grant these powers, similar authorizations have already been granted in other legislation, most notably the Counterespionage Law (Articles 9-16) and the Cybersecurity Law. It is the Counterespionage Law which most closely parallels the new Intelligence Law in its structure and focus.

As its name implies, the Counterespionage Law is far more defensive in orientation than the Intelligence Law. Article Four requires all Chinese citizens to preserve, and not harm, national security, and obligates all public groups, enterprises, organizations, and other institutions to “prevent and stop espionage activities and maintain national security.”

The Intelligence Law, by contrast, repeatedly obliges individuals, organizations, and institutions to assist Public Security and State Security officials in carrying out a wide array of “intelligence” work. Article Seven stipulates that “any organization or citizen shall support, assist, and cooperate with state intelligence work according to law.” Article 14, in turn, grants intelligence agencies authority to insist on this support: “state intelligence work organs, when legally carrying forth intelligence work, may demand that concerned organs, organizations, or citizens provide needed support, assistance, and cooperation.” Organizations and citizens must also protect the secrecy of “any state intelligence work secrets of which they are aware.” These clauses appear to limit the obligations on individuals to Chinese citizens, but they do not stipulate that only Chinese “organizations” are subject to these requirements.

In other articles, moreover, the law’s drafters chose language that does not limit these demands on individuals to Chinese citizens. Article 16 authorizes security officials to make inquiries (xunwen; 询问) of any individuals as part of their intelligence-gathering, and to examine their reference materials and files. These officials can also commandeer the communications equipment, transportation, buildings, and other facilities of individuals as well as organizations and government organs (Article 17).

While the law requires that intelligence officials carry out such inquiries according to relevant state regulations, nowhere does the law explicitly authorize individuals or other actors whom they question—citizen or foreign—to refuse to answer questions or decline such access, information, or support. In this context, it is worth recalling that China’s Criminal Procedure Law requires persons questioned by law enforcement officials (including public security officials) to respond “according to the facts” and does not confer on them the right to silence. What is unclear is whether the passage of the Intelligence Law effectively places these intelligence activities within the same realm as criminal cases, which might compel persons who are interviewed to cooperate with intelligence officials.

Like other recent Chinese security legislation, the Intelligence Law leaves key concepts undefined, thereby expanding the law’s potential scope and its risks to foreigners. Most importantly, the law does not define its title concepts—“intelligence” or “intelligence work”—with details that clarify unacceptable government behavior or limit the obligations the law imposes on people and organizations. In this regard, a useful metric for comparison is one of the most fundamental of U.S. intelligence collection authorities, Executive Order 12333 on Intelligence Activities, which lays out detailed definitions, procedures, limitations and prohibitions regarding a number of intelligence activities, including government collection, retention, and dissemination of information on U.S. persons and corporations.

The Intelligence Law casts a broader net when it discusses the nature of intelligence activities. Article Two requires intelligence work to embrace Xi Jinping’s so-called “overall” or “comprehensive concept of national security” set forth in 2014, which would place virtually any issue—military, political, economic, social, technological, cultural or others—within the realm of intelligence work. Articles Two through Four describe intelligence work as the collection of open source or secret information, at home or abroad, to provide a reference for decision-making and protecting almost any national interest. These interests include, but are not limited to, “preventing and dissipating risks which endanger national security,” “safeguarding [China’s] governing regime,” its “sovereignty, unity, and territorial integrity,” economic prosperity, and the “sustainable development of the economy and society.”

The law also permits authorities to detain or criminally punish those who “obstruct” intelligence activities. But it does not define “obstruction” or distinguish it from mere failure to “support,” “assist,” or “cooperate”—the obligations noted in Article Seven. The law is also unclear about the means by which persons who are subjected to illegal mistreatment by intelligence authorities may file complaints or sue.

A few U.S. IT firms operating in China have expressed concerns about the wide-ranging obligations the new law might place on them to provide technical support to security officials for intelligence-gathering or other activities. The Intelligence Law itself grants officials general authority to demand “assistance” from private organizations and access or use their “communications” facilities. But companies could face even more serious burdens if the law is applied in concert with the new Cybersecurity Law, which accords officials far more specific authority to access and regulate many features of corporate networks that might be useful for intelligence-gathering. These include key business and personal data (which must be stored in China), proprietary codes, and other intellectual property. And like the Intelligence Law, the Cybersecurity Law broadly requires network operators to cooperate with public security and state security officials.

Dr. Murray Scot Tanner is a Principal Policy Analyst for Alion Science and Technology, and lives in Rockville, Maryland.

To read the full article, please click here. 

The post Beijing’s New National Intelligence Law: From Defense to Offense appeared first on WITA.