---

Digitization Challenges

TheA similar argument has been made for firms and governments in low and middle income countries who can take advantage of the power of the Internet to foster economic development. According to one official of the Asia-Pacific Economic Cooperation Forum (APEC), technology has enabled SMEs to open in new sectors such as ride-sharing and online order delivery services, and provides them with a "bigger, better opportunity to grow and learn that to join a global value chain."³⁷ Another study of SMEs estimated that the Internet is a net creator of jobs, with 2.6 jobs created for every job that may be displaced by Internet technologies; companies that use the Internet intensively effectively doubled the average number of jobs.³⁸ However, the costs of digital trade can be concentrated on particular sectors (see next section). Digitization Challenges Software, and the software industry, is adding to the GDP in all 50 states, with Idaho and North Carolina growing more than 40% due to software.³⁹ However, the U.S. economy may only be realizing 18% of its digital potential, and it is doing so unevenly across sectors and populations.³¹40 Industries, such as media and those in urban centers, account for a larger share of the benefits. Many in business and research communities are only beginning to understand how to take advantage of the vast amounts of data being collected every day. Some experts estimate digitization could add another $2.2 trillion a year to the U.S. GDP by 2025.³²

41

Additionally, sources of "e-friction" or obstacles can prevent consumers, companies, and countries from realizing the full benefits of the online economy.³³42 Causes of e-friction can fall into four categories: infrastructure; industry; individual; and information. Government policy can influence e-friction, from investment in infrastructure and education to regulation and online content filtering. According to some experts, economies with lower amounts of e-friction may be associated with larger digital economies.³⁴43

While there are numerous positive digital dividends, there are also potential negative and uneven results across populations, such as the displacement of unskilled workers, an imbalance between companies with and without Internet access, and a tendencypotential for some to use the Internet to establish monopolies.³⁵44 While new technologies and new business models present opportunities to enhance efficiency and expand revenues, innovate faster, develop new markets, and achieve other benefits, new challenges also arise with the disruption of supply chains, labor markets, and some industries.

For example, one study found a mismatch between workforce skills and job openings such as in Nashville, Tennessee that has an abundance of workers with music production and radio broadcasting skills but a scarcity of workers with IT infrastructure, systems management and web programming.⁴⁵

The World Bank identified policy areas to ensure, and maintain, the potential benefits of digitization. Policy areas include establishing a favorable and competitive business climate, developing strong human capital, ensuring good governance, investing to improve both physical and digital infrastructure, and raising digital literacy skills. According to the World Economic Forum Competitiveness Rankings, which looks at technological adoption and ICT use, the United States is ranked 17^th.³⁶46 With the rapid pace of technology innovation, more jobs may become automated, with digital skills becoming a foundation for economic growth, for individual workers, companies, and national GDP.³⁷

Figure 4. What is Digital Trade? Examples of international digital trade

Source: CRS. Notes: The above graphic is illustrative only and is not based on a real business or reflective of all aspects of digital trade.

Digital Trade Barriers and Policy Issues

47 Over two-thirds of U.S. jobs created since 2010 require some level of digital skills.⁴⁸ The OECD found that generic ICT skills are insufficient among a significant percentage of the global workforce and few countries have adopted comprehensive ICT skills strategies to help workers adapt to changing jobs.⁴⁹ Digital Trade Policy and Barriers

Policies that affect digitization in any one country's economy can have consequences beyond its borders, and because the Internet is a global "network of networks," the state of a country's digital economy can have global ramifications. Protectionist policies may erect barriers to digital trade, or damage trust in the underlying digital economy, and can result in the fracturing, or so -called balkanization, of the Internet, lessening any gains. What some policymakers see as protectionist, however, others may view as necessary to protect domestic interests. Ensuring a free and open Internet is a stated policy priority for the U.S. government.³⁸ Like other cross-cutting policy areas, such as cybersecurity, no one federal entity has policy primacy on all aspects of digital trade, and the United States has taken a sectoral approach to regulating digitization.

Ensuring a Free and Open Internet39 Ensuring a free and open Internet is a policy priority according to the U.S. Department of State. The U.S. Trade Representative aims to promote this position through global trade. "Digital freedom must triumph over digital protectionism. Around the world, policies restricting the free flow of data and the openness of the Internet are on the rise, threatening to effectively balkanize the Internet... Policies requiring companies to store data locally present another serious threat, making costs prohibitively high for many small businesses, curtailing access to global services, and stifling innovation... Above and beyond its impact on commerce, digital freedom goes to the heart of what it means to live in the information age. Ensuring that the rules of the road for global trade promote the free flow of information and resist artificial barriers has broad ramifications. When data flows are obstructed, everyone from the immigrant keeping in touch with relatives, to the work-from-home entrepreneur connecting with customers, to the aspiring high school blogger can be affected."—U.S. Trade Representative, Ambassador Michael Froman.

The Department of Commerce National Telecommunications and Information Administration notes key U.S. policies that enable a strong digital economy in this country include (1) connecting and empowering users; (2) trusting the private sector and protecting online platforms; (3) a strong and balanced approach to intellectual property that fosters innovation while recognizing "fair use"; and (4) a multi-stakeholder consensus-based process for Internet governance.⁴⁰ The absence of similar policies, or the existence of opposing ones, outside the United States can lead to trade barriers that hinder or block the flow of digital trade.

The Department of Commerce launched a Digital Economy Agenda that identifies four pillars:⁴¹

• Despite common core principles such as protecting citizen's privacy and expanding economic growth, governments face multiple challenges in designing policies around digital trade. The OECD points out three potentially conflicting policy goals in the Internet economy: (1) enabling the Internet; (2) boosting or preserving competition within and outside the Internet; and (3) protecting privacy and consumers more generally.⁵⁰

  Ensuring a free and open Internet is a stated policy priority for the U.S. government.⁵¹ Like other cross-cutting policy areas, such as cybersecurity or privacy, no one federal entity has policy primacy on all aspects of digital trade, and the United States has taken a sectoral approach to regulating digitization. According to an OECD study, the United States is the only OECD country that uses a decentralized, market-driven approach for a digital strategy rather than having an overarching national digital strategy, agenda, or program.⁵²

  Protect a Free and Open Internet53 Protecting a free and open Internet is a policy priority as stated in President Trump's National Security Strategy. "The United States will advocate for open, interoperable communications, with minimal barriers to the global exchange of information and services. The United States will promote the free flow of data and protect its interests through active engagement in key organizations, such as the Internet Corporation for Assigned Names and Numbers (ICANN), the Internet Governance Forum (IGF), the UN, and the International Telecommunication Union (ITU)."

  The Department of Commerce works to promote U.S. digital trade policies domestically and abroad. In 2015, Commerce launched a Digital Economy Agenda that identifies four pillars:⁵⁴

  1. Promoting a free and open Internet worldwide, because the Internet functions best for our businesses and workers when data and services can flow unimpeded across borders;
• 2. Promoting trust online, because security and privacy are essential if electronic commerce is to flourish;
• 3. Ensuring access for workers, families, and companies, because fast broadband networks are essential to economic success in the 21st21^st century; and
• 4. Promoting innovation, through smart intellectual property rules and by advancing the next generation of exciting new technologies.

The Commerce Secretary launched specific efforts to support the Digital Economy Agenda, including a Digital Economy Board of Advisors from across sectors⁵⁵ and a pilot digital attaché program under the foreign commercial service to help U.S. businesses navigate regulatory issues and overcome trade barriers to e-commerce exports.⁴²

56

As with traditional trade barriers, digital trade constraints can be classified as tariff or nontariff barriers. Tariff barriers may be imposed on imported goods used to create ICT infrastructure that make digital trade possible or on the products that allow users to connect, while nontariff barriers, such as discriminatory regulations or local content rules, can block or limit different aspects of digital trade. Often, such barriers are intended to protect domestic producers and suppliers. The ITC estimatedSome estimates indicate that removing foreign barriers to digital trade could increase annual U.S. real GDP by 0.1%-0.3% ($16.7−$41.4 billion), increase U.S. wages up to 1.4%, and add up to 400,000 U.S. jobs in certain digitally intensive industries.⁴³

57

Tariff Barriers

Tariffs may impede goods trade at the border by raising the prices of U.S. products as costs are passed to end customersHistorically, trade policymakers focused on overt trade barriers such as tariffs on products entering countries from abroad. Tariffs at the border impact goods trade by raising the prices of products for producers or end customers, if tariff costs are passed down, thus limiting market access for U.S. exporters selling products, including ICT goods. Quotas may limit the number or value of foreign goods, persons, suppliers, or investments allowed in a market.

Global exports of ICT goods reached $1.6 trillion in 2013, and production is increasingly concentrated in a few countries, with China (32% of ICT good exports), the United States (9%), and Singapore (8%) ranking at the top.⁴⁵ Forecasts for IT spending in 2017 are mixed as analysts weigh the potential impacts of new policies under the Trump Administration and the UK's departure from the EU, among other factors.⁴⁶ Semiconductors, a key component in many electronic devices, are a top U.S. ICT export. They were the number three U.S. manufactured export over the last five years with 2014 sales of $172.9 billion.⁴⁷ U.S. ICT services are often inputs to final demand products that may be exported by other countries, such as China. Since 1998, WTO countries have agreed to not impose customs duties on electronic transmissions covering both goods (such as e-books and music downloads) and services. While the United States is a major exporter and importer of ICT goods, tariffs are not levied on many of the products due to free trade agreements (FTAs) and the World Trade Organization (WTO) Information Technology Agreement (see below). Tariffs may still serve as trade barriers for those countries or products not covered by existing FTAs or the WTO ITA.

Nontariff Barriers

Nontariff barriers (NTBs) are not as easily quantifiable as tariffs, but can also create. Like digital trade, NTBs have evolved and may post significant hurdles to companies seeking to do business abroad. NTBs often come in the form of laws or regulations that intentionally or unintentionally discriminate and/or hamper the free flow of digital trade.

Nondiscrimination between local and foreign suppliers is a core principle encompassed in global trading rules and U.S. free trade agreements. While WTO agreements cover physical goods, services, and intellectual property, there is no explicit provision for nondiscrimination for digital goods. As such, NTBs that do not treat digital goods the same as physical ones could limit a provider's ability to enter a market.

Broader governance issues, including rule of law, transparency, and investor protections, can pose barriers and limit the ability forof firms and individuals to successfully engage in digital trade.

Similarly, market access restrictions on investment and foreign ownership, or on the movement of people, whether or not specific to digital trade or ICT sectors, may limit a company's ability enter a foreign market. Other NTBs are more specific to digital trade.

Localization Requirements

Localization measures are defined as measures that compel companies to conduct certain digital-trade-related activities within a country's borders.⁵³64 Governments often use privacy or national security arguments as justifications for these measures. Though localization policies can be used to achieve legitimate public policy objectives, some are designed to protect, favor, or stimulate domestic industries, service providers, or intellectual property at the expense of foreign counterparts and, in doing so, function as nontariff barriers to market access. FreeIn recent free trade agreements, such as the TPP, aimthe United States has aimed to ensure an open Internet and eliminate digital trade barriers, while preserving flexibility for governments to pursue legitimate policy objectives (see below).

Cross-Border Data Flow Restrictions

According to a 2017 USITC report, data localization was the most cited policy measure impeding digital trade and the number of data localization measures globally has doubled in the last six years.⁶⁵ Regulations limiting cross-border data flows and requiring local storage are a type of localization requirement that prohibit companies from exporting data outside a country. Such restrictions can pose barriers to companies whose transactions rely on the Internet to serve customers abroad and operate more efficiently. For example, data localization requirements can limit e-commerce transactions that depend on foreign financial service providers or multinational firms' full analysis of big data from across an entire company or global value chain. Regulations limiting cross-border data flows may force companies to build local server infrastructure within a country, not only increasing costs and decreasing scale, but also creating data silos that may be more vulnerable to cybersecurity risks.

Data localization requirements pose barriers to companies' efforts to operate more efficiently by migrating to the cloud. In 2014, 22% of businesses in OECD member countries used cloud computing services, with higher use among large enterprises, and the number is accelerating.⁵⁴ For example, AT&T has said that it plans to move 80% of its applications into a private cloud by the end of 2016.⁵⁵ To better serve consumers of Google's many cloud services (e.g., Gmail, search, maps) globally, the company is opening more data centers in the United States and internationally.⁵⁶ For companies more hesitant to embrace the cloud due to the security and regulatory concerns, Oracle Corp. has launched a hybrid cloud service offering.⁵⁷

The Internet, and cloud services specifically, has been called the great equalizer, as it allows small companies access to the same information and the same computing power as large firms using a flexible, scalable, and on-demand model. For example, Thomas Publishing Co., a U.S. mid-sized, private, family-owned and operated business, is transporting data from its own computer servers to data centers run by Amazon.com Inc.⁵⁸ A similar argument has been made for firms and governments in low and middle income countries who can take advantage of the power of the Internet to foster economic development.

According to a USITC April 2015 report, the United States has the largest cloud computing industry globally (based on revenues) and 9 of the 10 largest cloud computing service providers (based on estimated number of servers).

Nevertheless, regulations or policies that limit data flows create barriers to firms and countries seeking to consume cloud services. As part of its submission to the U.S. Trade Representative (USTR) for the 2016 National Trade Estimate Report on Foreign Trade Barriers (NTE), for example, the Information Technology Industry Council (ITI) noted an increase in the use of forced localization measures, citing examples in China, Indonesia, Nigeria, Russia, Turkey, and Vietnam.⁵⁹ The Business Software Alliance's 2016 Global Cloud Computing Scorecard highlighted countries with improved policy environments but also those with localization requirements, particularly Russia's data protection framework (which contains prescriptive data localization requirements).⁶⁰

According to some analysts, computing costs in markets with localization measures can be 30-60% higher than in more open markets.⁶⁶

Data localization requirements pose barriers to companies' efforts to operate more efficiently by migrating to the cloud or to SMEs attempting to enter new markets. According to some estimates, 70% of all 2015 global Internet traffic went through cloud data centers compared to 30% in 2011, and approximately 40% of those cloud data center workloads were in North America.⁶⁷ In 2014, 22% of businesses in OECD member countries used cloud computing services, with higher use among large enterprises, and the number is accelerating.⁶⁸ Most of the largest global providers of cloud computing services are U.S. companies (Amazon, Microsoft, Google, and IBM).

Regulations or policies that limit data flows create barriers to firms and countries seeking to consume cloud services. One U.S. business group noted increased forced localization measures, citing examples in China, Colombia, EU, Indonesia, South Korea, Russia, and Vietnam.⁶⁹ The Business Software Alliance's 2018 Global Cloud Computing Scorecard highlighted barriers to cloud services in Indonesia, Russia, and Vietnam.⁷⁰ For example, to comply with localization requirements and continue to serve consumers of Google's many cloud services (e.g., Gmail, search, maps) globally, the company is opening more data centers in the United States and internationally.⁷¹

Other Localization Requirements

In addition to cross-border data flow restrictions, localization policies include requirements to use local content, whether hardware or software, as a condition for manufacturing or access to government procurement contracts; use local infrastructure or computing facilities; or partner with a local company and transfer technology or intellectual property to that partner. Localization requirements can also pose a threat to intellectual property (discussed below).

Intellectual Property Rights (IPR) Infringement

Intellectual property rights (IPR)⁶²74 are legal, private, enforceable rights that governments grant to inventors and artists; they generally provide right holders with time-limited monopolies over the use of their creations, enabling them to exclude others from using their creations without their permission. IPR come in a variety of forms, such as patents, copyrights, trademarks, and trade secrets. While they are intended to encourage innovation and creative output by allowing inventors and artists to reap the benefits of the time and money they direct to developing IP, the rights are time-limited so that other inventors and artists can build on them and society can benefit more broadly through wider availability of works.

A wide range of U.S. industries rely on IPR protection. According to the Department of Commerce, IP-intensive industries accounted for about $6.6 trillion in value added, or 38.2% of U.S. gross domestic product (GDP) in 2014.⁶³75 These industries also were estimated to account for $842 billion (or 52% of) U.S. merchandise exports in 2014; and $81 billion (or 12.3% of) U.S. private services exports in 2012.⁶⁴76 In 20152016, U.S. charges for the use of IP (i.e., receipts of royalties and license fees) totaled about $125124 billion, representing 1716% of U.S. services exports, while U.S. payments for the use of IP (i.e., payments of royalties and license fees) totaled about $4044 billion, representing about 89% of U.S. services imports.⁶⁵77 Given the role of IP in the U.S. economy, IPR infringement presents significant trade and economic concerns for U.S. policymakers (see text box).

