Editor’s Note — DCC.
This is the second brief in DCC’s three-part series on data-asset securitisation, written for overseas counsel who need to understand the mechanism before pricing the risk. It synthesises four Chinese practitioner analyses — 武强胜 (零壹法谈), 王喆 (京师·深圳), 鼎世律师, and 刘应檀 of 安杰世泽 (writing on 威科先行 / Wolters Kluwer) — into one account of what these deals actually do. The first brief covered the June 2026 exchange halt; the third looks at the secondary-licensing “2.0” model.
The single most important thing to carry away: in essentially every data-asset ABS issued to date, the data does not produce the repayment cash flow. The data is collateral. Mistaking the label for the substance is the central error — and, as the halt showed, the one regulators are now policing.
The cognition trap: what the label actually means
A “data-asset ABS” sounds like it should mean securitising the cash flow that data throws off. It does not. Under the prevailing exchange practice, a deal earns the “data-asset” (数据资产) label when data-pledged collateral exceeds 50% of the pooled underlying assets. That labelling rule is about the collateral mix, not the cash-flow source.
So the “underlying asset” (基础资产) that actually generates the money to pay investors is a conventional financial claim — supply-chain receivables, a trust-loan beneficiary right, or a finance-lease claim. The data asset sits on top as pledge security, credit enhancement, or a risk-pricing input. Repayment still rides on the borrower’s overall operating cash flow (or a guarantor), not on the data’s own earnings.
This is why DCC’s data-pledge-financing brief is the necessary companion: a data-asset ABS is, in most cases, a pledge financing wrapped in a securitisation. The hard questions about what can be pledged, and whether the pledge can be enforced, carry straight through.
The institutional foundation — and where it is still missing
Three building blocks made the category possible:
- The three-rights framework. The 2022 Data Foundation System Opinions (“数据二十条”) separated data-resource holding rights (数据资源持有权), data-processing-and-use rights (数据加工使用权), and data-product operating rights (数据产品经营权). Crucially, this is a policy framework — it deliberately avoids absolute “ownership” language, and it has not been confirmed in the Civil Code’s property book or in standalone legislation. Whether a data right is a property right, a claim, or a sui generis new right remains contested. That gap propagates directly into every deal.
- On-balance-sheet recognition (入表). The Ministry of Finance’s Interim Provisions on Accounting Treatment of Enterprise Data Resources (effective 1 January 2024) let a firm recognise data resources as an intangible asset (held for internal use or to provide data services) or as inventory (held for sale). This moved data from off-book to on-book, giving it a figure to value, pledge, and securitise. The Ministry followed with management guidance (财资〔2023〕141号) and a full-process management pilot (财资〔2024〕167号, running 2025–2026).
- A working definition. Per the National Data Administration’s common data terms, a “data asset” is a data resource that a specific party lawfully owns or controls, that is monetarily measurable, and that brings economic or social benefit. No measurability, no benefit — no asset.
Two cautions the practitioners stress. First, 入表 ≠ 确权. Accounting recognition fixes a measurement question; right-confirmation fixes an ownership question. They support each other but are not the same, and the transaction documents must not conflate them. Second, registration effect varies sharply by locality. Shenzhen and Xiamen lean to substantive review (stronger certificates); Beijing and Shanghai do formal review but treat the certificate as a rights voucher; Jiangsu and Hubei certificates carry only limited weight — rebuttable preliminary evidence. Due diligence has to be tailored to where the asset was registered.
The four live structures
Every issued deal to date falls into one of four patterns. The first three pledge data; the fourth merely uses it.
1. Trust-loan + securitisation (the mainstream). A trust company lends to the data firm; the firm pledges its data assets as security; the trust beneficiary right becomes the ABS underlying asset. Data is collateral; repayment rides on the borrower’s operations. This is the structure behind the flagship 华鑫-鑫欣 programme and the 青岛 pure-data deal.
