DSET’s Democratic Governance Research Program on Jan. 21 held a launch event for their latest report, “The Authoritarian Gaze: China’s Global Data Reach and the Systemic Risks to Democracy.” This report examines the authoritarian features of its data governance model and identifies the systemic risks it poses. It further analyzes how the data practices of China-linked artificial intelligence services support and reinforce this model, potentially subjecting users in democratic countries to authoritarian control.
The findings were presented by the report’s author and DSET Democratic Governance Research Program Deputy Director You-Hao Lai, with commentary from Chih-Ho Chou, Deputy Director General of the Administration for Cyber Security at the Ministry of Digital Affairs, Yu-Yin Tu, Associate Professor of the Department of Public Administration at Tamkang University, and I-Chen Liu, Asia Pacific Programme Officer at ARTICLE 19.
DSET Democratic Governance Program Director Kai-Shen Huang first explained the necessity of “import screening” in relation to China’s artificial intelligence development. China’s AI strategy focuses on data governance, model development, and commercialization, with an “application-driven model” at its core: AI is first deployed domestically in scenarios such as urban governance, healthcare, and transportation, and once business models mature, the solutions are exported overseas.
Huang pointed out that starting in 2025, China has accelerated the overseas expansion of its AI services through policies such as relaxing cross-border data transfer rules in free trade zones and providing export tax rebates via digital platforms. China’s AI competitiveness stems from an “infrastructure-and-governance overlay model,” in which international data centers support service delivery while the state retains extensive authority to intervene deeply in enterprises. This approach enhances China’s AI competitiveness, but because national security concerns are inseparable from this model, import screening has become a necessary defensive mechanism.
You-Hao Lai said in his presentation, drawing on relevant privacy policies (as of Nov. 15, 2025) and credible media reports, this report examines ten widely used generative AI services that are considered to have operational ties to Chinese companies. These include DeepSeek, Doubao, Cici, Kimi, Quark, Qwen Chat, Baidu AI Search, Monica, Manus, and Talkie. Based on their privacy policies, the report identifies three main pathways through which personal data may be transferred into the People’s Republic of China (PRC): Direct Storage, Intra-Group Sharing, and “Lawful” Government Access.
Lai warned that these data practices reveal a systemic risk: even if a service is offered by a Singapore-based entity, the channels for data flowing back to China remain open. This dynamic extends the reach of China’s authoritarian data governance, entrenching an asymmetrical regime that draws global data inward while preventing its exit—granting Beijing arbitrary, unchecked power to leverage this data for political control.
The report also delves into the democratic risks of Chinese AI as a source of intelligence and driver of information manipulation. Lai emphasized, according to an investigation by U.S. threat intelligence firm Recorded Future—which analyzed open-source intelligence including PLA media reports and patent filings—China’s military and defense industry have likely integrated models like DeepSeek and Qwen into the development of intelligence tools.
The case of GoLaxy (中科天玑) further illustrates that China continues to deploy AI-driven personas targeting Taiwan, pushing tailored content to exploit social divisions and shape public discourse. In this context, Chinese AI functions both as a source of insight into individual and societal vulnerabilities and as a driver of more targeted and potent information manipulation.
To counter Beijing’s “Digital Silk Road,” the report proposes a democratic counter-strategy under the same acronym: 1. Defend: Ban AI services substantially controlled by Chinese entities from government use and critical infrastructure; 2. Screen: Implement inbound review mechanisms that condition market access on data practices—specifically prohibiting the default transfer of user data to China—rather than focusing solely on corporate ownership; 3. Rally: Harmonize regulations with allies (such as the U.S.) to close regulatory gaps.
Responding to the potential risk, Ministry of Digital Affairs Administration for Cyber Security Deputy Director General Chih-Ho Chou noted that under the Principles Restricting the Use of Products Endangering National Cybersecurity, issued by the government in 2019, government agencies are prohibited from using Chinese-branded information and communications technology products for official purposes. The Cyber Security Management Act was also amended in December 2025 to further restrict government agencies from downloading, installing, or using products that endanger national cybersecurity. For the general public, the Ministry of Digital Affairs has adopted technical methods (such as RPZ) to restrict products that pose cybersecurity risks. Chou said that the Ministry will continue to study international best practices, revise relevant laws through comparative analysis to align with international standards, and conduct ongoing cybersecurity awareness campaigns, including cybersecurity risk disclosure.
I-Cheng Liu, Asia Programme Officer at ARTICLE 19, observed that DSET’s research helps fill an important empirical gap in international human rights discussions on China’s digital authoritarianism, particularly with respect to the concrete mechanics of data governance and the risks posed by AI services. He emphasized that if democratic actors seek to effectively counter China’s digital authoritarian model, they must not only expose its risks, but also articulate governance alternatives that are normatively legitimate and institutionally credible; otherwise, they risk losing persuasive power in global narrative competition.
Yu-Yin Tu, Associate Professor in the Department of Public Administration at Tamkang University, cautioned that discussions of AI-related risks linked to China must clearly distinguish between cybersecurity and privacy. He stressed that privacy fundamentally concerns individuals’ autonomy over decisions about data disclosure, and that invoking national security or cybersecurity rationales without due regard for the rule of law and procedural safeguards may ultimately undermine democratic values. To meaningfully differentiate itself from China’s authoritarian data governance model, Tu argued, Taiwan must simultaneously strengthen its personal data protection regime and independent review mechanisms.
During the Q&A session, international media raised concerns about data governance risks faced by multinational companies operating in China, asking whether risks remain when firms from countries such as South Korea, Japan, or Taiwan use U.S.-developed AI models in China while training them on data from Taiwanese users, even if such data have been anonymized. Lai You-Hao responded that as long as a company operates in China, it may be subject to similar data governance and compliance pressures regardless of its nationality, and that neither corporate origin nor model provenance alone is sufficient to eliminate risk.
Lai further underscored that anonymization should not be regarded as a fail-safe safeguard. As AI capabilities continue to advance, the risk of re-identifying anonymized data is increasing. Even though the report deliberately focuses on Chinese AI application services, comparable data governance and user risks, he noted, are structurally embedded in cross-border AI deployment and global data flows more broadly.
*Access DSET Latest Report “The Authoritarian Gaze: China’s Global Data Reach and the Systemic Risks to Democracy”: https://dset.tw/en/research/the-authoritarian-gaze/