While the Internet and digital technologies have opened up markets for international trade, they also have raised challenges of IPR infringement (e.g., theft of IP, such as copyright piracy or counterfeiting of trademarks). Innovations in digital technologies fuel IPR infringement by enabling the rapid duplication and distribution of content that is low-cost and high-quality, making it easy, for instance, to pirate music, movies, software, and other copyrighted works and to share them globally. The Internet provides "ease of conducting commerce through unverified vendors, inability for consumers to inspect goods prior to purchase, and deceptive marketing."⁶⁷79 IPR enforcement in the digital environment raises particular challenges.⁶⁸

80

Efforts to address IPR infringement raise issues of balance about, on one hand, protecting and enforcing IPR to incentivize innovation and, on the other hand, setting appropriate limitations and exceptions to ensure other economically and socially valuable uses. U.S. stakeholders differ on how to address such issues. Representatives of "content" industries have singled out Internet-enabled piracy as the most important barrier to digital trade for their industries (see text box). Barriers include foreign websites that facilitate IPR infringement, such as through hosting pirated content or connecting users to such content. Cyber theft of trade secrets presents additional, increasingly prominent, barriers to digital trade.⁶⁹81 Content industries say that IP theft costs them sales, takes away from legitimate services, harms investors in these businesses, damages their brand or reputation, and hurts "law-abiding" consumers.⁷⁰82

Identifying those responsible for IPR infringement is challenging. Companies in technology products and services sectors express concerns over unpredictable legal frameworks in foreign countries for online intermediary liability regarding infringing or illegal content transmitted over their systems. For example, they contend that foreign courts use outmoded Internet service provider (ISP) liability laws that impose substantial penalties on ISPs, which deter investment and market entry and, in turn, impede legitimate online services.⁷¹ Countries identified by the USTR as having imposed liability in ways that are contrary to U.S. intermediary liability policy include France, Germany, Italy, India, and Vietnam.⁷²

Some technology product and service companies, as well as some civil society groups, also assert that overly stringent IPR policies may stifle information flows and legitimate digital trade. Thus, they highlight and promotesupport exceptions and limitations to IPR, such as for "fair use"—a doctrine recognized in U.S. law that permits limited use of copyrighted works without requiring permission from the right holder in certain cases, such as criticism, comment, news reporting, research, scholarship, and teaching.⁷³

The USTR's National Trade Estimate Report similarly For example, the USTR cites concerns regarding proposals for mandatory fees in the EU for linking to content published online, efforts that the USTR says appear to be targeting particular news aggregators that "index and allow users to more conveniently find and access such content by the inclusion in search results of headlines or other extracts of the stories that the underlying publisher typically offers, without charge (e.g., supported by advertising) on its own website."⁷⁴83

Other IPR-related barriers to digital trade include government measures, policies, and practices that are intended to promote domestic "indigenous innovation" (i.e., develop, commercialize, and purchase domestic products and technologies) but that can also disadvantage foreign companies. These measures can be linked to "forced" localization barriers to trade. China, for instance, conditions market access, government procurement, and the receipt of certain preferences or benefits on a firm's ability to show that certain IPR is developed in China or is owned by or licensed to a Chinese party. Another example is India's data and server localization requirements, which USITC firms assert hurts market access and innovation in their sector. (See above.)

National Standards and Burdensome Conformity Assessment

Local or national standards that deviate significantly from recognized international standards may make it difficult for firms to enter a particular market. An ICT product or software that conforms to international standards, for example, may not be able to connect to a local network or device based on a local or proprietary standard. Also, proprietary standards can limit a firm's ability to serve a market if their company practices or assets do not conform with (nor do their personnel have training in) those standards. As a result, customers in those markets have trouble accessing international providersU.S. companies may not be able to reach customers or partners in those countries.

Similarly, redundant or burdensome conformity assessment or local registration and testing requirements often add time and expense for a company trying to enter a new market, and serve as a deterrent to foreign companies. For example, India's Compulsory Registration Order (CRO) mandates that manufacturers register their products with laboratories affiliated or certified by the Bureau of Indian Standards, even if the products have already been certified by accredited international laboratories, and is an often-cited concern for U.S. businesses facing delays getting products to market.⁸⁴ If a company is required to provide the source code, proprietary algorithms, or other IPIf a company is required to provide the source code for ICT products to gain market access, it may fear theft of their IP and not enter that market (see above).

Filtering, Blocking, and Net Neutrality

In some nations, government seeks strict control over digital data within its borders, such as what information people can access online, and how information is shared inside and outside its borders. Governments that filter or block websites, or otherwise impede access, form another type of non-tariff barrier. For example, China has asserted a desire for "digital sovereignty" and has erected what is termed by some as the "great firewall." A recent Great Firewall." A change to China's Internet filters also blocks virtual private network (or VPN) access to sites beyond the great firewall. Virtual private networksGreat Firewall. VPNs have been used by Chinese citizens to use websites like Facebook and by companies to access data outside of China (e.g., information from foreign subsidiaries or partners).⁸⁵

While China is the most well-known, it is not alone in seeking to control access to websites. For example, Thailand established a Computer Data Filtering Committee to use the court system to block websites that it views as violating public order and good order, as well as intellectual property.⁸⁶ In Russia, citizens protested government censorship, including the blocking of a popular messaging application along with other websites and online tools.⁸⁷

have been used by Chinese citizens to use websites like Facebook.⁷⁵ A rule issued by China's State Administration of Press, Publication, Radio, Film and Television and the Ministry of Industry and Information Technology bans all foreign media from publishing online. According to press reports, apart from select individual collaboration projects, only companies that are 100% Chinese-owned will be able to produce online content, and only after approval from Chinese authorities and the acquisition of an online publishing license; foreign-owned or joint venture companies will be blocked from participating.⁷⁶

According to recent press reports, Russia is now looking to emulate many of China's restrictive Internet practices.⁷⁷

Due to the global nature of the Internet, one nation's preferences or regulations can have spillover effects on the rest of the world. French privacy authorities, for example, fined Google $112,000 for not applying a ruling on the "right to be forgotten" and deleting certain content across the company's domains worldwide.⁷⁸88 While Google had adopted the ruling by the Court of Justice of the European Union (CJEU) across all of its European operations, it had not done so globally, given that there is no one international standard or policy it is required to comply with. In one critic's view, "France is trying to force its domestic policies on the rest of the world by coercing a global company that resides in its borders to implement those policies on all its users."⁷⁹ These types of challenges may increase with the implementation of the EU General Data Protection Regulation (see "General Data Protection Regulation (GDPR)").The conflict between Google and the EU authorities illustrate the complexity of the Internet and evolving technologies, and the lack of global standards that prevails in other areas of international trade.

National-level net neutrality policies also differ widely. Net neutrality rules govern the management of Internet traffic as it passes over broadband Internet access services (BIAS), whether those services are fixed or wireless. In contrast to China, in the United States, the Federal Communications Commission (FCC) rules ban the blocking of legal content, forbid paid prioritization of content for consideration or to benefit an affiliate, and prohibit the throttling of legal content by BIAS providers.⁸⁰ In the EU, however, the Telecoms Single Market legislation allows providers to offer a zero rating and have discretion on managing traffic during times of network congestion, subject to regulator's approval.⁸¹ As a result, each end user's access may be subject to the preferences and decisions of a telecom supplier.

Allowing Internet access providers to limit or otherwise discriminate against content providers, foreign and domestic, may create a non-tariff barrier.⁸⁹ In the United States, the Federal Communications Commission (FCC) classification of broadband internet service providers (ISPs) has been controversial domestically and may differ from how U.S. trading partners regulate ISPs.

Cybersecurity Risks

The growth in digital trade has raised issues related to cybersecurity, the act of protecting ICT systems and their contents from cyberattacks. Cyberattacks in general are deliberate attempts by unauthorized persons to access ICT systems, usually with the goal of theft, disruption, damage, or other unlawful actions. Cybersecurity can also be an important tool in protecting privacy and preventing unauthorized surveillance or intelligence gathering.⁸²

Cyberattacks can pose broad risks to financial and communication systems, national security, privacy, and digital trade and commerce. Examples in the commercial sector include hacks into JPMorgan's systems in which customers' personal information was accessed, later blamed on Iran, and breaches of Sony Pictures Entertainment in which proprietary information and internal communications were stolen and exposed, later blamed on North Korea.⁸³ Another issue is that companies90 According to the White House Council of Economic Advisers, malicious cyber activity (i.e., business disruption, theft of proprietary information) cost the U.S. economy up to $109 billion in 2016.⁹¹

Cyberattacks can pose broad risks to financial and communication systems, national security, privacy, and digital trade and commerce. Cybersecurity risks run across all industry sectors that rely on digital information. In the entertainment industry, for example, Iranian hackers stole unreleased episodes of HBO's "Game of Thrones" series, holding them for ransom, and potentially costing the company and risking intellectual property and harm to the corporate reputation.⁹²

The 2017 WannaCry ransomware attack impacted public and private sector entities in over 150 countries with direct costs of at least $8 billion due to computer downtime, according to one estimate.⁹³ In the widespread attack, computers in homes, schools, hospitals, government agencies, and companies were hit. The United States publicly attributed the cyberattack to North Korea, stating that "these disruptions put lives at risk."⁹⁴

Companies that rely on cloud services to store or transmit data may choose to use enhanced encryption to protect the communication and privacy, both internally and of their end customers. This, in turn, may impede law enforcement investigations if they are unable to access the encrypted data.⁸⁴

U.S. Digital Trade with the EU and China

95 However, restrictions on the ability for a firm to use encryption may make a company vulnerable to cyberattacks or cybertheft, demonstrating the need for policies and regulations to balance competing objectives. U.S. Digital Trade with Key Trading Partners

The European Union (EU) and China are large U.S. digital trade partners and each has presented various challenges for U.S. companies, consumers, and policymakers.

European Union

Differences in United StatesU.S. and EU policies have had ramifications on digital flows and international trade. The two partners' varying approaches to digital trade, privacy, and national security, have, at times, threatened to disrupt U.S.-EU data flows.

The transatlantic economy is the largest in the world, encompassing 46% of global GDP and 11% of the world's population.⁸⁵ Similarly, and cross-border data flows between the United States and EU are the highest in the world. One estimate indicates that the United States exported $140.6 billion of digitally delivered services to the EU in 2012, which was 72% of total U.S. exports to the EU.⁸⁶ Many of these services are used to create further exports as part of GVCs. Of the digitally delivered services exported to the EU, 53% were incorporated into EU exports. In the opposite direction, the United States imported $86.3 billion of the same from the EU, 62% of which were incorporated into U.S. exports.⁸⁷ Furthermore, almost 40% of the data flows between the United States and EU are through business and research networks.⁸⁸

Despite close economic ties, differences between the United States and EU in their approaches to data protection have caused friction in U.S.-EU economic and security relations. On October 6, 2015, the Court of Justice of the European Union (CJEU) invalidated the Safe Harbor Agreement under which personal data could legally be transferred between EU member countries and the United States. The decision was driven by European concerns that the U.S. approach to data privacy did not guarantee a sufficient level of protection for European citizens' personal data.

U.S. and EU officials announced the EU-U.S. Privacy Shield to replace the Safe Harbor agreement in early 2016, and it entered into force on July 12, 2016. The final agreement included additional obligations on the U.S. government, including a new ombudsman in the U.S. State Department and supplementary safeguards and limitations on surveillance, and on U.S. companies, such as robust data processing obligations. The Privacy Shield also involves proactive monitoring and enforcement by U.S. agencies, and is subject to an annual joint review by the United States and the EU.

The president of the French data protection authority (CNIL), Isabelle Falque-Pierrotin, stated that Privacy Shield is an opportunity to "build a common standard" between the EU and United States in cross-border data protection.⁸⁹ If the United States and EU are able to build a common standard, other parties may decide to adopt it, establishing a de facto global standard. Since then, the United States and Switzerland agreed to the Swiss-U.S. Privacy Shield, which will be "comparable" to the U.S.-EU agreement.⁹⁰ While companies are currently able rely on the Privacy Shield to ensure their digital data flows are allowed between the United States and EU, privacy advocates and others have begun to challenge the Privacy Shield in court which may, in turn, cause companies to hesitate enrolling in the program.⁹¹

EU Digital Regulations As illustrated with the DPD (discussed above), EU policymakers are attempting to bring more harmonization across the region. Another initiative is the Digital Single Market (DSM). The DSM is an ongoing effort to unify the EU market, facilitate trade, and drive economic growth. The DSM has three pillars: (1) better online access to digital goods and services through cross-border online activity; (2) high-speed, secure, trustworthy infrastructure that is supported by a regulatory environment supporting investment and fair competition; and (3) ensuring the digital economy as a driver for growth through investment in infrastructure, research and innovation, and an inclusive society and skilled citizen. The European Commission's strategy for a digital single market encompasses issues such as the portability of legally acquired content, cross-border data flows, copyright protection exceptions and limitations, intermediary liability, and enforcement. Some voice concern about the extent to which the finalized DSM regulations will be consistent with U.S. companies' interests. For example, the United States has identified as a concern the Commission's consideration of a "duty of care" proposal as part of the DSM, which would "require some platforms to more proactively monitor and filter illegal content ... despite logistical difficulties and implications for free expression."92 Concerns also arise from the Commission's May 2016 package of e-commerce proposals that contain an update of the Audiovisual Media Services Directive (AVMSD) that includes rules on platform liability and local content requirements.93 While the DPD set out common rules on how information about European citizens may be collected and used across all industries, each EU member state is responsible for implementing the Directive through its own national laws. To modernize the DPD and facilitate the creation of the DSM, EU member states (acting in the Council of the European Union) and the European Parliament reached political agreement in late 2015 on a new General Data Protection Regulation (GDPR).94 In contrast to the DPD, the GDPR will be directly applicable in all EU member states, thus establishing a single set of rules (rather than harmonized ones) for data protection throughout the EU. However, one observer contends that there are still approximately 40 provisions that allow individual member states to set their own standards.95 The EU published the final GDPR on May 4, 2016; member states will have until May 25, 2018, to fully implement its provisions.96 While the EU has begun to release guidance documents,97 U.S. industry has voiced concern about the lack of clarity regarding some of the GDPR requirements and also about the potentially high penalties that may be imposed for violations (up to 2% of their annual worldwide revenues). Despite the lack of precise guidance, many companies have begun to analyze the regulation and plan for implementation. The potential impact of the GDPR on the EU-U.S. Privacy Shield is unclear, while the impact of the UK leaving the EU on either EU initiative is uncertain, although the UK's Information Commissioner supports amending UK data protection laws to meet the GDPR standards.98

These issues are likely to come up if the Transatlantic Trade and Investment Partnership (T-TIP) negotiations between the United States and EU resume under the Trump Administration. (See below.)

China

China presents a number of significant opportunities and challenges for the United States vis-a-vis digital trade. According to the Chinese government, at the end of December 2015, there were 688 million Internet users in China, including 620 million mobile Internet users. E-Marketer, a research firm that tracks digital issues, estimated China's e-commerce sales in 2014 totaled $672 billion (nearly double the U.S. level) and projected this would surge to $1.6 trillion by 2018.⁹⁹ E-Marketer also estimated that Chinese cross-border e-commerce sales would increase from $30.1 billion in 2014 to $85.8 billion in 2016, and by 2020 would reach $157.7 billion.¹⁰⁰ Although many U.S. firms may benefit from expanding digital trade in China, they may face numerous challenges as well.

Internet Governance

In December 2015, Chinese President Xi Jinping in a speech declared that the international community should respect the Internet sovereignty of individual countries in "choosing their own Internet development path, Internet governance, and Internet policies." To many observers, this represents a growing effort by the Chinese government to expand its control over the Internet in China in a way that could have negative consequences for U.S. firms attempting to do business in China, as well as for Chinese entrepreneurs.

The USTR's 2016 National Trade Estimates of Foreign Trade Barriers stated: "Over the past decade, China's filtering of cross-border Internet traffic has posed a significant burden to foreign suppliers, hurting both Internet sites themselves, and users who often depend on them for their businesses."

Outright blocking of websites appears to have worsened over the past year, with 8 of the top 25 most trafficked global sites now blocked in China. Examples of blocked sites include Google services (e.g., Gmail), Twitter, Facebook, YouTube, and The New York Times. An example of the unpredictability of China's Internet market occurred in April 2016, when Chinese regulators, for unexplained reasons, suspended Apple iTunes Movies and iBooks Store, and DisneyLife services that had been operating in China for months.

IP Theft

China is considered by most analysts to be the largest source of global theft of IP. A May 2013 report by the Commission on the Theft of American Intellectual Property estimated that IP theft by Chinese entities annually cost the U.S. economy up to $240 billion. China is also considered to a major source of cybertheft of U.S. trade secrets, including by government entities. In May 2014, the United States Department of Justice indicted five members of the Chinese People's Liberation Army (PLA) for government-sponsored cyber espionage against U.S. companies and theft of proprietary information to aid state-owned enterprises (SOEs). In April 2015, President Obama issued an executive order authorizing certain sanctions against "persons engaging in significant malicious cyber-enabled activates."

Shortly before the arrival of Chinese President Xi's state visit to the United States, in September 2015, the Obama Administration indicated that it was considering imposing sanctions against Chinese entities over cybertheft, a move that likely could have led to a cancellation of Xi's visit. China sent a large delegation to the United States to discuss the issue, and during Xi's visit, the two sides reached an agreement whereby the two sides stated that "neither country's government will conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors." The two sides also agreed to regularly hold high-level consultations on cyber issues (see textbox on the U.S.-China Cybersecurity Working Group).

New Restrictions on Information and Communications Technology

According to the USTR's 2015 report on China's WTO accession, while progress has been made to delink China's efforts on indigenous innovation from government procurement at the central and local levels, such policies have continued in other areas.

