Last weekend, President Xi Jinping announced China's decision to apply to join the Digital Economy Partnership Agreement (DEPA). The Chinese announcement comes a couple weeks after South Korea said it would join.
The DEPA is a wide-ranging agreement on digital economy issues that was negotiated by Chile, New Zealand and Singapore. Based on the text signed in June of 2020, it has 16 modules covering a wide range of digital issues, such as treatment of digital products, data issues, digital identities, innovation and digital economy, small and medium sized enterprises (SMEs) cooperation, transparency, and dispute settlement. In addition to joining the agreement itself, countries can adopt some of the specific modules for use elsewhere. DEPA offers a fairly typical mix of obligations, some of which are similar to those in other recent digital agreements (e.g., the Singapore-Australia Digital Economy Agreement) and digital chapters of trade agreements (e.g., USMCA). There are obligations that limit governments' ability to impose barriers on data flows; and there are obligations that require governments to adopt regulations in certain areas.
As an example of the limits on government regulation, Article 4.3 applies to "Cross-Border Transfer of Information by Electronic Means." Paragraph 2 sets out a broad obligation that "[e]ach Party shall allow the cross-border transfer of information by electronic means, including personal information, when this activity is for the conduct of the business of a covered person," subject to an exception for legitimate public policy objectives. As an example of requiring governments to adopt regulations, Article 6.2 requires regulation of spam messages ("Unsolicited Commercial Electronic Messages").
There will be questions as to whether China's regulatory regime for digital trade can satisfy an agreement such as this one. China's regulation of this market is well-known for limiting the ability of foreign companies to offer their services. It's not that all of these companies are prohibited from offering their services (although some have been blocked); rather, they are bound by requirements of Chinese laws and regulations which restrict the use and transfer of data in various ways. (Yahoo just announced that it would be leaving the mainland Chinese market on this basis.)
The broad security exception in Article 15.2 of DEPA would probably be technically sufficient to accommodate China's various regulatory restrictions, as China's justification for its regulations often has a national security rationale. A key part of this provision says: "Nothing in this Agreement shall be construed to: ... (b) preclude a Party from applying measures that it considers necessary for the fulfilment of its obligations with respect to the maintenance or restoration of international peace or security, or the protection of its own essential security interests." However, the term "essential security interests" is ambiguous and open to different interpretations, and China's evolving concept of national security could be broader than the scope of what the current DEPA parties envision. This could present a challenge for the DEPA parties to accept China's existing regime as compatible with DEPA on this basis.
In terms of accession to DEPA, the accession provision is in Article 16.4, and is brief and flexible. Paragraph 1 says: "This Agreement is open to accession on terms to be agreed among the Parties, and approved in accordance with the applicable legal procedures of each Party." In essence, the parties, acting through a "Joint Committee," will adopt a decision "approving the terms for an accession and inviting an accession candidate to become a Party," specifying a period "during which the accession candidate may deposit an instrument of accession with the Depositary indicating that it accepts the terms for the accession."