Quick Win No. 5

Promote an inclusive approach to governing cross-border data flows and artificial intelligence

Cross-border data flows are crucial for trade and digital economy innovation. The rapid advancement and adoption of artificial intelligence (AI) further highlights the need to ensure that data flows freely, safely, and securely across borders. However, diverse and sometimes irreconcilable policy interests of WTO members have fueled the lack of agreement on vital issues, such as data governance, and slimmed down the negotiation agenda within the WTO’s Joint Statement Initiative on Electronic Commerce (E-Commerce JSI). These developments reflect ongoing concerns about shrinking policy space, privacy, national security, and data sovereignty, which can lead to regulatory fragmentation and restrictions on data flows. While AI is not currently included in the E-Commerce JSI, rapid developments in AI governance outside the WTO indicate the potential for further fragmentation. We propose a pragmatic approach focused on inclusivity through regulatory interoperability and technical harmonization, where certification frameworks and technical standards play a key role.

Regulatory interoperability involves establishing common basic requirements to allow various systems or regimes to work together while respecting policy divergence. This approach ensures inclusivity while preventing extreme fragmentation of regulatory systems. Ongoing efforts in trade agreements and other fora promote interoperability and trustworthy cross-border data flows. They acknowledge that regulatory frameworks for personal data protection vary across jurisdictions, reflecting not just legal considerations, but also cultural values, social needs, and economic considerations.

Different models could inspire frameworks for regulatory interoperability, including certifications. Certification frameworks for cross-border data flows are an emerging policy solution. For example, several WTO members participate in the Global Cross-Border Privacy Rules (CBPR) System, which was launched in 2022. The Global CBPR System relies on common privacy principles among different economies’ domestic data privacy frameworks without preventing them from adopting higher levels of protection at the domestic level. Its success could go a long way in facilitating the management of cross-border data flows. 

Another approach towards promoting inclusivity is through harmonization of technical specifications and procedures based on international AI technical standards. The International Organization for Standardization and the International Electrotechnical Commission (ISO/IEC) are developing technical standards to ensure the transparency, accountability, and bias mitigation of AI systems. WTO members could use these standards as a basis for their domestic AI technical regulations, standards and conformity assessment procedures (CAPs). The adoption of these standards could also be included in the E-Commerce JSI. Beyond these negotiations, WTO members could convene dedicated sessions on AI technical regulations, standards and CAPs in the relevant WTO bodies, including the TBT Committee and the Council for the General Agreement on Trade in Services.

Technical harmonization and regulatory interoperability facilitate the inclusive governance of cross-border data flows and AI, fostering trust and legitimacy while ensuring that the diverse interests of WTO members are part and parcel of the digital trade regulation at the WTO.