Many foreign business groups have expressed increasing concerns over a number of recently proposed or enacted laws and regulations on information and communications technology (ICT) products and services that could limit foreign access to ICT markets in China on so-called national security grounds. Several proposals include language stating that critical information infrastructure should be "secure and controllable," an ambiguous term that has not been precisely defined by Chinese authorities. Other proposals lay out policies to promote indigenous ICT industries or would require foreign firms to hand over proprietary information. According to the U.S. Department of Commerce,

The policies set forth in these measures could cause long-term damage to U.S. businesses trying to sell ICT products into China, a market estimated to be worth about $465 billion this year. They also could add significant costs to foreign ICT companies operating in China and could prevent them from supplying the China market with the most technologically advanced and reliable products.¹⁰¹

Such restrictions could have a significant impact on U.S. ICT firms. According to BEA, U.S. exports of ICT services and potentially ICT-enabled services (i.e., services that are delivered remotely over ICT networks) to China totaled $12.8 billion in 2015.¹⁰² Examples of recently passed or proposed measures of concern to foreign ICT firms include the following:

• In 2014, the China Banking Regulatory Commission issued guidelines for IT security equipment used in banks (such as for cash machines and smartcard chips), which included provisions on encryption and the disclosure of source code. The guidelines emphasized the importance of developing local technology and stated the need for "secure and controllable technologies" in the banking sector, with the goal of 15% in 2015, growing to no less than 75% in 2019. China suspended some of the guidelines in April 2015. At the June 2015 S&ED session, China agreed to ensure that bank ICT regulations "will be nondiscriminatory, are not to impose nationality-based requirements, and are to be developed in a transparent manner."¹⁰³
• China's national security law (enacted in July 2015) emphasizes the State's role. It includes a provision (Article 24) that "the State strengthens the establishment of capacity for independent innovation, accelerating the development of autonomously controlled strategic advanced technologies and key technologies in core fields, strengthens the use of intellectual property rights, protects capacity building in protection of technological secrets, and ensures security in technology and engineering."¹⁰⁴ Article 59 says that "the State establishes national security review and oversight management systems and mechanisms, conducting national security review of foreign commercial investment, special items and technologies, internet information technology products and services, projects involving national security matters, as well as other major matters and activities, that impact or might impact national security."
• In October 2015, the China Insurance Regulatory Commission issued new draft rules on cybersecurity in the insurance industry. The draft rules called for the adoption of "secure and controllable" technology by insurance companies, data localization requirements, and the use of products and systems employing domestic encryption methods. On June 1, 2016, 28 business groups sent a letter to the chairman of the China Insurance Regulatory Commission, arguing that the draft rules "would create unnecessary obstacles to international trade and likely to constitute a means of arbitrary or unjustifiable discrimination against providers in countries where the same conditions prevail."¹⁰⁵ On June 2, 2016, the United States raised concerns about the draft regulations in the WTO Committee on Trade-Related Measures, arguing that such language appears to require that Chinese insurance firms give preferences to Chinese domestic providers of hardware equipment and software over foreign firms.¹⁰⁶
• In December 2015, China enacted a new counterterrorism law that requires telecommunications operators and Internet service providers to "provide technical interfaces, decryption and other technical support assistance to public security organs and state security organs conducting prevention and investigation of terrorist activities."¹⁰⁷ Originally, the Chinese government sought to require operators to provide encryption codes (i.e., security back-door access) and to store local user data on servers within China, but these provisions were dropped in the final draft of the law, in part because of sharp criticism by President Obama, who contended that such rules "would essentially force all foreign companies, including U.S. companies, to turn over to the Chinese government mechanisms where they can snoop and keep track of all the users of those services."
• China passed a new cybersecurity law on November 7, 2016, which appears to promote the development of indigenous technologies and impose restrictions on foreign firms.¹⁰⁸ Article 15 directs government entities to "support key network security technology industries and programs; support network security technology research and development, application and popularization; spread safe and trustworthy network products and services; protect the intellectual property rights for network technologies; and support research and development institutions, schools of higher learning, and so forth to participate in State network security technology innovation programs." Article 23 states that "Critical network equipment and specialized network security products shall follow the national standards and mandatory requirements, and be safety certified by a qualified establishment or meet the requirements of a safety inspection, before being sold or provided. The state network information departments, together with the relevant departments of the State Council, formulate and release a catalog of critical network equipment and specialized network security products, and promote reciprocal recognition of safety certifications and security inspection results to avoid duplicative certifications and inspections."¹⁰⁹ Article 37 states that personal information and other important data gathered or produced by critical information infrastructure operators during operations within China must be stored in China. A statement issued by Amcham on November 7 said the new law would not "do much to improve security," but rather, "create barriers to trade and investment." Other critics contend that provisions of the law are too broad or vague as to the level of cooperation Internet firms are required to give to government authorities and would impose new Internet restrictions.¹¹⁰
• In May 2017, 53 international business groups sent a letter to the Chinese government, asking it to delay implementation of its new cybersecurity law, noting concerns over provisions that restrict of cross-border data flows, impose forced technology requirements on foreign firms, impose trade-inhibiting security reviews and requirements for ICT products and services, and establish broad requirements for data sharing and technical assistance. While many multinational companies have continued to voice concern about the lack of clarity of the law's requirements, most aspects of the cybersecurity law went into force on June 1, 2017, with the Cyberspace Administration of China beginning to conduct national security reviews on technology suppliers.¹¹¹ China did postpone the implementation of the cross-border data flow restrictions, giving companies until the end of 2018 to comply.
• China's recent five-year plans and other government policy pronouncements have laid out a number of plans to boost innovation and promote the development of indigenous ICT and other high-tech sectors, including semiconductors (see Appendix 1).

A 2016 U.S.-China Business Council survey found that 79% of respondents are concerned about China's data and IT security policies, including the impact they have on day-to-day business operations. A U.S. Chamber of Commerce report contends that a decision by China to "purge foreign ICTs" would reduce China's annual GDP by 1.77% up to 3.44%, or at least $200 billion (based on 2015 GDP), and would cost the economy at a minimum nearly $3 trillion overall by 2025.¹¹²

U.S.-China BIT Negotiations

In 2008, the United States and China launched negotiations for a bilateral investment treaty (BIT), an agreement that typically contains provisions to encourage and provide reciprocal investment protections in order to enhance bilateral commercial ties. In 2013, China agreed to negotiate a "high standard" BIT with the United States, which would include opening new sectors to FDI and generally treating U.S.-invested firms in China the same as Chinese firms. China agreed to negotiate investment liberalization on a negative list basis, meaning only those industries listed in the agreement would be closed off to foreign investment—all other sectors would be open. Many analysts contend that a BIT could significantly boost bilateral FDI and trade flows. Such an agreement, if concluded, might provide significant new opportunities for U.S. firms that are engaged in digital trade.¹¹³ However, the USTR's 2016 report on China's WTO compliance indicated that while China has been fully engaged in the BIT negotiations, it "has not yet decided to pursue a sufficient reduction of its investment restrictions to enable the successful conclusion of those negotiations."¹¹⁴ It is unclear if the BIT talks will continue under the Trump Administration.

U.S.-China Cybersecurity Working Group As a result of the 2015 S&ED meeting and cybersecurity agreement, the United States and China established U.S.-China High-Level Joint Dialogue on Cybercrime and Related Issues.115 According to the White House, the group "will be used to review the timeliness and quality of responses to requests for information and assistance with respect to malicious cyber activity of concern identified by either side." The group first met in December 2015 and agreed on guidelines, conducting a tabletop exercise, a hotline mechanism, and enhanced cooperation on cyber-enabled crime.116 At the second meeting in June 2016, the parties agreed to a second tabletop exercise, implementation of the hotline, cooperation in network protection, information sharing, and the first U.S.-China Senior Experts Group on International Norms in Cyberspace and Related Issues. They also agreed to cooperate on investigations, combatting IP theft, and law enforcement operations in specific areas.117 The third working group meeting took place on December 8, 2016. Discussions were held on combatting cybercrime and cyber-enabled crime, network protection, misuse of technology and communications to facilitate violent acts of terrorism, and the operation of the U.S.-China Cybercrime and Related Issues Hotline Mechanism. It is unclear what effect the dialogue has had on Chinese cyber-theft of U.S. trade secrets. Some have speculated that, given the importance of cyber issues, the bilateral cyber working group will likely continue into the Trump Administration.118

As negotiations with each of the EU and China demonstrate, there no single international standard that governs digital data flows, and the topic is treated inconsistently, if at all, in trade agreements.

A United Nations Conference on Trade and Development (UNCTAD) report exploring data protection pointed out that differences in social and cultural norms affect if, and how, countries regulate privacy, which in turn can have trade implications.¹¹⁹ In reviewing privacy and data flow regimes at national and regional levels globally, UNCTAD identified common core principles: openness, collection limitation, purpose specification, use limitation, security, data quality, access and correction, and accountability.¹²⁰ The report urges global work toward an agreement or mechanism to promote international harmonization or compatibility between the different regimes. After all, "(c)reating trust online is a fundamental challenge to ensuring that the opportunities emerging in the information economy can be fully leveraged."¹²¹

Despite common core principles, governments face multiple challenges in designing policies. The OECD points out three potentially conflicting policy goals in the Internet economy: (1) enabling the Internet; (2) boosting or preserving competition within and outside the Internet; and (3) protecting privacy and consumers more generally.¹²²

Digital Trade Provisions in Trade Agreements

As digital trade has emerged as an important component of trade flows, it has risen in significance on the trade policy agenda of many countries, including the United States. Given the current stalemate in the WTO Doha Round negotiations, multilateral trade agreements have not kept pace with the complexities of the digital economy and digital trade is treated unevenly, if at all, in existing WTO agreements. More recent bilateral and plurilateral deals have started to address digital trade The United States and EU trade $2.7 billion a day worth of goods and services and the annual digital services trade between the two regions is approximately $260 billion.⁹⁶ The two sides also account for a significant portion of each other's e-commerce trade (see Figure 4).

Figure 4. Select U.S.-EU Cross-Border E-Commerce Purchases

Source: Kati Souminen, "Where the Money Is: The Transatlantic Digital Market," CSIS, October 12, 2017.

Notes: 48% of German and 70% of UK shoppers purchase from U.S. e-commerce sites. 49% of U.S. e-commerce purchases are from UK sites.

The United States and EU account for almost half of each other's digitally deliverable service exports (e.g., business, professional, and technical services) and many of these services are incorporated into exported goods as part of GVCs (see Error! Reference source not found. and Figure 6).⁹⁷ The UK alone accounted for 23% of U.S. digitally deliverable services exports.⁹⁸ Almost 40% of the data flows between the United States and EU are through business and research networks.⁹⁹

Figure 5. Digitally Deliverable Service Exports 2017

Source: Where the Money Is: The Transatlantic Digital Market," CSIS, October 12, 2017.

Figure 6. Digitally Deliverable Services Incorporated into Global Value Chains

Source: Where the Money Is: The Transatlantic Digital Market," CSIS, October 12, 2017.

Despite close economic ties, differences between the United States and EU in their approaches to data flows and digital trade have caused friction in U.S.-EU economic and security relations. To address some of these differences, in 2013, the United States and the EU began negotiating a broad FTA to reduce and eliminate tariff and nontariff barriers on goods, services, and agriculture, as well as to establish globally relevant trade rules and disciplines that expand on WTO commitments and address newer issues such as digital trade. Negotiations included a number of digital trade issues such as market access for digital products, IPR protection and enforcement, cybersecurity, and regulatory cooperation among other things.¹⁰⁰ While the broader FTA negotiations are paused under the Trump Administration, digital trade is affected by other ongoing U.S. and EU initiatives and may be a focal point in any potential future negotiations between the United States and UK.

EU-U.S. Privacy Shield

The United States and EU have different legal approaches to information privacy that extends into the digital world. After extensive negotiations, the EU-U.S. Privacy Shield entered into force on July 12, 2016, creating a framework to provide U.S. and EU companies a mechanism to comply with data protection requirements when transferring personal data between the EU and the United States.¹⁰¹ Under the Privacy Shield program, U.S. companies can voluntarily self-certify compliance with requirements such as robust data processing obligations. The agreement includes obligations on the U.S. government to proactively monitor and enforce compliance by U.S. firms, establish an ombudsman in the U.S. State Department and set specific safeguards and limitations on surveillance. The United States and Switzerland also agreed to the Swiss-U.S. Privacy Shield, which will be "comparable" to the U.S.-EU agreement.¹⁰²

The Privacy Shield also involves an annual joint review by the United States and the EU, the first of which was completed in October 2017.¹⁰³ Under the review, the Commission found that the Privacy Shield is working but identified a list of recommendations for improvement, including asking Congress to incorporate the protections offered by Presidential Policy Directive (PPD)-28¹⁰⁴ with respect to non-U.S. persons in the reauthorization of the Foreign Intelligence Surveillance Act (FISA) (P.L. 112-238).

General Data Protection Regulation (GDPR)

A new EU General Data Protection Regulation (GDPR) enters into force on May 25, 2018, and will be directly applicable in all EU member states, establishing a single set of rules for data protection throughout the EU.¹⁰⁵ Among its provisions, the GDPR identifies what is a legitimate basis for data processing, sets rules regarding data retention and record keeping, requires some companies to hire Data Protection Officers, and establishes new rights for individuals to increase control over their data. The GDPR will apply to all firms doing business in the EU or firms processing the data of EU data subjects, regardless of the company location. While the EU published the final GDPR on May 4, 2016, less than a month before the implementation deadline, the majority of member states do not have the necessary laws and regulations in place to enact GDPR creating uncertainty for firms doing business in those markets.

While the EU has begun to release guidance documents,¹⁰⁶ U.S. industry has voiced concern about potential high cost of data storage and processing needed for compliance and also about the potentially high penalties that may be imposed for violations. Despite the lack of precise guidance, many companies began to analyze the EU regulation and take steps to implement its requirements. Amazon touts its compliance with GDPR requirements and aims to assist its Amazon Web Services (AWS) corporate customers, many of whom are small and medium businesses, with their own compliance.¹⁰⁷ To help comply with GDPR, Facebook issued clarified privacy policies and launched a privacy center tool to allow users to more easily control the data they share about themselves and continues to roll out additional updates and changes in response to GDPR requirements and scandals related to data breaches.¹⁰⁸ It is unclear if all of the changes will be only for users inside the EU and not for all users worldwide.¹⁰⁹ It may prove more challenging for SMEs to fully understand GDPR and comply with its notification and other requirements such as an individual's "right to be forgotten" and on data portability. The Administration,¹¹⁰ ICANN and other stakeholders have voiced concern that GDPR will limit legitimate business or cooperation efforts, and cybersecurity research or investigators and are seeking a carve-out.¹¹¹

Some have speculated that the Privacy Shield may become irrelevant once all U.S. companies handling EU residents' data comply with GDPR requirements, potentially simplifying compliance for companies and lessening the burden on U.S. government resources. Some observers note that the EU GDPR may become the de facto global privacy standard given its broad reach, that the United States does not have a comprehensive data privacy policy, and that some developing countries are looking to emulate the GDPR framework.

Digital Single Market (DSM)

Like the GDPR, EU policymakers are attempting to bring more harmonization across the region through the Digital Single Market (DSM). The DSM is an ongoing effort to unify the EU market, facilitate trade, and drive economic growth. The DSM has three pillars:

better online access to digital goods and services through cross-border online activity;

high-speed, secure, trustworthy infrastructure and a regulatory environment supporting investment and fair competition; and

ensuring the digital economy as a driver for growth through investment in infrastructure, research and innovation, and an inclusive society and skilled citizen.

The European Commission's strategy for a digital single market encompasses issues such as the portability of legally acquired content, cross-border data flows within the EU, copyright protection exceptions and limitations, intermediary liability, and enforcement. Some voice concern about the extent to which the finalized DSM regulations will be consistent with U.S. companies' interests. For example, a proposed update of the Audiovisual Media Services Directive (AVMSD) would impose a 30% minimum threshold for European content for Internet-based video on-demand providers.¹¹²

China With a fundamentally distinct approach to the Internet compared to western countries, China presents a number of significant opportunities and challenges for the United States in digital trade. The Chinese population is more than four times the size as the United States and China has over two and a half times the number of internet users (see Figure 7). U.S. firms may benefit from expanding digital trade in China, but they may also face numerous challenges in the Chinese market.

Figure 7. The U.S. and China Digital Trade Markets

Source: United Nations, Department of Economic and Social Affairs, Population Division (2017). World Population Prospects: The 2017 Revision, DVD Edition. Online sources: Tencent; China Internet Watch; Internetworldstats.com.

Internet Governance and the Concept of "Internet Sovereignty"

The Chinese government has sought to advance its views on how the Internet should be expanded to promote trade, but also to set guidelines and standards over the rights of governments to regulate and control the Internet, a concept it has termed "Internet Sovereignty."¹¹³ The Chinese government appears to have first advanced a policy of "Internet Sovereignty" around June 2010 when it issued a White Paper titled "the Internet of China," which stated:

Within Chinese territory the Internet is under the jurisdiction of Chinese sovereignty. The Internet sovereignty of China should be respected and protected. Citizens of the People's Republic of China and foreign citizens, legal persons and other organizations within Chinese territory have the right and freedom to use the Internet; at the same time, they must obey the laws and regulations of China and conscientiously protect Internet security.¹¹⁴

In 2014, the Chinese government established the Central Internet Security and "Informatization" Leading Group, headed by Chinese president Xi Jinping, to "strengthen China's Internet security and build a strong cyberpower." A year later, President Xi addressed an Internet conference stating: "We should respect the right of individual countries to independently choose their own path of cyber development, model of cyber regulation and Internet public policies, and participate in international cyberspace governance on an equal footing."¹¹⁵

Some analysts contend that China's Internet sovereignty initiative represents an assertion that the government has the right to fully control the Internet within China. Some see this as an attempt by the government to control information that is deemed a threat to social stability, in violation of the right to freedom of speech, which is guaranteed in China's Constitution. Other critics of China's Internet Sovereignty policy view it as an attempt by the government to limit market access by foreign Internet, digital, and high technology firms in China, in order to boost Chinese firms and reduce China's dependence on foreign technology. In 2010, Reuters reported that the USTR considered bringing a WTO dispute settlement case against China's Internet censorship of Google and other U.S. Internet providers in China.¹¹⁶ A Google White Paper issued in 2010 stated:

Limitations on the free flow of information and restrictive Internet regulations are a clear threat to open markets and trade. Governments that limit or block the flow of information threaten not only the ability of companies to access and compete in their markets, but also threaten the very traits of the Internet that have made it into an engine of economic growth and put at risk the ability of the Internet-related business to continue expanding their exports, employment, and innovation."¹¹⁷

A 2016 report by the USTR cited a number of Internet-related barriers. Outright blocking of websites appears to have worsened over the past year, with 8 of the top 25 most trafficked global sites now blocked in China. Examples of blocked sites include Google services (e.g., Gmail), Twitter, Facebook, YouTube, and The New York Times. An example of the unpredictability of China's Internet market occurred in April 2016, when Chinese regulators, for unexplained reasons, suspended Apple iTunes Movies and iBooks Store, and DisneyLife services that had been operating in China for months. In its recent FTAs, the United States has attempted to set new digital trade rules to eliminate these types of discriminatory practices and market access barriers. IP Theft

China is considered by most analysts to be the largest source of global theft of IP and a major source of cyber theft of U.S. trade secrets, including by government entities. A 2017 survey by the U.S.-China Business Council found that 94% of respondents said they were concerned about IPR in China. Major IPR issues of concern include: restrictions on cross-border data flows in Chinese regulations (65%); inability to utilize global IT solutions or non-Chinese cloud-based applications in China (55%); consumer or company data theft (53%); Internet service within China (speed, performance, and accessibility of non-Chinese websites); and IP theft (51%).¹¹⁸

In September 2015, the U.S. and Chinese governments reached a framework agreement on economic relations and technology, including IPR.¹¹⁹ Among the commitments, the parties agreed that regulations should be consistent with WTO commitments and that "neither country's government will conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors." Per the agreement, the parties established the U.S.-China High-Level Joint Dialogues on Cybercrime and Related Issues that has met regularly (see Figure 8). The effectiveness of the pledge and the ongoing dialogue is subject to debate.

