After many years of negotiation, the Regional Comprehensive Economic Partnership (RCEP) was signed on November 15. Its signatories are the 10 member states of the Association of Southeast Asian Nations (ASEAN) (Brunei, Cambodia, Indonesia, Laos, Malaysia, Myanmar, the Philippines, Singapore, Thailand and Vietnam) as well as Australia, China, Japan, New Zealand and the Republic of Korea.
Except for Cambodia, Indonesia, the Philippines and Vietnam, the RCEP countries are also part of the World Trade Organization’s (WTO’s) Joint Statement Initiative (JSI) on Electronic Commerce, which aims to negotiate a plurilateral agreement on “trade-related aspects of electronic commerce,” since economic transactions are increasingly taking place in digital form.
The RCEP’s chapter 12 on electronic commerce is a good harbinger of the kind of agreement (should there be one) that we can expect from the JSI. This is because it showcases what China, the RCEP’s dominant member state, is willing to accept in terms of e-commerce/digital trade provisions.
For Japan, the RCEP’s other key player, we already know what it is willing to accept in terms of digital trade provisions in a free trade agreement; it signed on to the Comprehensive and Progressive Agreement for Trans-Pacific Partnership (CPTPP). The CPTPP’s chapter 14 on e-commerce was driven by the United States, which then used it as the template for chapter 19, on digital trade, in the Canada-United States-Mexico Agreement (CUSMA). In principle, both chapters constrain their member states’ ability to restrict cross-border data flows.
So, how does RCEP’s chapter 12 compare with the CPTPP’s chapter 14?
Like the CPTPP, the RCEP doesn’t apply to government procurement or “to information held or processed by or on behalf of a Party [i.e., governments], or measures related to such information, including measures related to its collection” (article 12.3.3).
Both chapters also have similar language with respect to cooperation, paperless trading, electronic authentication and electronic signature, online consumer protection, personal information protection, unsolicited commercial electronic messages, domestic regulatory framework, customs duties and cybersecurity.
The RCEP and the CPTPP diverge on provisions covering the location of computing facilities, cross-border transfer of information by electronic means, source code and dispute settlement. In all these cases, the RCEP’s chapter 12 is much weaker than the CPTPP’s chapter 14, to the point of rendering the provisions meaningless in terms of liberalizing cross-border digital trade and data flows.
The RCEP’s language is such that it allows member states to impose whatever national regulatory restrictions they wish, as long as they are applied in a non-discriminatory way (are applied equally to domestic and foreign businesses).
But even with respect to the non-discrimination provisions, a member state could get away with discriminating against specific foreign firms since the RCEP’s dispute settlement mechanism does not apply to chapter 12. If the RCEP’s member states cannot resolve a dispute on their own through consultation, then it moves to the RCEP Joint Committee (ministerial level) for further discussion but without the power to impose any decision.
With respect to the location of computing facilities, the RCEP’s article 12.14 closely follows the CPTPP’s article 14.13 language:
1. The Parties recognise that each Party may have its own measures regarding the use or location of computing facilities, including requirements that seek to ensure the security and confidentiality of communications. 2. No Party shall require a covered person to use or locate computing facilities in that Party’s territory as a condition for conducting business in that Party’s territory. 3. Nothing in this Article shall prevent a Party from adopting or maintaining: (a) any measure inconsistent with paragraph 2 that it considers necessary to achieve a legitimate public policy objective, provided that the measure is not applied in a manner which would constitute a means of arbitrary or unjustifiable discrimination or a disguised restriction on trade; or… [subparagraph (b) follows].
RCEP’s article 12.14, to this point, is almost a mirror image of the first three paragraphs of the CPTPP article. But they diverge with the RCEP’s addition of a footnote to provision 12.14.3(a): “For the purposes of this subparagraph, the Parties affirm that the necessity behind the implementation of such legitimate public policy shall be decided by the implementing Party.” This means that the legitimacy of any public policy that could require a firm to locate computing facilities in a member state is self-judging. In other words, anything can be deemed legitimate if a party says so.
And, just in case the footnote is not enough, subparagraph (b) carries on to say that the article does not prevent a party from taking “any measure that it considers necessary for the protection of its essential security interests. Such measures shall not be disputed by other Parties.”
The above limitations are not present in the CPTPP. Instead, the CPTPP offers a provision to limit restrictions based on the pursuit of a legitimate public policy objective, saying that such measures should not “impose restrictions on the use or location of computing facilities greater than are required to achieve the objective” (article 14.13.3(b)).
The RCEP’s article 12.15 on cross-border transfer of information by electronic means follows the same language as its article 12.14 (as described above), whereas the CPTPP’s corresponding article 14.11 uses the same language as article 14.13.
Finally, unlike the CPTPP, the RCEP does not contain any provision regarding source code. For instance, the CPTPP’s article 14.17.1 says that “No Party shall require the transfer of, or access to, source code of software owned by a person of another Party, as a condition for the import, distribution, sale or use of such software, or of products containing such software, in its territory.” Thus, RCEP member states are free to require such transfer or access as a condition for market access.
In sum, the RCEP’s e-commerce chapter is built on the CPTPP’s framework, which is not surprising, given that many CPTPP member states are also members of the RCEP. However, the RCEP adds and removes language in order to give its member states all the leeway that they need to adopt restrictive measures to digital trade and data flows, should they wish to do so.
We can only presume that China, which tightly protects its digital realm from the outside world, is behind such weakening language. As such, China ensured that the RCEP would allow it to keep its Great Fire Wall intact.
As a result, should the WTO’s JSI negotiations ever lead to an agreement, it would most likely resemble the RCEP’s chapter 12: an agreement that is aspirational in nature but does little to promote cross-border digital and data flows effectively. Those countries that wish to maintain tight controls on such flows would remain legally free to do so.
To make progress on governing cross-border data flows, and on facilitating digital trade, we need to move the process out of the WTO and trade agreements such as the CPTPP, CUSMA and the RCEP. As I’ve argued before with Susan Aaronson, we need to build a new and separate governance regime for cross-border data.