2. Receivables + data pledge. Supply-chain or data-service receivables form the pool; the data holder pledges exchange-listed data assets as supplementary security (>50% of the pledge). The benchmark is 平安-如皋, the first data-ABS to issue (April 2025) — a modest first tranche, 2.4% coupon, AAA senior.
3. Finance lease + data pledge. Finance-lease claims form the pool, with data-asset pledges (up to 100% coverage) as security — e.g. 国君-无锡联投租赁, billed as the first 100%-data-asset-pledge deal. The lease structure lets the data-pledge credit-enhancement function reach into more industries.
4. Data empowerment (数据赋能). Here data is not pledged or transferred at all. Instead, supply-chain receivables are the underlying asset, and data is used to price the assets, screen suppliers, and monitor collections — improving the pool’s risk profile from the outside (e.g. 天风中投保). The legal questions shift accordingly: the independence and qualifications of the data-service provider, the legal effect and disclosure of its analytics, and whether the empowering data’s source and use stay inside their original authorisation.
The four legal infirmities
This is the part overseas counsel should internalise. Even a clean-looking deal carries four structural weaknesses.
1. Right-confirmation is unsettled (确权)
Because the three-rights framework has no substantive-law footing, ownership disputes lurk at every layer: platform-versus-user claims over user-generated data; employer trade-secret versus employee contribution in internal data; the boundary of authorised-operation for government data; the rights status of derivative datasets after cleaning, de-identification, and modelling; and the disposal authority of any one co-owner of a merged dataset. The Civil Code (Article 127) says data is protected “as provided by law” — but the detailed law has not arrived. So diligence cannot stop at the exchange’s registration certificate; it must trace the collection agreements, the authorisation chain, and prior dispositions. China’s first ruling on a data-IP registration certificate — Datatang v. Yinmu — held that the certificate is only preliminary evidence, rebuttable by contrary proof. A registration is a starting point, not a conclusion.
2. True sale is hard to achieve (真实出售)
Securitisation’s bankruptcy remoteness rests on a true sale — a real transfer of risk so the asset leaves the originator’s bankruptcy estate. Data defeats this on its own terms: because data is non-exclusive and infinitely copyable, the originator does not actually lose control on transfer, so a court asked whether risk truly passed faces a logical problem. There is no precedent on a data-asset true-sale dispute, and no settled answer to whether a bankruptcy administrator could claw securitised data back into the estate. This is exactly why the market overwhelmingly uses pledge enhancement rather than true sale, securitising a debt claim and leaving the data as mere collateral — sidestepping the property-characterisation problem entirely.
3. Bankruptcy isolation has a data-specific hole
Even with an SPV, isolation is incomplete: a data asset’s value depends on the originator’s continuous operation and maintenance (updating, securing, and running the data). If the originator enters bankruptcy, its technical support stops and the asset value can fall off a cliff. Robust deals therefore need a backup data administrator appointment mechanism, a data-migration plan, and transition arrangements written into the servicing agreement — so the SPV can preserve the asset’s basic value if the originator’s credit deteriorates.
4. The PIPL/DSL eligibility gates
Data compliance is not a side condition; it determines whether the asset is eligible at all:
- Consent chain. The collection must have completed PIPL notice-and-consent, and the authorisation scope must actually cover this securitisation use. A gap is not just a violation — it is a defect in the asset’s title that can disqualify it from the pool.
- Anonymisation vs de-identification. PIPL Article 73 distinguishes anonymised data (cannot re-identify, not restorable — outside PIPL) from de-identified data (still re-identifiable — fully regulated). Anonymised data lowers the compliance burden; de-identified data needs explicit use-scope limits and safeguards in the documents.
- Classification ceilings. Under the DSL, important data and national core data are not securitisable; even ordinary data may trigger security-assessment or filing duties at the scale/type thresholds of the Network Data Security Management Regulations (网络数据安全管理条例).
- Cross-border procedures. If the data touches overseas parties or transfers, the security-assessment / certification / standard-contract procedures must be cleared first — and they take time that has to be built into the deal calendar.