Figure 8. U.S.-China High-Level Joint Dialogues on Cybercrime and Related Issues

Source: CRS based on Department of Homeland Security news releases.

Separate from the bilateral dialogues, the Chinese government pledged not to use recently-enacted cyber and national security laws and regulations to unfairly burden foreign ICT firms, or to discriminate against foreign ICT firms in the implementation of various policy initiatives to promote indigenous innovation in China. However, according to the USTR's 2017 report on China's WTO accession, China has not fulfilled all of its WTO market opening commitments. The USTR cited "significant declines in commercial sales of foreign ICT products and services in China," as evidence that China continued to maintain "mercantilist policies under the guise of cybersecurity."¹²⁰ Some Chinese laws or proposals include language stating that critical information infrastructure should be "secure and controllable," an ambiguous term that has not been precisely defined by Chinese authorities. Other proposals appear to lay out policies that would require ICT foreign firms to hand over proprietary information. According to the U.S. Department of Commerce:

The policies set forth in these measures could cause long-term damage to U.S. businesses trying to sell ICT products into China, a market estimated to be worth about $465 billion this year. They also could add significant costs to foreign ICT companies operating in China and could prevent them from supplying the China market with the most technologically advanced and reliable products.¹²¹

In December 2016, the Chinese government issued a National Cybersecurity Strategy, which emphasized China's view of cyber sovereignty and its right to promulgate policies in line with its own priorities and that no other country should interfere in its cyberspace.¹²²

Examples of recently passed or proposed measures of concern to foreign ICT firms include:

Cyber Security Law, passed by the government on November 7, 2016 (effective June 1, 2017), ascertains the principles of cyberspace sovereignty;¹²³ defines the security-related obligations of network product and service providers; further enhances the rules for protection of personal information; establishes a framework of security protection for "critical information infrastructure;" and establishes regulations pertaining to cross-border transmissions of important data by critical information infrastructure.¹²⁴

Some analysts have expressed concerns that one of the main goals of the new law is to promote the development of indigenous technologies and impose restrictions on foreign firms and many multinational companies continue to voice concerns about the lack of clarity of the law's requirements, how the law will be interpreted and implemented through subsequent regulations, and to what extent it will impact their operations in China.

National Security Law, enacted in July 2015, emphasizes the State's role in driving innovation and reviewing "foreign commercial investment, special items and technologies, internet information technology products and services, projects involving national security matters, as well as other major matters and activities, that impact or might impact national security."¹²⁵

Such restrictions could have a significant impact on U.S. ICT firms. According to BEA, U.S. exports of ICT services and potentially ICT-enabled services (i.e., services that are delivered remotely over ICT networks) to China totaled $12.8 billion in 2015.¹²⁶ A U.S. Chamber of Commerce report contends that a decision by China to "purge foreign ICTs" would reduce China's annual GDP by 1.77%, or at least $200 billion (based on 2015 GDP), and would cost the economy at a minimum nearly $3 trillion overall by 2025.¹²⁷

On August 14, 2017, President Trump issued a Presidential Memorandum directing the USTR to determine whether it should launch a Section 301 investigation into China's IPR policies and forced technology transfer polices to determine their impact on U.S. economic interests.¹²⁸ On March 22, 2018, President Trump signed a Memorandum on Actions by the United States Related to the Section 301 Investigation that identified four broad IPR-related policies that justified U.S. action under Section 301, stating that China:

• 1. Uses joint venture requirements, foreign investment restrictions, and administrative review and licensing processes to force or pressure technology transfers from American companies;
• 2. Uses discriminatory licensing processes to transfer technologies from U.S. companies to Chinese companies;
• 3. Directs and facilitates investments and acquisitions which generate large-scale technology transfer; and
• 4. Conducts and supports cyber intrusions into U.S. computer networks to gain access to valuable business information.
• 5. The USTR estimates such policies cost the U.S. economy at least $50 billion annually. Under the Section 301 action, the Administration proposed to (1) implement a 25% ad valorem tariffs on certain Chinese imports (which in sum are comparable to U.S. trade losses); (2) initiate a WTO dispute settlement case against China's "discriminatory" technology licensing (which it did on March 23); and (3) propose new investment restrictions on Chinese efforts to acquire sensitive U.S. technology.¹²⁹ For example, Chinese acquisitions of U.S. semiconductor companies have come under scrutiny by the Administration and Congress recently.¹³⁰ China and the United States initiated a discussion on these trade and other trade concerns in May 2018.¹³¹

Digital Trade Provisions in Trade Agreements As the above analysis of EU and China policies demonstrate, there is not a single set international of rules or disciplines that govern key digital trade issues, and the topic is treated inconsistently, if at all, in trade agreements. As digital trade has emerged as an important component of trade flows, it has risen in significance on the U.S. trade policy agenda and that of other countries. Given the stalemate in the WTO multilateral negotiations, trade agreements have not kept pace with the complexities of the digital economy and digital trade is treated unevenly in existing WTO agreements. More recent bilateral and plurilateral deals have started to address digital trade policies and barriers more comprehensively. The use of digital trade provisions in bilateral and plurilateral trade negotiations may help spur interest in the creation of future WTO frameworks that focus on digital trade.

WTO Provisions

While no comprehensive agreement on digital trade exists in the WTO, other WTO agreements cover some aspects of digital trade.

General Agreement on Trade in Services (GATS)

The WTO General Agreement on Trade in Services (GATS) entered into force in January 1995, predating the current reach of the Internet and the explosive growth of global data flows. GATS includes obligations on nondiscrimination and transparency that cover all service sectors. The market access obligations under GATS, however, are on a "positive list" basis in which each party must specifically opt in for a given service sector to be covered.¹²³

132

As GATS does not distinguish between means of delivery, trade in services via electronic means is covered under GATS. While GATS contains explicit commitments for telecommunications and financial services that underlie e-commerce, digital trade and information flows and other trade barriers are not specifically included. Given the positive list approach of GATS, coverage across members varies and many newer digital products and services did not exist when the agreements were negotiated.

Addressing new topics like e-commerce and data flows has been raised but not yet formalized in the WTO. The 10th Ministerial Conference of the WTO, in December 2015 The 11^th WTO Ministerial Conference in Buenos Aires, Argentina in December 2017, concluded with no clear path forward for the Doha Development Agenda (DDA)comprehensive multilateral negotiations, reflecting an ongoing wide division among members. Most developing countries want to continue the DDA round that links the broad spectrum of agricultural and nonagricultural issues, maintaining that unless all issues are addressed in a single package, issues important to developing countries will be ignored.

Conversely, advanced economies, including the United States and EU, have pushed for an end to the long-stalled round, arguing that the Doha agenda has proven untenable and that a different approach is needed in order to address new issues including e-commerce and data flows. While members claim to remain committed to addressing the outstanding issues of the round, both agricultural and nonagricultural, the Nairobi Ministerial Declaration acknowledged the division over the future of the Doha Round, and failed to reaffirm its continuation, leaving its future uncertain.¹²⁴

Information Technology Agreement (WTO ITA)

The World Trade Organization (WTO) Information Technology Agreement (ITA) aims to eliminate tariffs on the goods that power and utilize the InternetAdvanced economies have pushed for change in the negotiating dynamics, arguing that the WTO needs to address new issues, such as digital trade and investment, especially given the growth of major emerging markets.

On the sidelines of the Ministerial, a group of over 70 WTO members, including the United States, agreed to "initiate exploratory work together toward future WTO negotiations on trade related aspects of electronic commerce."¹³³ USTR supported the movement toward plurilateral efforts stating, "...the United States is pleased to work with willing Members on e-commerce, scientific standards for agricultural products, and the challenges of unfair trade practices that distort world markets."¹³⁴ Members are currently discussing which aspects of digital trade they will address in any negotiations. The United States put forth its objectives including market access, data flows, fair treatment of digital products, protection of intellectual property and digital security measures, and intermediary liability, among others.¹³⁵

Declaration on Global Electronic Commerce

In May 1998, WTO members established the "comprehensive" Work Programme on Electronic Commerce "to examine all trade-related issues relating to global electronic commerce, taking into account the economic, financial, and development needs of developing countries."¹³⁶ The 1998 declaration establishing the program also included a statement that "members will continue their current practice of not imposing customs duties on electronic transmission."¹³⁷

With the stalling of broader WTO negotiations, multiple members submitted proposals under the existing WTO Work Programme on Electronic Commerce to advance multilateral digital trade negotiations. The U.S. proposal under the Obama Administration reflected and built on the provisions included in the Trans-Pacific Partnership (see below), such as prohibiting digital customs duties and enabling cross-border data flows. China put forward a proposal in which it seeks "to clarify and to improve the application of existing multilateral trading rules" with a focus on facilitating e-commerce.¹³⁸ The EU stated that the WTO should focus on consumer protection, non-discrimination and market access online, trade facilitation, and transparency. India's proposal was the most narrow, suggesting that the WTO focus on the original work program. During the 2017 Ministerial meeting, members reached consensus only on extending the customs duties moratorium and continuing on the existing workplan.¹³⁹

Information Technology Agreement (ITA) The WTO Information Technology Agreement (ITA) aims to eliminate tariffs on the goods that power and utilize the Internet, lowering the costs for companies to access technology at all points along the value chain. Originally concluded in 1996, the ITA was expanded during the WTO's Tenth Ministerial Conference in December 2015, entering into force in July 2016. The expanded ITA is a plurilateral agreement among 54 developed and developing WTO members who account for over 90% of global trade in these goods. Some WTO members, such as Vietnam and India, are party to the original ITA, but did not join the expanded agreement. Like the original ITA, the benefits of the expanded agreement will be extended on a most-favored nation (MFN) basis to all WTO members.

The expanded ITA will eliminateeliminates tariffs on 201 additional IT products valued at over $1.3 trillion per year.¹²⁵140 The increased coverage includes, for example, many consumer electronics, new generation semi-conductorssemiconductors (multi-component semiconductors, or MCOs), and medical instruments like magnetic resonance imaging (MRI). According to the U.S. Trade Representative (USTR)USTR, the agreement will provide duty-free access to $180 billion in annual U.S. exports.¹²⁶141 The parties also agreed to review the agreement's scope no later than 2018 to determine if additional product coverage is warranted as technology evolves, and have also begun to look at non-tariff barriers.

While the WTO ITA is expected to expandhas expanded trade in the technology products that underlie digital trade, it does not tackle the nontariff barriers that can pose significant limitations.

Declaration on Global Electronic Commerce

In May 1998, WTO members established the "comprehensive" Work Programme on Electronic Commerce "to examine all trade-related issues relating to global electronic commerce, taking into account the economic, financial, and development needs of developing countries."¹²⁷ The 1998 declaration establishing the program also included a statement that "members will continue their current practice of not imposing customs duties on electronic transmission."¹²⁸

Reflecting the lack of agreement in the final WTO Ministerial Declaration, the latest report for the work program stated that there was not consensus on how to move forward beyond the information sharing stage to identify specific outcomes or recommendations.¹²⁹ In the draft decision in November 2015, members agreed to continue periodic reviews of the work program, the current moratorium on customs duties on electronic transmissions, and having the other WTO bodies explore the relationship between existing WTO agreements and e-commerce based on proposals submitted by members.¹³⁰

Agreement on Trade-Related Aspects of Intellectual Property Rights (TRIPS)

The TRIPS Agreement, signed on April 15, 1994, and Agreement on Trade-Related Aspects of Intellectual Property Rights (TRIPS) The TRIPS Agreement, in effect since January 1, 1995, provides minimum standards of IPR protection and enforcement. The TRIPS Agreement does not specifically cover IPR protection and enforcement in the digital environment, but arguably has application to the digital environment and sets a foundation for IPR provisions in subsequent U.S. trade negotiations and agreements, many of which are "TRIPS-plus."

The TRIPS Agreement covers copyrights and related rights (i.e., for performers, producers of sound recordings, and broadcasting organizations), trademarks, patents, trade secrets (as part of the category of "undisclosed information"), and other forms of IP. It builds on international IPR treaties, dating to the 1800s, administered by the World Intellectual Property Organization, or WIPO (see below). TRIPS incorporates the main substantive provisions of WIPO conventions by reference, making them obligations under TRIPS. WTO members were required to fully implement TRIPS by 1996, with exceptions for developing country members by 2000 and least-developed-country (LDC) members until July 1, 2021, for full implementation.¹³¹142

TRIPS aims to balance rights and obligations between protecting private right holders' interests and securing broader public benefits. It includes provisions on

• WTO nondiscrimination principles (national treatment and most-favored-nation);
• minimum standards of protection for IPR, such as copyright protection terms for the life of the author plus 50 years;
• minimum standards of enforcement of IPR through civil actions for infringement, border enforcement, and criminal actions;
• applying the WTO's binding Dispute Settlement Mechanism to IPR disputes; and,
• requiring developed countries to provide incentives for technology transfers to LDCs "to enable them to create a sound and viable technological base."

Among otherAmong its provisions, the TRIPS section on copyright and related rights includes specific provisions on computer programs and compilations of data. It requires protections for computer programs—whether in source or object code—as literary works under the WIPO Berne Convention for the Protection of Literary and Artistic Works (Berne Convention). TRIPS also clarifies that databases and other compilations of data or other material, whether in machine readable form or not, are eligible for copyright protection even when the databases include data not under copyright protection.¹³²

143

Like the GATS, TRIPS predates the era of ubiquitous Internet access and commercially significant e-commerce. TRIPS includes a provision for WTO members to "undertake reviews in the light of any relevant new developments which might warrant modification or amendment" of the agreement. The TRIPS Council has engaged in discussions on the agreement's relationship to electronic commerce as part of the WTO Work Programme on Electronic Commerce, focusing on protection and enforcement of copyright and related rights, trademarks, and new technologies and access to these technologies.¹³³144

World Intellectual Property Organization (WIPO) Internet Treaties

The World Intellectual Property Organization (WIPO) has been a primary forum to address IP issues brought on by the digital environment since the TRIPS Agreement. The WIPO Copyright Treaty and WIPO Performances and Phonograms Treaty—often referred to jointly as the WIPO "Internet Treaties"—established international norms regarding IPR protection in the digital environment. These treaties were agreed to in 1996 and entered into force in 2002, but are not enforceable, including under WTO dispute settlement. Shaped by TRIPS, the WIPO Internet Treaties are intended to clarify that existing rights continue to apply in the digital environment, to create new online rights, and to maintain a fair balance between the owners of rights and the general public.¹³⁴145

Key features of the WIPO Internet Treaties include provisions for legal protection and remedies against circumventing TPMs, such as encryption, and against the removal or alteration of rights management information (RMI), which is data identifying works or their authors necessary for them to manage their rights (e.g., for licenses and royalties).

The liability of online service providers and other communication entities that provide access to the Internet was contested in the negotiations on the WIPO Internet Treaties. An "agreed statement" regarding Article 8 of the WIPO Copyright Treaty sought to clarify the issue by providing that "the mere provision of physical facilities for enabling or making a communication [e.g., wires, telephone lines, modems] does not in itself amount to communication within the meaning of this Treaty or the Berne Convention...." TheIn the end, WIPO Internet Treaties leave it to the discretion of national governments to develop the legal parameters for Internet Service Provider (ISP)ISP liability.¹³⁵

146

As of April 2016December 2017, the WIPO Internet Treaties had 9496 contracting parties. The United States implemented the WIPO Internet Treaties through the Digital Millennium Copyright Act of 1998 (DMCA) (H.R. 2281), which set new standards for protecting copyrights in the digital environment, including prohibiting the circumvention of anti-piracy measures incorporated into copyrighted works and enforcing such violations through civil, administrative, and criminal remedies.¹³⁶147 The DMCA also, among other things, limits remedies available against ISPs that unknowingly transmit copyright infringing information over their networks by creating certain "safe harbors."¹³⁷148 The United States has continued to call on trading partners, such as CanadaTurkey and Mexico, to fully implement the WIPO Internet Treaties.¹³⁸

Future Sectoral Approaches

With the stalling of the Doha Round of negotiations, WTO members and experts have raised various options to address emerging issues such as digital trade. Ideas include the following:

• Updating the rules within the WTO framework to address digital trade.¹³⁹ Options could include expanding the multilateral GATS to cover cross-border data flows, technology transfer, or greater market access issues. Others support using the existing plurilateral WTO ITA, Telecommunications, or the Trade Facilitation Agreement to address digital trade and tackle barriers ranging from tariffs to express delivery and mobile services.
• Establishing a permanent WTO working group dedicated to exploring digital issues, possibly based on the current Work Programme, or to create a new stand-alone trade agreement specific to data services or digital trade, possibly initially as an open plurilateral deal.
• Creating a separate digital trade-specific WTO agreement, an "e-WTO" as some have suggested. USTR Ambassador Froman noted that "[n]ew rules on critical 21st century issues, such as e-commerce and the digital economy, are emerging.... a better path forward is a new form of pragmatic multilateralism. Moving beyond Doha doesn't mean leaving its unfinished business behind. Rather, it means bringing new approaches to the table."¹⁴⁰

In July 2016, the United States put forward a submission under the WTO Work Programme on Electronic Commerce offering "trade-related policies that can contribute meaningfully to the flourishing of trade through electronic and digital means" but without specific negotiating proposals.¹⁴¹ The 16 policies included in the U.S. submission align with the proposed Trans-Pacific Partnership (see below), such as prohibiting digital customs duties and enabling cross-border data flows. The policies focus on eliminating or preventing trade barriers and establishing a transparent, adaptable framework for digital trade. The policies also recognize the need for balancing digital trade with other priorities such as protection of consumer data, security, and law enforcement.¹⁴²

Similarly, China put forward a proposal in November 2016 in which it seeks "to clarify and to improve the application of existing multilateral trading rules" with a focus on facilitating e-commerce.¹⁴³

U.S. Bilateral and Plurilateral Agreements

149 U.S. Bilateral and Plurilateral Agreements As traditional trade policy does not clearly reflect the pervasiveness of the digital economy, and data is increasingly incorporated into international trade, the line between goods and services, and the application of the existing multilateral trade agreement system is not always clear. As discussed above, the WTO agreements provide limited treatment of some aspects of digital trade. The stalled Doha Roundmultilateral negotiations and the desire by some parties to address new topics such as e-commerce are two of the drivers behind the growth of bilateral and plurilateral trade agreements inside and outside of the WTO. The United States has included, and continues to expand on, digital trade provisions sought to establish new rules and disciplines on digital trade in its bilateral and plurilateral trade negotiations.

Existing U.S. Free Trade Agreements (FTAs)

The United States has included an e-commerce chapter in its FTAs since it signed an agreement with Singapore in 2003 that has progressively evolved.¹⁵⁰.¹⁴⁴ The e-commerce chapter of U.S. FTAs usually begins by recognizing e-commerce as an economic driver and the importance of removing trade barriers to e-commerce.¹⁴⁵151 Most chapters contain provisions on nondiscrimination of digital products, prohibition of customs duties, transparency, and cooperation topics such as SMEs, cross-border information flows, and promoting dialogues to develop e-commerce. Some of the FTAs also include cooperation on consumer protection, as well as providing for electronic authentication and paperless trading. All FTAs allow certain exceptions to ensure that each party is able to achieve legitimate public policy objectives, protecting regulatory flexibility.

The U.S.-South Korea FTA (KORUS) contains the most robust digital trade provisions in a U.S. FTA currently in force.¹⁴⁶152 In addition to the provisions in prior FTAs, KORUS includes provisions on access and use of the Internet to ensure consumer choice and market competition. Most significantly, KORUS was the first attempt in a U.S. FTA to explicitly address cross-border information flows. The e-commerce chapter contains an article that recognizes its importance and discourages the use of barriers to cross-border data but does not mention explicitly localization requirements. The financial services chapter of KORUS also contains a specific, enforceable commitment to allow cross-border data flows "for data processing where such processing is required in the institution's ordinary course of business."¹⁴⁷

The Proposed Trans-Pacific Partnership (TPP) Agreement

The Trans-Pacific Partnership (TPP) is a proposed FTA among 12 Asia-Pacific countries, including both developed and developing countries. The agreement has economic and strategic significance for the United States and was officially signed on February 4, 2016.¹⁴⁸ Congress must pass implementing legislation before the TPP agreement can take effect in the United States. In considering TPP, Congress may weigh whether the agreement makes enough progress in achieving the TPA negotiating objectives on digital trade to merit passage of implementing legislation.

The proposed TPP goes beyond the digital trade153

In 2018, the Trump Administration and South Korea agreed to modify the agreement, but no changes were made to provisions directly impacting digital trade.

Trans-Pacific Partnership (TPP) Agreement

On January 24, 2017, President Trump withdrew the United States from the Trans-Pacific Partnership (TPP). The TPP was a proposed FTA among 12 countries in the Asia-Pacific region, including the United States. The 11 remaining TPP countries concluded a revised Comprehensive and Progressive Agreement for Trans-Pacific Partnership (CPTPP or TPP-11) based on the TPP and planned to come into force without the United States that kept in-tact the digital-trade related provisions (but excluded select IPR commitments).¹⁵⁴

The TPP-11 includes commitments to address barriers to digital trade beyond the provisions in KORUS and earlier U.S. FTAs. Overall, the agreement aims to promote digital trade, promote the free flow of information, and ensure an open Internet. Provisions related to digital trade are included in multiple chapters of the TPP (e.g., e-commerce, financial services, telecommunications, technical barriers to trade, intellectual property rights), showing the complexity of digital trade barriers and issues. The CPTPP encourages parties to become members of the tariff-eliminating WTO Information Technology Agreement. In reviewing the TPP, the Industry Trade Advisory Committee on Information and Communication Technologies Services and Electronic Commerce (ITAC 8) endorsed the agreement, finding that the TPP promotes the economic interests of the United States, and provides equity and reciprocity for the sectors represented by the ITAC.¹⁴⁹

The proposed TPP The TPP-11 has several digital trade-related innovations for trade agreements, including:

• Prohibits cross-border data flow restrictions and data localization requirements, except for financial services and government procurement.
• Prohibits requirements for source code disclosure or transfer as a condition for market access, with exceptions.
• Requires parties to have online consumer protection and anti-spam laws, and a legal framework on privacy.
• Prohibits requiring technology transfer or access to proprietary information for products using cryptography.
• Clarifies IPR enforcement rules to provide criminal penalties for trade secret cybertheft.
• Encourages cooperation between parties on e-commerce to assist SMEs, and on privacy and consumer protection.
• Promotes cooperation on cybersecurity.
• Safeguards cross-border electronic card payment services.
• Covers mobile service providers and promotes cooperation for international roaming charges.

In addition to excluding government procurement, TPP allows for exceptions to its digital trade commitments to achieve legitimate public policy goals such as protecting health, safety, and national security. Like other FTAs, the TPP also includes annexes of nonconforming measures in which each country negotiates to exclude specific regulations, laws, or sectors from its agreement obligations. For example, Japan includes national security screening requirements on "telecommunications and internet based services."¹⁵⁰ Unless a country takes an exception through a nonconforming measure, the "negative" list approach of TPP would ensure that new services or innovations would be covered under the agreement obligations.

For the first time, TPP would require parties to have a legal framework to protect personal information. TPP critics contend that the provisions are vague and do not contain an explicit minimum standard for privacy protection. Supporters note that TPP includes a reference to take into account "guidelines of relevant international bodies" that may include the Asia-Pacific Economic Cooperation (APEC) Privacy Framework.¹⁵¹

While most industry advocates support TPP, critics point out that financial services are not covered by the overall e-commerce chapter. The financial services chapter, instead, includes a separate provision covering cross-border data flows based on the language in KORUS, but it does not contain a prohibition on localization requirements similar to the e-commerce chapter.¹⁵²

On November 21, 2016, President-elect Donald Trump announced his intent to withdraw from the proposed TPP once in office.¹⁵³

The agreement requires parties to have a legal framework to protect personal information. Critics contend that the provisions are vague and do not contain an explicit minimum standard for privacy protection. Supporters note the reference to take into account "guidelines of relevant international bodies" that may include the Asia-Pacific Economic Cooperation (APEC) Privacy Framework.¹⁵⁵ North American Free Trade Agreement (NAFTA)

Like the WTO agreements, NAFTA predated mass usage of the Internet, having entered into force on January 1, 1994.¹⁵⁶ In May 2017, the Trump Administration notified Congress of its intent to begin talks with Canada and Mexico to renegotiate and modernize NAFTA, providing an opportunity to address digital trade.¹⁵⁷ USTR's updated negotiating objectives are similar to TPP (see above) and include language for mandating nondiscriminatory treatment of digital products transmitted electronically; prohibiting restrictions on cross-border data flows or imposition of localization requirements for servers; preventing mandated disclosure of source code or algorithms; proscribing customs duties for digital products delivered electronically; and preventing or eliminating government involvement in cybertheft of intellectual property.¹⁵⁸

As all NAFTA parties were involved in the TPP negotiations and Mexico and Canada are members of the TPP-11, some have suggested the TPP text could provide a starting point. Some stakeholders contend that a revised NAFTA should go beyond the TPP provisions, such as setting a de minimis threshold equal to that in U.S. law to encourage e-commerce exports by U.S. small and mid-size businesses.¹⁵⁹ Others have advocated that NAFTA require that each party have a cybersecurity legal framework. NAFTA negotiations are ongoing.

Trade in Services Agreement (TiSA) Negotiations

Negotiations on a proposed plurilateral Trade in Services Agreement (TiSA) were launched in April 2013, and are occurring outside of the WTO, with a goal of concluding the agreement in 2017.¹⁵⁴.¹⁶⁰ The 23 TiSA participants account for about 70% of world trade in services and include the United States, EU, and Australia. Some key major emerging markets, including Brazil, China, and India, are not currently parties to the TiSA negotiations.

While nondiscrimination (MFN) applies to all services sectors, in TiSA, unlike TPP, market liberalization commitments are being negotiated under a hybrid approach. That is, specific market access obligations to liberalize service markets are being negotiated under a positive list in which parties "opt in" specific service sectors, while national treatment obligations are being negotiated under a negative list (in which parties may "opt out" certain sectors or sub-sectors). The positive list may be viewed as less ambitious because new inventions or sectoral innovations would not be covered under TiSA unless they are explicitly added in the future, a potential concern in the quickly evolving world of digital trade.

Though the final structure and sectors to be covered in TiSA remain under negotiation, setting common rules for digital trade is a key interest of the United States. The chapter or annex on digital trade or e-commerce would likely address trade barriers to cross-border data flows, consumer online protection, and interoperability, among other areas, similar to the provisions in the proposed TPP.¹⁵⁵161 Two obstacles in TiSA negotiations, however, have been the EU's reluctance to put forward a proposal on data flows or to commit to including "new services" (many of which are likely to be digital) under TiSA non-discrimination obligations.¹⁵⁶

162

Requiring regulatory cooperation and ongoing dialogue on digital trade issues between TiSA members could provide a path forward without changing existing laws in each TiSA country. Negotiators could decide to include international regulatory cooperation on matters of cybersecurity or in support of small and mid-sized enterprises as in TPP. Negotiators may aim for language that is open enough to enable non-discriminatory and open trade and address evolving technology, but concrete enough for regulators to protect privacy and safeguard cybersecurity. trade and address evolving technology, but concrete enough for regulators to protect privacy and safeguard cybersecurity. While technical discussions continue, negotiations are on pause until the Trump Administration decides how it wishes to proceed.

Transatlantic Trade and Investment Partnership (T-TIP) Negotiations

T-TIP is a potential FTA that the United States and the EU began negotiating in 2013 to reduce and eliminate tariff and nontariff barriers on goods, services, and agriculture, as well as to establish globally relevant trade rules and disciplines that expand on WTO commitments and address newer issues. Digital trade is a key area of interest because of its significance to transatlantic trade. Services that can be delivered over the Internet constitute the majority of U.S. and EU services exports to each other.¹⁵⁷ Presently, T-TIP negotiations are on pause until the Trump Administration decides how it wishes to proceed.

If negotiations continue, T-TIP could address digital trade issues in a number of areas. In addition to provisions to provide enhanced market access for digital products,¹⁵⁸ a potential T-TIP could include commitments addressing non-tariff barriers to digital trade. Provisions on regulatory cooperation could include both sector-specific commitments (e.g., for the ICT sector) and horizontal commitments (e.g., on stakeholder input, transparency). The United States and the EU have "different legal traditions, regulatory paths, market outcomes," and policymaking approaches that constrain integration of a transatlantic digital economy. Another area of focus could be enhanced rules and disciplines governing digital trade, such as commitments on facilitating data flows across borders and addressing localization requirements (e.g., data storage or server location requirements). Other features of a potential T-TIP could include rules to protect and enforce IPR, including copyrights, balanced against limitations on ISP liability and "fair use" exceptions. Such IPR rules could protect against forced transfers of source code, or establish criminal procedures for cyber theft, among other things.

U.S.-EU engagement on digital trade issues in a potential T-TIP may be complicated or influenced by a number of other factors, such as the EU's "Digital Single Market" initiative, new and revised EU policies on data protection, the EU-U.S. Privacy Shield implementation, and the UK's decision to leave the EU ("Brexit"). Digital trade issues also may be a focal point in any potential future bilateral FTA negotiations between the United States and UK.

Other International Forums for Digital Trade

Given the cross-cutting nature of the digital world, digital trade issues touch on other policy objectives and priorities, such as privacy and national security. While U.S. and international trade agreements may be one way for the United States to instill firm obligations with trading partnersestablish market opening and new rules and disciplines to govern digital trade, not every issue is necessarily suitable for an international trade agreement and not every international partner is ready, or willing, to take on such commitments. In other international forums outside of trade negotiations, other tools can be used to encourage high-level, non-binding best practices and principles and align expectations.

G-20. The influential Group of 20 (G-20) is one venue for establishing common principles and digital issues have been on their agenda recently.¹⁵⁹ At their November 2015 meeting, the G-20 leaders issued a statement that included new provisions on the Internet economy, recognizing the opportunities and challenges presented to global economic growth and development, affirming not to conduct or support ICT-enabled IP theft for commercial competitive advantage, and acknowledging the need to respect and protect privacy.¹⁶⁰ China is the 2016 host for the G-20 and selected the theme "Towards an Innovative, Invigorated, Interconnected and Inclusive World Economy," opening the opportunity for further conversation on the digital economy and the chance to set global norms.

G-7. The G-7 ICT Ministers met in Japan in April 2016 and issued a Joint Declaration, stressing principles including the importance of investment in infrastructure, digital literacy, and accessibility; promoting cross-border data flows, privacy and data protection, and cybersecurity; and fostering innovation through open markets, interoperable standards, protecting IP, and facilitating research and development.¹⁶¹ The United States could work with G-7 partners to incorporate these principles into the broader G-20.

163 At the 2017 meeting, the G-20 leaders issued a communique with a commitment to "ensure effective competition" including openness, transparency, international standards, and interoperability. They also recognized the importance of consumer protection, IPR, privacy, and security.

OECD. The OECD offers yet another forum to discuss principles and norms to ensurefacilitate a thriving digital economy. The June 2016 Ministerial Meeting in Mexico, titled "Digital Economy: Innovation, Growth and Social Prosperity," addressed an open Internet and data flows; infrastructure and connectivity; digital trust; and workforce skills.¹⁶²164 The Ministerial Declaration included recognizing the growth and transforming impact of the digital economy as well as evolving challenges, and declared support of the free flow of information, innovation and emerging technologies, and the need to build trust, reduce impediments to e-commerce, and enable opportunities.¹⁶³165 The declaration also acknowledged the need to balance public policy objectives and incorporate a whole-of-society perspective. The United States could work with OECD partners to reinforce these principles by defining specific action plans or commitments. The OECD issued a series of reports in 2017 related to digital trade including an assessment of the digital transformation of each OECD economy.¹⁶⁶ The report identified specific challenges and recommendations, including establishing a national digital strategy.

APEC. The Asian Pacific Economic Cooperation (APEC) forum presents another opportunity for sharing best practices and setting high-level principles on issues that may be of greater concern to developing countries with less advanced digital economies and industry.¹⁶⁴167 The APEC Electronic Commerce Steering Group (ECSG) coordinates e-commerce activities for APEC and promotes the development and use of e-commerce legal, regulatory and policy environments that are predictable, transparent, and consistent. Within the ECSG, APEC is developing and implementing a Cross-Border Privacy Rules (CBPR) system to be consistent with the already established APEC Privacy Framework.¹⁶⁵ While APEC initiatives are regionally 168 According to BSA, most countries across the globe have data protection frameworks based on either the APEC CBPR system or the EU regime, but some countries still lack privacy laws.¹⁶⁹ Currently, the United States, Canada, Mexico, South Korea, Japan, and Singapore are full participants in the CBPR system, while Taiwan and Philippines have announced plans to participate. Some observers view CBPR, which aims to reflect a diversity of national privacy regimes, as a scalable solution that could potentially be adopted multilaterally. Others may view the EU regime as a more comprehensive, top-down approach. While APEC initiatives are regionally-focused, because they reflect economies at different stages of development and include industry participation, they can provide a basis to scale up to larger global efforts. Due to its voluntary nature, APEC can serve as an incubator for potential plurilateral agreements. As such, by maintaining U.S. involvement in APEC, the United States can guide efforts to establish principles and norms in the region and subsequent roll-out worldwide.

Regulatory cooperation. Congress could consider having U.S. regulatory agencies that cover specific aspects of digital trade (e.g., U.S. Federal Trade Commission, Customs and Border Protection) work with overseas counterparts to better align regulatory requirements and reduce Regulatory cooperation. Ongoing regulatory cooperation efforts are another important tool for addressing differences between parties, better aligning regulatory requirements and reducing inconsistencies and redundancies that can hamper or discriminate against the free flow of data, goods, and services. Online privacy, consumer protection across bordersThese forums provide an opportunity for U.S. agencies to work directly with overseas counterparts and focus on specific aspects of digital trade such as online privacy, consumer protection, and rules for online contract formation and enforcement are potential areas for regulatory cooperation. The EU-U.S. Privacy Shield is one example of regulatory authorities working together to address such issues.

Policy Issues for Congress

Policy questions continue to evolve as the Internet-driven economy and innovations grow. Digital trade is intimately connected to and woven into all parts of the U.S. economy and overlaps with other sectors, requiring policymakers to balance many different objectives. For example, digital trade relies on cross-border data flows, but policymakers must balance open data flows with public policy goals such as protecting privacy, supporting law enforcement, and improving personal and national security and safety.