There is also a transferability problem at enforcement: prohibited-data catalogues (in the DSL classification regime, GB/T data-trading standards, and local data regulations) mean a pledgee may be unable to sell the pledged data to satisfy the debt — blunting the very credit enhancement the data was supposed to provide.
Reading the flagship deals
- 平安-如皋 (April 2025) — first data-ABS to issue. Receivables pool; exchange-listed transport/port data pledged as >50% supplementary security; 2.4% coupon, AAA senior. Data = collateral.
- 华鑫-鑫欣 数据资产1–5期 (April 2025) — first approved labelled data-asset ABS, and the first to run the full chain (recognition → right-confirmation → issuance → secondary trading). Issuer Nanjing Xinxing Commercial Factoring; ~9 firms’ data-revenue factoring claims registered at the Jiangsu Data Exchange; senior/subordinate tranching plus a bank AAA guarantee; financing cost ~3.8%, ~120–150bp below bank loans. Its “state-capital-led + tech-enabled + bank-enhanced” template directly prompted the Shenzhen exchange to create a new asset class and issue a dedicated business guideline.
- 青岛 纯数据资产信托收益权 ABS (March 2026) — ¥10bn shelf; billed as the first pure-data-asset deal, shedding land/property collateral entirely. But, as the commentators stress, even here the data is the pledge; trust-loan repayment still comes from the borrower’s overall operating cash flow. “Pure” describes the collateral, not the cash-flow source.
- 杭州高新金投 数据知识产权 ABN (2023) — a data-IP deal (a distinct but adjacent category): the first to put data-IP into a securitisation pledge pool, riding Hangzhou’s local data-IP registration and pledge standards.
What this means for overseas counsel
- Underwrite the cash-flow source, not the label. The first diligence question is always: what actually repays this? If the answer is a receivable or a trust loan and the data is collateral, you are pricing a conventional credit with a data-shaped enhancement of uncertain enforceability — value it accordingly.
- Map the deal to one of the four structures. Trust-loan, receivables, finance-lease, or empowerment — each puts the legal risk in a different place (pledge validity for the first three; service-provider independence and analytics disclosure for the fourth).
- Separate 入表 from 确权 from enforceability. A Ministry of Finance balance-sheet entry is not a confirmed legal right, and a confirmed legal right is not a guarantee the pledge can be realised in a thin secondary market. Treat them as three independent gates.
- Run the compliance stack as an eligibility test. Consent scope (does it cover securitisation?), anonymised vs de-identified, DSL classification (important/core data out), and cross-border procedures — clear these before the asset enters the pool, not after.
- Insist on the data-specific protections in the documents. Continuous data-maintenance covenants, a backup-data-administrator mechanism, data-security-incident triggers, valuation re-test and top-up clauses, and a policy-change adjustment clause. These are the terms that separate the deals that survived from the ones in the failure casebook.
DCC sources
- 武强胜, 《从“依附”到“独立”:数据资产证券化(ABS)的法律逻辑与进阶展望》, 零壹法谈 (source).
- 王喆, 《数据资产证券化法律实务要点解析》, 京师深圳律所 (source).
- 鼎世律师, 《数据资产证券化(ABS)的实践探索与合规路径——以全国首单获批数据资产ABS 项目为例》(source).
- 刘应檀 (安杰世泽律师事务所), 《数据资产证券化-入表构建及合规实操》, 威科先行 (source).
- 数据二十条 · DSL · PIPL · Civil Code (data & pledge provisions) · Data Property Rights Registration Work Guide (draft) · Common data terms.
- Ministry of Finance, Interim Provisions on Accounting Treatment of Enterprise Data Resources (effective 1 January 2024); 财资〔2023〕141号; 财资〔2024〕167号 (no dedicated DCC law pages yet).
This is an editorial synthesis of four practitioner analyses, not a translation. Structural framings and the consolidation are DCC’s. Not legal advice.