The complexity of the debate related to cross-border data flows involves complementary and competing interests and stakeholders. Companies and individuals who seek to do business abroad, and trade negotiators who seek to open markets, are concerned with may focus on maintaining open market access, which may include cross border data flows, while others may want to limit foreign competition. Privacy advocates may focus on protecting personal information. Meanwhile, law enforcement and defense advisors may seek the ability to access or limit information flows based on national security interests.

Digital trade raises numerous complex issues of potential interest to Congress with potential legislative and oversight implications. Issues include the following:

• Assessing if U.S. agencies have the necessary tools to accurately measure the size and scope of digital trade in order to analyze the impact of potential policies.
Understanding of the economic impact of digital trade on the U.S. economy and the effects of localization and other digital trade barriers on U.S. exports, jobs, and competition.
• Examining how best to balance an individual's right to privacy for conduct online Effectively addressing important digital trade barriers and cybertheft.
• Considering if the United States would benefit from overarching digital privacy policy and what lessons can be drawn from other country's experiences.
Examining how best to balance market openness with other policy goals such as right to privacy and the government's need for access to protect safety and national security.
• Considering how best to assure public confidence and trust in network reliability and security that underlie the global digital economy and allow it to effectively and efficiently function.
• Reviewing what government policies to pursue with the private sector to support innovation and economic growth in digital trade both domestically and internationally.
• Examining the evolving U.S. trade policy efforts including the EU-U.S. Privacy Shield, proposed TPP, and WTO policy principles to determine if these mechanisms establish an appropriate balance among public policy objectives, and conducting oversight of implementation should they enter into force.
• Assessing if China is abiding by its commitments in the bilateral cyber agreement and on market access for U.S. ICT firms, as well as the effectiveness of the bilateral cyber dialogue.
• Reviewing federal-level efforts related to digital trade, such as the Department of Commerce's Digital Economy Agenda or infrastructure programs, and determining if changes to current plans or funding levels are needed.
• Conducting oversight of federal agencies in terms of roles and competencies related to digital trade, such as those organizations charged with coordinating federal efforts on IPR or law enforcement; trade negotiations and enforcement; and cybersecurity.

Examining evolving U.S. trade policy efforts, including NAFTA and WTO plurilateral efforts in addressing U.S. trade barrier concerns, and setting new rules and disciplines, as well as potential standard-setting practices that may have global reach, including by the EU and China.

Assessing the effectiveness of the U.S.-China bilateral cyber dialogue, including review the Trump Administrations Section 301 actions and other bilateral efforts.

Author Contact Information

Acknowledgments

Special acknowledgement to Gabriel Nelson for tariff research and to Amber WilhelmAmber Wilhelm, Edward Gracia, Jennifer Roscoe for creation of the graphics.

Footnotes

ITU, ICT Facts and Figures 2017, 2017, http://www.itu.int/en/ITU-D/Statistics/Pages/facts/default.aspx 12. 31. 35. 38. 46. 54. 57. 67. 71. 74. 2018. 95. 99. 102. 105.

Office of the U.S. Trade Representative, U.S. and WTO Partners Announce Final Agreement on Landmark Expansion of Information Technology Agreement, December 2015, https://ustr.gov/about-us/policy-offices/press-office/press-releases/2015/december/US-WTO-Partners-Announce-Final-Agreement-on-Expansion-ITA.

. 160. 167.

1.	James Manyika, et al., Digital globalization: The new era of global flows, February 2016, http://www.mckinsey.com/business-functions/mckinsey-digital/our-insights/digital-globalization-the-new-era-of-global-flows?cid=other-eml-alt-mgi-mck-oth-1602.
2.	Susan Ariel Aaronson, The Digital Trade Imbalance and Its Implications for Internet Governance, Centre for International Governance Innovation and Chatham House, 2016, p. 1, https://www.cigionline.org/sites/default/files/gcig_no25_web_0.pdf. Bureau of Economic Analysis (BEA), https://www.bea.gov/iTable/iTable.cfm?ReqID=62&step=1#reqid=62&step=9&isuri=1&6210=4.
2.	U.S. International Trade Commission, Global Digital Trade 1: Market Opportunities and Key Foreign Trade Restrictions, Publication Number: 4716, Investigation Number: 332-561, August 2017, p.13, https://www.usitc.gov/publications/332/pub4716.pdf.
3.	Penny Pritzker and John Engler, Director Edward Alden, The Work Ahead: Machines, Skills, and U.S. Leadership in the Twenty-First Century, Independent Task Force Report, The Council for Foreign Relations, April 2018.
4.	U.S. International Trade Commission, Global Digital Trade 1: Market Opportunities and Key Foreign Trade Restrictions, August 2017, p.33, https://www.usitc.gov/publications/332/pub4716.pdf.
5.	Jacques Bughin and Susan Lund, "The ascendancy of international data flows," VOX, January 9, 2017.
6.
3.	U.S. International Trade Commission, Digital Trade in the U.S. and Global Economies, Part 2, Publication No: 4485, Investigation No: 332-540, p.29, August 2014, https://www.usitc.gov/publications/332/pub4485.pdf.
4.	Paul Zwillenberg, Dominic Field, and David Dean, Greasing the Wheels of the Internet Economy, Boston Consulting Group, February 2014, https://www.bcgperspectives.com/content/articles/digital_economy_telecommunications_greasing_wheels_internet_economy/.
5.	Business Software Alliance, Powering the Digital Economy: A Trade Agenda to Drive Growth, 2015, http://www.bsa.org/~/media/Files/Policy/Trade/DTA_study_en.pdf.
6.	The World Bank Group, World Development Report 2016: Digital Dividends, 2016, http://www.worldbank.org/en/publication/wdr2016.
7.	The United States was not included in the study. OECD. (2015), "Executive summary," OECD Digital Economy Outlook 2015, pp. 2-3, OECD Publishing, Paris. DOI: http://dx.doi.org/10.1787/9789264232440-2-en.
8.	Internet Association, Measuring the U.S. Internet Sector, 2015, http://internetassociation.org/wp-content/uploads/2015/12/Internet-Association-Measuring-the-US-Internet-Sector-12-10-15.pdf.
9.	Giulia McHenry, Evolving Technologies Change the Nature of Internet Use, National Telecommunications & Information Administration blog, April 19, 2016.
10.	Susan Lund and James Manyika, Strengthening the Global Trade and Investment System for Sustainable Development: How Digital Trade is Transforming Globalization, The E15 Initiative. McKinsey & Company., January 2016, http://e15initiative.org/publications/how-digital-trade-is-transforming-globalisation/.
11.	Erik van der Marel, Disentangling the Flows of Data: Inside or Outside the Multinational Company?, European Center for International Political Economy, July 2015, http://ecipe.org/publications/flows-data-inside-outside-multinational-company/?chapter=all.
12.	James Manyika, Jacques Bughin, and Susan Lund, et al., Global Flows in a digital age: How trade, finance, people, and data connect, McKinsey Global Institute, April 2014, http://www.mckinsey.com/business-functions/strategy-and-corporate-finance/our-insights/global-flows-in-a-digital-age.
13U.S. International Trade Commission, Global Digital Trade 1: Market Opportunities and Key Foreign Trade Restrictions, Publication Number: 4716, Investigation Number: 332-561, August 2017, p.47-49, https://www.usitc.gov/publications/332/pub4716.pdf.
10.	Giulia McHenry, Evolving Technologies Change the Nature of Internet Use, National Telecommunications & Information Administration blog, April 19, 2016.
11.	Jacques Bughin and Susan Lund, "The ascendancy of international data flows," VOX, January 9, 2017.
ICT is an umbrella term that includes any communication device or application, including: radio, television, cellular phones, computer and network hardware and software, satellite systems, and associated services and applications.
1413.	EIU estimates, "The Growing $1 Trillion Economic Impact of Software," software.org.
14.	OECD (2017), OECD Digital Economy Outlook 2017, OECD Publishing, Paris, p. 120-124. http://dx.doi.org/10.1787/9789264276284-en.
15.	OECD, Measuring the Digital Economy, OECD Staff Report, February 2018.
16.	Semiconductor Industry Association, "Annual Semiconductor Sales Increase 21.6 Percent, Top $400 Billion for First Time," February 5, 2018.
17.	OECD (2017), OECD Digital Economy Outlook 2017, OECD Publishing, Paris. http://dx.doi.org/10.1787/9789264276284-en. .
18.	Bureau of Economic Analysis (BEA), https://www.bea.gov/iTable/iTable.cfm?ReqID=62&step=1#reqid=62&step=9&isuri=1&6210=4.
19.	U.S. International Trade Commission, Digital Trade in the U.S. and Global Economies, Part 2, Publication No: 4485, Investigation No: 332-540, p. 13, August 2014, https://www.usitc.gov/publications/332/pub4485.pdf.
20.	U.S. International Trade Commission, Digital Trade in the U.S. and Global Economies, Part 2, Publication No: 4485, Investigation No: 332-540, August 2014, p. 65. https://www.usitc.gov/publications/332/pub4485.pdf.
21.	Jacques Bughin and Susan Lund, "The ascendancy of international data flows," VOX, January 9, 2017.
22.	U.S. International Trade Commission, Global Digital Trade 1: Market Opportunities and Key Foreign Trade Restrictions, Publication Number: 4716, Investigation Number: 332-561, August 2017, p.13, https://www.usitc.gov/publications/332/pub4716.pdf.
23.	eMarketer,"Worldwide Retail E-commerce Sales: eMarketer's Updated Estimates and Forecast Through 2019," https://www.emarketer.com/public_media/docs/eMarketer_eTailWest2016_Worldwide_ECommerce_Report.pdf.
24.	Huawei Technologies and Oxford Economics, Digital Spillover, http://www.huawei.com/minisite/gci/en/digital-spillover/files/gci_digital_spillover.pdf.
25.	Ibid.
26.	For more on blockchain, see CRS Report R45116, Blockchain: Background and Policy Issues, by [author name scrubbed].
27.	Roger Aitken, "IBM & Walmart Launching Blockchain Food Safety Alliance In China With Fortune 500's JD.com," Forbes, December 14, 2017.
28.	Alexandre Menard, "How can we recognize the real power of the Internet of Things?" McKinsey, November 2017.
29.	OECD (2015), OECD Digital Economy Outlook 2015, p. 61, OECD Publishing, Paris. DOI: http://dx.doi.org/10.1787/9789264232440-2-en
30.	For more information, see CRS In Focus IF10810, Blockchain and International Trade, by [author name scrubbed].
Business Software Alliance, Powering the Digital Economy: A Trade Agenda to Drive Growth, January 2014, p.8-9, http://digitaltrade.bsa.org/pdfs/DTA_study_en.pdf.
15.	OECD. (2015), "Chapter 2: The foundations of the digital economy," OECD Digital Economy Outlook 2015, p. 92, OECD Publishing, Paris. DOI: http://dx.doi.org/10.1787/9789264232440-2-en.
16.	Alexis N. Grimm, Trends in U.S. Trade in Information and Communications Technology (ICT) Services and in ICT-Enabled Services, BEA, May 2016, http://www.bea.gov/scb/pdf/2016/05%20May/0516_trends_%20in_us_trade_in_ict_serivces2.pdf
17.	Susan Lund and James Manyika, Strengthening the Global Trade and Investment System for Sustainable Development: How Digital Trade is Transforming Globalization, The E15 Initiative. McKinsey & Company., January 2016, http://e15initiative.org/publications/how-digital-trade-is-transforming-globalisation/.
18.	The OECD defines the Internet of Things as "encompassing all devices and objects whose state can be read or altered via the internet, with or without the active involvement of individual... The internet of things consists of a series of components of equal importance – machine-to-machine communication, cloud computing, big data analysis, and sensors and actuators. Their combination, however, engenders machine learning, remote control, and eventually autonomous machines and systems, which will learn to adapt and optimise themselves." OECD (2015), OECD Digital Economy Outlook 2015, p. 61, OECD Publishing, Paris. DOI: http://dx.doi.org/10.1787/9789264232440-2-en. For more information on the Internet of Things, see CRS Report R44227, The Internet of Things: Frequently Asked Questions, by [author name scrubbed].
19.	This is distinct from the physical infrastructure platforms for data and connectivity that these digital platforms rely on.
20.	According to the U.S. National Institute of Standards and Technology, cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. For more information, see CRS Report R42887, Overview and Issues for Implementation of the Federal Cloud Computing Initiative: Implications for Federal Information Technology Reform Management, by [author name scrubbed] and [author name scrubbed].
21.	The World Bank Group, World Development Report 2016: Digital Dividends, 2016, http://www.worldbank.org/en/publication/wdr2016.
22.	U.S. International Trade Commission, Digital Trade in the U.S. and Global Economies, Part 1, Publication No: 4415, Investigation No: 332-531, July 2013, p. 6-1, https://www.usitc.gov/publications/332/pub4415.pdf.
23.	U.S. International Trade Commission, Digital Trade in the U.S. and Global Economies, Part 2, Publication No: 4485, Investigation No: 332-540, p.13, August 2014, https://www.usitc.gov/publications/332/pub4485.pdf.
24.	John Wu, Adams Nager, and Joseph Chuzhin, High-Tech Nation: How Technological Innovation Shapes America's 435 Congressional Districts, ITIF, November 28, 2016, p. 4, https://itif.org/publications/2016/11/28/technation.
2532.	BCG, "Cross Border E-Commerce," September 18, 2014The World Bank Group, World Development Report 2016: Digital Dividends, 2016, http://www.worldbank.org/en/publication/wdr2016.
2633.	Jay Greene, "Amazon to Launch Cloud Migration Service," The Wall Street Journal, March 15, 2016.
34.	Commercial Customs Operations Advisory Committee (COAC), Trade Progress Report, November 2017, https://www.cbp.gov/sites/default/files/assets/documents/2017-Nov/Global%20Supply%20Chain%20Subcommittee%20Trade%20Executive%20Summary%20Nov%202017.pdf.
Department of Commerce Economics and Statistics Administration, Digitally Deliverable Services Remain an Important Component of U.S. Trade, May 28, 2015, http://www.esa.doc.gov/economic-briefings/digitally-deliverable-services-remain-important-component-us-trade.
27.	U.S. International Trade Commission, Digital Trade in the U.S. and Global Economies, Part 2, Publication No: 4485, Investigation No: 332-540, August 2014, p.65. https://www.usitc.gov/publications/332/pub4485.pdf.
28.	James Manyika, Sree Ramaswamy, and Somesh Khanna, et al., Digital America: A Tale of the Haves and Have-Mores, McKinsey Global Institute, December 2015, p. 40, http://www.mckinsey.com/industries/high-tech/our-insights/digital-america-a-tale-of-the-haves-and-have-mores.
2936.	Google President Margo Georgiadis, Economic Impact United States 2014, p. 20, https://static.googleusercontent.com/media/www.google.com/en//economicimpact/reports/2014/ei-report-2014.pdf.
37.	APEC, "APEC's Startup Revolution Brings the Next Big Thing," November 2, 2017; https://www.apec.org/Press/Features/2017/1102_interview.
Matthieu Pélissié du Rausas, James Manyika, and Eric Hazan, et al., Internet matters: The Net's sweeping impact on growth, jobs, and prosperity, McKinsey Global Institute, May 2011, p. 21, http://www.mckinsey.com/industries/high-tech/our-insights/internet-matters.
3039.	Google President Margo Georgiadis, Economic Impact United States 2014, p. 20, https://static.googleusercontent.com/media/www.google.com/en//economicimpact/reports/2014/ei-report-2014.pdf. Software.org, "The Growing $1 Trillion Economic Impact of Software."
3140.	Digital potential is defined as the upper bounds of digitization in the leading sectors included in the study. James Manyika, Sree Ramaswamy, and Somesh Khanna, et al., Digital America: A Tale of the Haves and Have-Mores, McKinsey Global Institute, December 2015, p. 32, http://www.mckinsey.com/industries/high-tech/our-insights/digital-america-a-tale-of-the-haves-and-have-mores.
3241.	Ibid.
3342.	Paul Zwillenberg, Dominic Field, and David Dean, Greasing the Wheels of the Internet Economy, Boston Consulting Group, February 2014. https://www.bcgperspectives.com/content/articles/digital_economy_telecommunications_greasing_wheels_internet_economy/.
3443.	Ibid.
3544.	The World Bank Group, World Development Report 2016: Digital Dividends, 2016, http://www.worldbank.org/en/publication/wdr2016.
3645.	Penny Pritzker and John Engler, Director Edward Alden, The Work Ahead: Machines, Skills, and U.S. Leadership in the Twenty-First Century, Independent Task Force Report, Council of Foreign Relations, April 2018.	World Economic Forum; Global Competitiveness Report 2015-2016; Datedate of data collection or release: 1st September 2015;September 1, 2015, http://www.weforum.org/gcr.
3747.	The World Bank Group, World Development Report 2016: Digital Dividends, 2016, http://www.worldbank.org/en/publication/wdr2016.
3848.	http://www.state.gov/e/eb/cip/netfreedom/index.htmPenny Pritzker and John Engler, Director Edward Alden, The Work Ahead: Machines, Skills, and U.S. Leadership in the Twenty-First Century, Independent Task Force Report, Council of Foreign Relations, April 2018.
3949.	OECD (2017), OECD Digital Economy Outlook 2017, OECD Publishing, Paris. http://dx.doi.org/10.1787/9789264276284-en.
50.	Koske, I. et al. (2014), "The Internet Economy - Regulatory Challenges and Practices," OECD Economics Department Working Papers, No. 1171, OECD Publishing, Paris. DOI, http://dx.doi.org/10.1787/5jxszm7x2qmr-en.
51.	http://www.state.gov/e/eb/cip/netfreedom/index.htm.
52.	OECD (2017), OECD Digital Economy Outlook 2017, OECD Publishing, Paris, p. 34, http://dx.doi.org/10.1787/9789264276284-en.
53.	The White House, National Security Strategy of the United States of America, December 2017, p. 41, https://www.whitehouse.gov/wp-content/uploads/2017/12/NSS-Final-12-18-2017-0905.pdf.
Ambassador Michael B.G. Froman, "Getting Trade Right," Democracy Journal, Fall 2015, http://democracyjournal.org/magazine/38/getting-trade-right-1/. For more information, see also: The President of the United States, International Strategy for Cyberspace, May 2011, http://www.whitehouse.gov/sites/default/files/rss_viewer/international_strategy_for_cyberspace.pdf.
40.	John B. Morris Jr., Twenty Years after the Birth of the Modern Internet, U.S. Policies Continue to Help the Internet Grow and Thrive, May 1, 2015, https://www.ntia.doc.gov/blog/2015/twenty-years-after-birth-modern-internet-us-policies-continue-help-internet-grow-and-thriv.
41.	Alan B Davidson, "The Commerce Department's Digital Economy Agenda," November 9, 2015, https://www.commerce.gov/news/blog/2015/11/commerce-departments-digital-economy-agenda.
4255.	Secretary of Commerce Penny Pritzker, "Commerce Launches Digital Attaché Program to Address Trade Barriers," March 11, 2016, https://www.commerce.gov/news/opinion-editorials/2016/03/commerce-launches-digital-attache-program-address-trade-barriers.
43U.S. Department of Commerce, "Digital Economy Board of Advisors Membership Balance Plan," January 3, 2018, https://www.ntia.doc.gov/files/ntia/publications/deba_membership_balance_plan-1-3-2018.pdf.
56.	For more information, see https://www.export.gov/digital-attache.
Digitally intensive industries include sectors in communications, finance, trade, other services, and manufacturing. U.S. International Trade Commission, Digital Trade in the U.S. and Global Economies, Part 2, Publication No: 4485, Investigation No: 332-540, August 2014, pp. 106-108, https://www.usitc.gov/publications/332/pub4485.pdf.
4458.	For more information on TPA, see CRS In Focus IF10038, Trade Promotion Authority (TPA), by [author name scrubbed], and CRS Report RL33743, Trade Promotion Authority (TPA) and the Role of Congress in Trade Policy, by [author name scrubbed].
4559.	OECD. (2015 (2017), OECD Digital Economy Outlook 2015, p. 382017, OECD Publishing, Paris. DOI: , p. 120. http://dx.doi.org/10.1787/97892642324409789264276284-en. 60-en.
46.	Angus Loten, "Trump Clouds Tech Spending Outlook," The Wall Street Journal, December 14, 2016.
47.	International Trade Administration, 2015 Top Markets Report Semiconductors and Semiconductor Manufacturing Equipment," July 2015, http://trade.gov/topmarkets/pdf/Semiconductors_Top_Markets_Report.pdf.
48.	Data on Harmonized System code 9018 from U.N. Comtrade: http://comtrade.un.org.
4961.	CRS analysis of tariff data from the WTO Tariff Analysis Online (TAO): https://tao.wto.org.
5062.	U.S. Census Bureau.
5163.	Harmonized System code 8527, from WTO TAO.
5264.	U.S. International Trade Commission, Digital Trade in the U.S. and Global Economies, Part 1, Publication No: 4415, Investigation No: 332-531, July 2013, p. 16, https://www.usitc.gov/publications/332/pub4415.pdf.
65.	https://www.usitc.gov/publications/332/pub4716.pdf
66.	David J. Lynch, "The U.S. dominates the world of big data. But Trump's NAFTA demands could put that at risk.," Washington Post, November 28, 2018.
Trans-Pacific Partnership Annex 2-D: Vietnam Tariff Elimination Schedule, published by New Zealand Ministry of Foreign Affairs and Trade: https://www.mfat.govt.nz/assets/_securedfiles/trans-pacific-partnership/annexes/2-d.-viet-nam-tariff-elimination-schedule.pdf.
53.	U.S. International Trade Commission, Digital Trade in the U.S. and Global Economies, Part 1, Publication No: 4415, Investigation No: 332-531, July 2013, p.5-1Global Digital Trade 1: Market Opportunities and Key Foreign Trade Restrictions, Publication Number: 4716, Investigation Number: 332-561, August 2017, https://www.usitc.gov/publications/332/pub4415pub4716.pdf.
5468.	OECD. (2015), "Executive summary," OECD Digital Economy Outlook 2015, p. 5, OECD Publishing, Paris. DOI: http://dx.doi.org/10.1787/9789264232440-2-en.
5569.	Rachael King, "AT&T to Move 80% of Its Applications to Cloud by Year's End," The Wall Street Journal, March 16, 2016, http://blogs.wsj.com/cio/2016/03/16/att-to-move-80-of-its-applications-to-cloud-by-years-end/.
56Information Technology Industry Council, Comments in Response to Executive Order Regarding Trade Agreements Violations and Abuses, August 1, 2017, http://www.itic.org/dotAsset/9d22f0e2-90cb-467d-81c8-ecc87e8dbd2b.pdf. .
70.	Business Software Alliance, 2018 BSA Global Cloud Computing Scorecard, http://cloudscorecard.bsa.org/2018/pdf/BSA_2018_Global_Cloud_Scorecard.pdf.
Google Cloud Platform Blog, "Google Cloud Platform adds two new regions, 10 more to come," March 22, 2016, https://cloudplatform.googleblog.com/2016/03/announcing-two-new-Cloud-Platform-Regions-and-10-more-to-come_22.html?mod=djemCIO_h.
5772.	Department of Commerce, "U.S. Strategy To Address Trade-Related Forced Localization Barriers Impacting the U.S. ICT Hardware Manufacturing Industry," 83 Federal Register 15786, April 12, 2018.
73.	The planned strategy will not address cross-border data flow restrictions.
Steve Rosenbush, "Oracle's New Service Turns Cloud Computing 'Inside-Out'," The Wall Street Journal, March 24, 2016.
58.	Jay Greene, "Amazon to Launch Cloud Migration Service," The Wall Street Journal, March 15, 2016.
59.	Information Technology Industry Council, ITI Calls USTR Attention to Increasing use of Data Localization as a Trade Barrier and Threat to U.S. and Global Economic Growth, October 29, 2015, http://www.itic.org/news-events/news-releases/iti-calls-ustr-attention-to-increasing-use-of-data-localization-as-a-trade-barrier-and-threat-to-u-s-and-global-economic-growth.
60.	Galexia Consulting, 2016 BSA Global Cloud Computing Scorecard, Business Software Alliance, April 2016, http://cloudscorecard.bsa.org/2016/.
61.	Ambassador Michael B.G. Froman, 2016 National Trade Estimate Report on Foreign Trade Barriers, Office of the United States Trade Representative, 2016, https://ustr.gov/sites/default/files/2016-NTE-Report-FINAL.pdf.
62.	Intellectual property is a creation of the mind—such as an invention, literary/artistic work, design, symbol, name, or image—embodied in a physical or digital object. See CRS Report RL34292, Intellectual Property Rights and International Trade, by [author name scrubbed] and [author name scrubbed]; and CRS In Focus IF10033, Intellectual Property Rights (IPR) and International Trade, by [author name scrubbed] and [author name scrubbed].
6375.	U.S. Department of Commerce, Intellectual Property and the U.S. Economy: 2016 Update, prepared by the Economics and Statistics Administration and the U.S. Patent and Trademark Office, 2016.
6476.	Ibid.
6577.	CRS, based on U.S. Bureau of Economic Analysis (BEA), Table 2.1. U.S. Trade in Services data, updated October 24, 2016, by Type of Service,, Survey Of Current Business, October 2017. The charges for the use of IP reflect those not included elsewhere in BEA services data.
6678.	ITC, Digital Trade in the U.S. and Global Economies, Part 1, USITC Publication 4415, July 2013, p. 5-15.
6779.	USTR, 2015 Out-of-Cycle Review of Notorious Markets, December 2015, p. 9.
6880.	For example, the USTR 2016 Notorious Markets report highlights several foreign websites involved in or facilitating substantial piracy and counterfeiting that continue to operate despite being subject to law enforcement action. See USTR, 2016 Out-of-Cycle Review of Notorious Markets, December 2016. USTR, 2015 Out-of-Cycle Review of Notorious Markets, December 2015, p. 9.
6981.	ITC, Digital Trade in the U.S. and Global Economies, Part 1, USITC Publication 4415, July 2013, p. 5-1.
7082.	Ibid., ppp. 5-15.
7183.	USTR, 2017 National Trade Estimate Report on Foreign Trade Barriers, p. 181-2, March 2017.	84.	Computer & Communications Industry Association (CCIA), Comments to USTR in Response to Request for Public Comments to Compile the National Trade Estimate Report on Foreign Trade Barrier, 2015.
72.	Ibid.
73.	For more information on fair use, please see CRS Report RS22801, General Overview of U.S. Copyright Law, by [author name scrubbed].
74.	USTR, 2016 National Trade Estimate Report on Foreign Trade Barriers, p. 179, March 2016Office of the United States Trade Representative, 2018, p. 219.
7585.	Eva Dou, "China's Great Firewall Gets Taller," The Wall Street Journal, January 30, 2015Yu Nakamura, "China's war on VPNs creates havoc at foreign companies," December 17, 2017.
7686.	"Beijing is banning all foreign media from publishing online in China," Quartz, February 18, 2016. 2018 National Trade Estimate Report on Foreign Trade Barriers, Office of the United States Trade Representative, 2018, p. 446.
7787.	Max Seddon, "Russia's chief internet censor enlists China's know-how," Financial Times, April 26, 2016Neil MacFarquhar, "'They Want to Block Our Future': Thousands Protest Russia's Internet Censorship," The New York Times, April 30, 2018.
7888.	Mark Scott, "Google Fined by French Privacy Regulator," The New York Times, March 24, 2016.
7989.	Alan McQuinn, "France Demands Right to Censor the Global Internet," The Innovation Files, March 28, 2016. For more information on net neutrality, see CRS Report R40616, The Net Neutrality Debate: Access to Broadband Networks, by [author name scrubbed].
8090.	For more information on FCC rules on net neutralitycybersecurity, see CRS Report R43971, Net Neutrality: Selected Legal Issues Raised by the FCC's 2015 Open Internet Order, by [author name scrubbed], and CRS Report R40616, The Net Neutrality Debate: Access to Broadband NetworksR43831, Cybersecurity Issues and Challenges: In Brief, by [author name scrubbed], and CRS In Focus IF10559, Cybersecurity: An Introduction, by [author name scrubbed].
8191.	Julia Fioretti. "EU regulators take tough approach to net neutrality," Reuters, June 2, 2016. Note: under a zero rating, a provider can exempt traffic from certain sites and services from a user's monthly data allowance.
82.	For more information on cybersecurity, see CRS Report R43831, Cybersecurity Issues and Challenges: In Brief, by [author name scrubbed], and CRS In Focus IF10559, Cybersecurity: An Introduction, by [author name scrubbed].
83.	Joseph Marks, "Indictment: Iranians made 'coordinated' cyberattacks on U.S. banks, dam," Politico Pro, March 24, 2016.
84Council of Economic Advisers, The Cost of Malicious Cyber Activity to the U.S. Economy, February 2018, https://www.whitehouse.gov/wp-content/uploads/2018/02/The-Cost-of-Malicious-Cyber-Activity-to-the-U.S.-Economy.pdf.
92.	Nicole Hong, "Iranian Charged With Hacking HBO, Taking 'Game of Thrones' Scripts, " Wall Street Journal, November 21, 2017.
93.	Nick Kostov, Jeannette Neumeann, and Stu Woo, "Cyberattack Victims Begin to Assess Financial Damage," Wall Street Journal, May 14, 2017.
94.	Thomas P. Bossert, Assistant to the President for Homeland Security and Counterterrorism, "It's Official: North Korea Is Behind WannaCry," Wall Street Journal, December 18, 2017.
For more information on encryption, see CRS Report R44187, Encryption and Evolving Technology: Implications for U.S. Law Enforcement Investigations, by [author name scrubbed], and CRS Report R44407, Encryption: Selected Legal Issues, by [author name scrubbed] and [author name scrubbed].
8596.	Penny Pritzker, Former U.S. Secretary of Commerce and Andrus Ansip, Vice-President of the European Commission for the Digital Single Market, "Making a Difference to the World's Digital Economy: The Transatlantic Partnership," March 11, 2016, https://www.commerce.gov/news/blog/2016/03/making-difference-worlds-digital-economy-transatlantic-partnership.
97.	Where the Money Is: The Transatlantic Digital Market," CSIS, October 12, 2017.
98.	Ibid.
Based on Bureau of Economic Analysis (BEA), World Bank, and United Nations Committee on Trade and Development data.
86.	Joshua P. Meltzer, The Importance of the Internet and Transatlantic Data Flows for U.S. and EU Trade and Investment, Brookings, p.12, October 2014, http://www.brookings.edu/research/papers/2014/10/internet-transatlantic-data-flows-meltzer.
87.	Ibid, p. 17.
88.	All figures on U.S.-EU trade and data flows includes the United Kingdom (UK) as part of the EU. Without the UK, the statistics would be lower.
89100.	Daniel R. Stoller, "EU-U.S. Data Transfer Privacy Shield Opinion Imminent," Bloomberg BNA, April 5, 2016.
90Under the Obama Administration, a U.S. goal for T-TIP had been to develop "appropriate provisions to facilitate the use of electronic commerce to support goods and services trade, including through commitments not to impose customs duties on digital products or unjustifiably discriminate among products delivered electronically." USTR, "U.S. Objectives, U.S. Benefits in the Transatlantic Trade and Investment Partnership: A Detailed View," fact sheet, March 2014.
101.	For more information on the Privacy Shield, see https://www.privacyshield.gov/Program-Overview.
Lauren Cerulus, "Switzerland and U.S. strike 'privacy shield' data transfer deal," Politico Pro, January 11, 2017.
91103.	Department of Commerce, U.S. Secretary of Commerce Wilbur Ross Welcomes Release of the European Commission's Report on the EU-U.S. Privacy Shield, October 18, 2017, https://www.commerce.gov/news/press-releases/2017/10/us-secretary-commerce-wilbur-ross-welcomes-release-european-commissions.
104.	POLICY DIRECTIVE/PPD-28, January 17, 2014, https://obamawhitehouse.archives.gov/the-press-office/2014/01/17/presidential-policy-directive-signals-intelligence-activities.
Inside U.S. Trade, "Legal challenges against Privacy Shield begin to mount in Europe," November 3, 2016.
92.	USTR, 2016 National Trade Estimate Report on Foreign Trade Barriers, p. 178.
93.	European Commission, "Commission updates EU audiovisual rules and presents targeted approach to online platforms," Press Release, May 25, 2016.
94.	European Commission, "Agreement on Commission's EU data protection reform will boost Digital Single Market," Press Release, December 15, 2015.
95106.	Ali Qassim, "Lack of EU Data Reg Guidance Has Companies Uncertain," Bloomberg BNA, April 26, 2016.
96.	Stephen Gardner, "Effective Date Set for EU General Data Protection Rule," Bloomberg BNA, May 4, 2016.
97.	Stephen Gardner, "First Guidance on New EU Privacy Law Will Help Companies," Bloomberg BNA, December 19, 2016.
98.	Ali Qassim, "U.K. Privacy Office Seeks EU-Compliant Laws Despite Brexit," Bloomberg BNA, July 5, 2016.
99.	E-Marketer, Ecommerce Drives Retail Sales Growth in China, September 25, 2015.
100.	E-Marketer, China Embraces Cross-Border Ecommerce, June 14, 2016, available at https://www.emarketer.com/Article/China-Embraces-Cross-Border-Ecommerce/1014078
101.	U.S. Department of Commerce, U.S. Fact Sheet: 26th U.S.-China Joint Commission on Commerce and Trade, November 23, 2016, available at https://www.commerce.gov/news/fact-sheets/2015/11/us-fact-sheet-26th-us-china-joint-commission-commerce-and-trade.
102.	China was the fourth largest U.S. export market for such services for countries where data is available. See, BEA, International Trade Data, U.S. Trade in Services, available at http://www.bea.gov/iTable/iTable.cfm?ReqID=62&step=1#reqid=62&step=1&isuri=1&6210=4.
103.	U.S. Department of Commerce, U.S. Fact Sheet: 26th U.S.-China Joint Commission on Commerce and Trade, November 23, 2016, available at https://www.commerce.gov/news/fact-sheets/2015/11/us-fact-sheet-26th-us-china-joint-commission-commerce-and-trade.
104.	Translation from the Council on Foreign Relations, National Security Law of the People's Republic of China, July 1, 2015, available at http://www.cfr.org/homeland-security/national-security-law-peoples-republic-china/p36775.
105.	The letter can be found at https://www.uschina.org/sites/default/files/Industry%20letter%20on%20TBT%20notification%20of%20CIRC%20Tech%20Regulations%20(ENG).pdf.
106.	Inside U.S. Trade's, China Trade Extra, "U.S. Signals It Wants China To Slow Implementation Of Draft Insurance Regs," June 3, 2016.
107.	A translated copy of the law can be found at the China Law Translate at http://chinalawtranslate.com/?lang=en.
108.	The law follows China's assertion of its right to "cyber-sovereignty, which it describes as "an individual country's right to choose its own Internet regulation model." See Xinhuanet, "China Voice: Why does cyber-sovereignty matter?," December 12, 2016, available at http://news.xinhuanet.com/english/2015-12/16/c_134923687.htm.
109.	See translation of the law at http://chinalawtranslate.com/cybersecuritylaw/?lang=en#LBQMwbmaWhGozeMj.99.
110.	Lawfare, Understanding China's Cybersecurity Law, November 8, 2016, available at https://www.lawfareblog.com/understanding-chinas-cybersecurity-law.
111.	Eva Dou, "China to Start Security Checks on Technology Companies in June," Wall Street Journal, May 3, 2017, https://www.wsj.com/articles/china-to-start-security-checks-on-technology-companies-in-june-1493799352.
112.	U.S. Chamber of Commerce, Preventing Deglobalization, March 17, 2016, p.8., available at https://www.uschamber.com/sites/default/files/documents/files/preventing_deglobalization_1.pdf.
113.	For more information on U.S. China trade relations and the BIT negotiations, see CRS In Focus IF10030, U.S.-China Trade Issues, by [author name scrubbed], and CRS In Focus IF10307, A U.S.-China Bilateral Investment Treaty (BIT): Issues and Implications, by [author name scrubbed].
114.	USTR, 2016 Report to Congress on China's WTO Compliance, January 2017, p. 4, available at https://ustr.gov/sites/default/files/2016-China-Report-to-Congress.pdf.
115.	The White House, "FACT SHEET: President Xi Jinping's State Visit to the United States," September 25, 2015.
116.	U.S. agencies included the Departments of Justice, Homeland Security, and State and the National Security Council and Intelligence Community and while Chinese representatives came from the Committee of Political and Legal Affairs of CPC Central Committee, Ministry of Public Security, Ministry of Foreign Affairs, Ministry of Industry and Information Technology, Ministry of State Security, Ministry of Justice and the State Internet Information Office. Department of Justice, "First U.S.-China High-Level Joint Dialogue on Cybercrime and Related Issues Summary of Outcomes," December 2, 2015.
117.	Department of Homeland Security, "Second U.S.-China Cybercrime and Related Issues High Level Joint Dialogue," June 15, 2016.
118.	Cory Bennett, "U.S., China cyber talks will continue into Trump administration," Politico Pro, December 8, 2016.
119.	United Nations Conference on Trade and Development, Data protection regulations and international data flows: Implications for trade and development, 2016, http://unctad.org/en/PublicationsLibrary/dtlstict2016d1_en.pdf.
120.	Ibid, p. 56.
121.	Ibid, p. xi.
122.	Koske, I., et al. (2014), "The Internet Economy - Regulatory Challenges and Practices," OECD Economics Department Working Papers, No. 1171, OECD Publishing, Paris. DOI: http://dx.doi.org/10.1787/5jxszm7x2qmr-en.
123.	For more information, see https://www.wto.org/english/tratop_e/serv_e/serv_e.htm and CRS Report R43291, U.S. Trade in Services: Trends and Policy Issues, by [author name scrubbed].
124.	For more information on WTO and the Doha Round, see CRS In Focus IF10002, The World Trade Organization, by [author name scrubbed] and [author name scrubbed].
125.	World Trade Organization, WTO members conclude landmark $1.3 trillion IT trade deal, December 16, 2015, https://www.wto.org/english/news_e/news15_e/ita_16dec15_e.htm.
126.	Office of the U.S. Trade Representative, U.S. and WTO Partners Announce Final Agreement on Landmark Expansion of Information Technology Agreement, December 2015, https://ustr.gov/about-us/policy-offices/press-office/press-releases/2015/december/US-WTO-Partners-Announce-Final-Agreement-on-Expansion-ITA.
127.	"Exclusively for the purposes of the work programme, and without prejudice to its outcome, the term 'electronic commerce' is understood to mean the production, distribution, marketing, sale or delivery of goods and services by electronic means."
128.	For more information, see https://www.wto.org/english/tratop_e/ecom_e/ecom_briefnote_e.htm.
129.	For more information on the Work Programme on Electronic Commerce, see https://www.wto.org/english/tratop_e/ecom_e/ecom_e.htm and https://www.wto.org/english/thewto_e/minist_e/min99_e/english/about_e/20ecom_e.htm.
130European Commission, "Commission publishes guidance on upcoming new data protection rules," January 24, 2018, http://europa.eu/rapid/press-release_IP-18-386_en.htm.
107.	See https://aws.amazon.com/compliance/gdpr-center/.
108.	Harper Neidig, "Tech giants brace for sweeping EU privacy law," The Hill, April 1, 2018.
109.	Mark Scott and Nancy Scola, "Facebook won't extend EU privacy rights globally, no matter what Zuckerberg says," Politico Pro, April 19, 2018.
110.	Chris Bing, "White House pushing for research carveout in GDPR," Cyberscoop, March 21, 2018.
111.	Ivana Janû, ICANN, RE: Request for Guidance: General Data Protection Regulation (GDPR) Impact on the Domain Name System and WHOIS, March 26, 2018, https://www.icann.org/en/system/files/correspondence/marby-to-janu-26mar18-en.pdf.
112.	United States Trade Representative, 2018 National Trade Estimate Report on Foreign Trade Barriers, 2018, p. 185, https://ustr.gov/sites/default/files/files/Press/Reports/2018%20National%20Trade%20Estimate%20Report.pdf.
113.	Originally, China appeared to be mainly focused on establishing the rules of the road for the Internet in China, but over the past few years it appears to be advancing its vision of Internet sovereignty globally.
114.	The People's Daily, Full Text: The Internet in China, June 8, 2010, available at http://en.people.cn/90001/90776/90785/7017202.html.
115.	Ministry of Foreign Affairs of the People's Republic of China, Remarks by H.E. Xi Jinping President of the People's Republic of China At the Opening Ceremony of the Second World Internet Conference, December 16, 2015, available at http://www.fmprc.gov.cn/mfa_eng/wjdt_665385/zyjh_665391/t1327570.shtml.
116.	Reuters, "U.S. weighing China Internet censorship case: USTR," March 9, 2010, available at https://www.reuters.com/article/us-usa-china-google-wto/u-s-weighing-china-internet-censorship-case-ustr-idUSTRE6284YG20100309.
117.	Google, Enabling Trade in the Era of Information Technologies: Breaking Down Barriers to the Free Flow of Information, 2010, p.8, available at https://static.googleusercontent.com/media/www.google.com/en//googleblogs/pdfs/trade_free_flow_of_information.pdf.
118.	U.S.-China Business Council, 2017 Member Survey, p. 10, available at https://www.uschina.org/sites/default/files/2017_uscbc_member_survey.pdf.
119.	White House, "FACT SHEET: U.S.-China Economic Relations," September 25, 2015, https://obamawhitehouse.archives.gov/the-press-office/2015/09/25/fact-sheet-us-china-economic-relations.
120.	USTR, 2017 Report to Congress on China's WTO Compliance, January 2018, p. 3.
121.	U.S. Department of Commerce, U.S. Fact Sheet: 26th U.S.-China Joint Commission on Commerce and Trade, November 23, 2016, https://www.commerce.gov/news/fact-sheets/2015/11/us-fact-sheet-26th-us-china-joint-commission-commerce-and-trade.
122.	China Copyright and Media, National Cyberspace Security Strategy, December 27, 2016, available at https://chinacopyrightandmedia.wordpress.com/2016/12/27/national-cyberspace-security-strategy/.
123.	Article 1 states: "This law is formulated so as to ensure network security, to safeguard cyberspace sovereignty, national security and the societal public interest, to protect the lawful rights and interests of citizens, legal persons and other organizations, and to promote the healthy development of economic and social informatization."
124.	Deloitte, "A new era for Cybersecurity in China," November 2017, available at https://www2.deloitte.com/cn/en/pages/risk/articles/new-era-cybersecurity-law.html.
125.	Article 59, translation from the Council on Foreign Relations, National Security Law of the People's Republic of China, July 1, 2015, http://www.cfr.org/homeland-security/national-security-law-peoples-republic-china/p36775.
126.	China was the fourth largest U.S. export market for such services for countries where data is available. See, BEA, International Trade Data, U.S. Trade in Services, http://www.bea.gov/iTable/iTable.cfm?ReqID=62&step=1#reqid=62&step=1&isuri=1&6210=4.
127.	U.S. Chamber of Commerce, Preventing Deglobalization, March 17, 2016, p. 8, https://www.uschamber.com/sites/default/files/documents/files/preventing_deglobalization_1.pdf.
128.	Sections 301 through 310 of the Trade Act of 1974, as amended, commonly referred to as "Section 301," procedures apply to foreign acts, policies, and practices that the USTR determines either (1) violates, or is inconsistent with, a trade agreement; or (2) is unjustifiable and burdens or restricts U.S. commerce, and sets procedures and timetables for actions based on the type of trade barrier(s) addressed.
129.	For more information on the Section 301 investigation, see CRS In Focus IF10708, Enforcing U.S. Trade Laws: Section 301 and China, by [author name scrubbed].
130.	Reuters, "Chips down: China aims to boost semiconductors as trade war looms," CNBC, April 20, 2018.
131.	The White House, "Statement from the Press Secretary Regarding the United States Delegation to China," April 30, 2018.
132.	For more information, see https://www.wto.org/english/tratop_e/serv_e/serv_e.htm and CRS Report R43291, U.S. Trade in Services: Trends and Policy Issues, by [author name scrubbed].
133.	WTO, "Joint Statement on Electronic Commerce," December 13, 2017. https://ustr.gov/sites/default/files/files/Press/Releases/Joint%20Statement%20on%20Electronic%20Commerce.pdf.
134.	U.S. Trade Representative, USTR Robert Lighthizer Statement on the Conclusion of the WTO Ministerial Conference, December 2017, https://ustr.gov/about-us/policy-offices/press-office/press-releases/2017/december/ustr-robert-lighthizer-statement.
135.	The United States, "Joint Statement on Electronic Commerce Initiative," WTO, April 12, 2018.
136.	"Exclusively for the purposes of the work programme, and without prejudice to its outcome, the term 'electronic commerce' is understood to mean the production, distribution, marketing, sale or delivery of goods and services by electronic means." For more information, see https://www.wto.org/english/tratop_e/ecom_e/ecom_e.htm.
137.	For more information, see https://www.wto.org/english/tratop_e/ecom_e/ecom_briefnote_e.htm.
138.	WTO, "Communication from the People's Republic of China," JOB/CTG/2, November 4, 2016.
139.	WTO Work Programme on Electronic Commerce, "Draft Ministerial Decision," December 13, 2017.
140.	World Trade Organization, WTO members conclude landmark $1.3 trillion IT trade deal, December 16, 2015, https://www.wto.org/english/news_e/news15_e/ita_16dec15_e.htm.
141.	https://www.wto.org/english/news_e/news15_e/gc_30nov15_e.htm.
131142.	For pharmaceutical products, the implementation period has been extended until January 1, 2033.
132143.	WTO, "Overview: The TRIPS Agreement," https://www.wto.org/english/tratop_e/trips_e/intel2_e.htm. For more information, see CRS Report RL34292, Intellectual Property Rights and International Trade, by [author name scrubbed] and [author name scrubbed].
133144.	WTO, General Council, "Item 6 – —Work Programme on Electronic Commerce – —Review of Progress," WT/GC/W/701, July 24, 2015.
134145.	BSA, Powering the Digital Economy: A Trade Agenda to Drive Growth; and BSA, Shadow Market: 2011 BSA Global Software Piracy Study, May 2012.
135146.	U.S. Congress, Senate Committee on Foreign Relations, WIPO Copyright Treaty (WCT) (1996) and WIPO Performances and Phonograms Treaty (1996), Report to accompany treaty document 105-17, 105th105th Cong., 2nd2nd sess., October 14, 1998, S.Exec. Rept. 105-25.
136147.	See P.L. 105-304.
137148.	For more information on this statute, see CRS Report R43436, Safe Harbor for Online Service Providers Under Section 512(c) of the Digital Millennium Copyright Act, by [author name scrubbed].
138149.	USTR, 2016 2017 Special 301 Report, April 2017. 150Special 301 Report, April 2016.
139.	Joshua Paul Meltzer, Maximizing the Opportunities of the Internet for International Trade, The E15 Initiative, January 2016, http://e15initiative.org/publications/maximizing-opportunities-internet-international-trade/.
140.	Michael Froman, "We are at the end of the line on the Doha Round of trade talks," Financial Times, December 13, 2015.
141.	WTO, "Non-Paper from the United States," JOB/GC/94, July 4, 2016.
142.	Ibid.
143.	WTO, "Communication from the People's Republic of China," JOB/CTG/2, November 4, 2016.
144.	https://ustr.gov/sites/default/files/uploads/agreements/fta/singapore/asset_upload_file708_4036.pdf.
145151.	This statement was used in U.S. free trade agreements with Australia, Bahrain, Colombia, Central America and the Dominican Republic, Morocco, Oman, Panama, Peru, and South Korea. Chile used a slightly different text.
146152.	For more information on KORUS, see CRS Report RL34330, The U.S.-South Korea Free Trade Agreement (KORUS FTA): Provisions and Implementation, coordinated by [author name scrubbed].
147153.	KORUS FTA, Chapter 13, Annex 13-B, Section B. https://ustr.gov/sites/default/files/uploads/agreements/fta/korus/asset_upload_file35_12712.pdf.
148154.	For more on TPP, see CRS In Focus IF10000, TPP: Overview and Current Status, by [author name scrubbed] and [author name scrubbed], CRS Report R44489, The Trans-Pacific Partnership (TPP): Key Provisions and Issues for Congress, coordinated by [author name scrubbed] and [author name scrubbed], and CRS In Focus IF10390, TPP: Digital Trade Provisions, by [author name scrubbed].
149.	Industry Trade Advisory Committee on Information and Communication Technologies, Services, and Electronic Commerce (ITAC 8), Advisory Committee Report to the President, the Congress and the USTR on the TPP Trade Agreement, December 3, 2015, https://ustr.gov/sites/default/files/ITAC-8-Information-and-Communication-Technologies-Services-and-Electronic-Commerce.pdf.
150.	Annex I for Japan includes Foreign Exchange and Foreign Trade Law (Law No. 228 of 1949), Article 274 Cabinet Order on Foreign Direct Investment (Cabinet Order No. 261 of 1980), Article 3, https://ustr.gov/sites/default/files/TPP-Final-Text-Annex-I-Non-Conforming-Measures-Japan.pdf.
151.	TPP Chapter 14, Article 14.8.2.
152.	For more, see CRS In Focus IF10390, TPP: Digital Trade Provisions, by [author name scrubbed].
153.	For more information, see CRS In Focus IF10000, TPP: Overview and Current Status, by [author name scrubbed] and [author name scrubbed].
154Chieko Tsuneoka, " TPP Members Reach Agreement on Major Trade Pact," Wall Street Journal, January 23, 2018.
155.	TPP Chapter 14, Article 14.8.2.
156.	For more information on NAFTA, please see CRS Report R42965, The North American Free Trade Agreement (NAFTA), by [author name scrubbed] and [author name scrubbed].
157.	For more information on the notification and Trade Promotion Authority requirements please see, CRS In Focus IF10038, Trade Promotion Authority (TPA), by [author name scrubbed].
158.	Office of the United States Trade Representative, Summary of Objectives for the NAFTA Renegotiation, November 2017, https://ustr.gov/sites/default/files/files/Press/Releases/Nov%20Objectives%20Update.pdf.
159.	De minimis is threshold for assessing customs duties on imported goods.
For more on TiSA, see CRS In Focus IF10311, Trade in Services Agreement (TiSA) Negotiations, by [author name scrubbed], and CRS Report R44354, Trade in Services Agreement (TiSA) Negotiations: Overview and Issues for Congress, by [author name scrubbed].
155161.	Inside U.S. Trade, "Despite 'TISA-Plus' Aims, EU's E-Commerce Proposal For T-TIP Falls Short," August 13, 2015.
156162.	Washington Trade Daily, November 10, 2016.
157.	Ibid.
158.	Under the Obama Administration, a U.S. goal for T-TIP has been to develop "appropriate provisions to facilitate the use of electronic commerce to support goods and services trade, including through commitments not to impose customs duties on digital products or unjustifiably discriminate among products delivered electronically." USTR, "U.S. Objectives, U.S. Benefits in the Transatlantic Trade and Investment Partnership: A Detailed View," fact sheet, March 2014.
159163.	The Group of Twenty (G-20) is a forum for advancing international cooperation and coordination among 20 major advanced and emerging-market economies. The G-20 includes Argentina, Australia, Brazil, Canada, China, France, Germany, India, Indonesia, Italy, Japan, Mexico, Russia, Saudi Arabia, South Africa, South Korea, Turkey, United Kingdom, and the United States, as well as the European Union (EU). For more information on the G-20, see CRS Report R40977, The G-20 and International Economic Cooperation: Background and Implications for Congress, by [author name scrubbed].
160.	http://g20.org.tr/g20-leaders-commenced-the-antalya-summit/.
161.	Joint Declaration by G7 ICT Ministers, April 30, 2016, http://www.g8.utoronto.ca/ict/2016-ict-declaration.html.
162164.	http://www.oecd.org/internet/ministerial/. The G-7 is a subset of the G-20 and includes: Canada, France, Germany, Italy, Japan, United Kingdom, and the United States.
163165.	OECD Ministerial Declaration, May 2016, http://www.oecd.org/sti/ieconomy/Digital-Economy-Ministerial-Declaration-2016.pdf.
164166.	OECD, Key Issues for Digital Transformation in the G20, January 12, 2017, https://www.oecd.org/internet/key-issues-for-digital-transformation-in-the-g20.pdf.	Asia Pacific Economic Cooperation (APEC) is a regional economic forum established in 1989 with 21 Asian Pacific economies as members. http://www.apec.org/About-Us/About-APEC.aspx.
165168.	http://www.apec.org/Groups/Committee-on-Trade-and-Investment/Electronic-Commerce-Steering-Group.aspx.
169.	http://cloudscorecard.bsa.org/2018/index.html; http://cloudscorecard.bsa.org/2016/.