DCC
Data Compliance China
Search · ⌘K
DCC · DATA COMPLIANCE CHINA China data law, for overseas counsel.
Back
§ 031 · DATA-PROPERTY-RIGHTS

Inside the Reviewer's Mind — A Compliance Guide to Data Property-Rights Registration at Shenzhen Data Exchange

China's data property-rights registration (数据产权登记) regime has no single national rulebook yet, which makes the reviewer's checklist at the registrar level the operational baseline for any applicant. This brief summarises a practitioner guide by two compliance managers at Shenzhen Data Exchange (深圳数据交易所), explaining what registration reviewers actually scrutinise: whether the subject-matter falls within the platform's accepted scope; whether the applicant can substantiate entitlement to one or more of the three data-property rights (持有权 / 使用权 / 经营权); and whether the submitted materials are internally consistent and complete. The guide also clarifies common misconceptions about the 'three rights' structure — including why 'data ownership' is not a legally recognised concept and why holding-right does not automatically confer use-right or operating-right. For overseas counsel advising clients on data-asset registration, this is the clearest available account of how the first-mover registrar reads applications.

DCC Editorial SOURCE · ZH .MD ↓

Editor’s Note — DCC.

This brief summarises 《DEXC+专栏|数据产权登记审核,审核员都在想什么?——送上一份数据产权登记合规审核指南》by Chen Yiqian (陈一芊) and Hu Jingzhuo (胡婧卓), both compliance managers at Shenzhen Data Exchange (深圳数据交易所, SZDEX). Chen leads the exchange’s data-asset compliance team and is a co-drafter of the local standard on data-transaction compliance evaluation and the group standard on data compliance auditing. Hu leads the AI compliance special-projects group and is also a co-drafter of the data-transaction compliance evaluation standard. The piece was published in the DEXC+ (Data Exchange Compliance+) column, the exchange’s in-house practitioner platform. DCC runs it because SZDEX launched China’s first operational data property-rights registration platform in November 2024 and these are the people who process the applications.

A note on nomenclature: the source draws on SZDEX’s own registration rules — the 《深圳数据交易所有限公司数据产权登记办法(试行)》(SZDEX Provisional Measures on Data Property-Rights Registration, the “Registration Measures”) and the 《深圳数据交易所有限公司数据产权登记合规审核指引(试行)》(SZDEX Provisional Guidelines on Compliance Review for Data Property-Rights Registration, the “Review Guidelines”) — rather than a national standard, because no authoritative national registration rules have been issued yet. SZDEX’s framework therefore sets a de-facto practitioner baseline. Readers should treat this as an account of how one leading registrar currently operates, not as binding national law.

Why 91 per cent of first submissions fail

SZDEX launched its data property-rights registration (数据产权登记) platform on 4 November 2024 to provide registration services for data resources (not including public-data resources held by government bodies), data products, and data assets. The authors report that, based on internal statistics, 91 per cent of applicants are rejected on their first submission. That figure is the practical motivation for the guide: the platform’s internal staff were themselves asking reviewers “why do you keep rejecting things — what exactly are you checking?”

The answer, as the authors explain, comes down to three questions. First: does the subject-matter fall within the accepted registration scope? Second: can the applicant demonstrate genuine entitlement to the rights being claimed? Third: are the submitted materials complete, consistent, and free of internal contradiction?

The data property-rights registration guide and the data-foundation-system opinions provide the national-level framework; SZDEX’s own Registration Measures and Review Guidelines operationalise that framework at the platform level. Both sets of instruments ground the analysis in this brief.

Gate one — what can and cannot be registered

The Registration Measures define a clear perimeter for what SZDEX will accept. Four categories fall outside the scope and trigger automatic rejection:

  • Data tools and data services are not registrable. Only data resources (数据资源) and data products (数据产品) may be submitted. An applicant who submits a software tool or a service arrangement rather than a dataset or processed product will be turned away.
  • Future data is not registrable. The subject-matter must be data that has already been formed; anticipated data collections or projected outputs do not qualify.
  • Unprocessed public-data resources are not registrable, nor are public-data resources that have not been through an authorised-operation (授权运营) arrangement. Only public-data products that have cleared the authorisation-and-operation pathway may be submitted.
  • The holding right (数据持有权) cannot be registered for authorised-operation public-data products. Applicants in that category may claim only data use-right (数据使用权) and data operating-right (数据经营权).

The practical message for applicants: characterise the subject-matter carefully before applying. A dataset, processed product, and data service may all feel similar from a commercial standpoint but are treated very differently by the registrar.

Gate two — the three rights and who holds them

The second and substantively most complex review gate is entitlement. The authors begin by clearing up three misconceptions they say are common among first-time applicants.

There is no such thing as “data ownership.” The authors are pointed on this: no Chinese legal instrument has ever used the term 数据所有权 (data ownership). The framework established by China’s “Data Twenty Articles” (数据二十条, the 2022 opinions on building the data-foundation system that underpin the data-foundation-system opinions) introduced a structurally-divided (结构性分置) property-rights model. The reason is conceptual: data’s characteristics — replicability, non-rivalry, non-excludability, non-consumption — make it incompatible with the traditional ownership framework applicable to physical objects. Instead of ownership, the system extracts the functionally important entitlements from the data-development lifecycle: access, processing, use, and transfer.

The three rights are independent — they do not derive from each other. An earlier reading held that the holding-right (持有权) was foundational and automatically conferred use-right and operating-right, mirroring the way civil-law ownership encompasses use and disposal. The authors say this is wrong. Under both the National Data Administration’s second-batch glossary on data-domain terminology (数据领域常用名词解释(第二批), consultation draft) and the Registration Measures, holding-right means only the right to hold, or to authorise a third party to hold, lawfully obtained data. The entitlement to use or to dispose does not flow automatically from holding. The EU Data Act, which the authors cite by way of comparison, takes a similar approach: a data holder’s technical control (implemented through encryption or smart contracts) does not create absolute exclusivity and is subject to open-flow requirements.

The three rights can be held by the same entity or divided among different entities. A single entity may control the entire chain from holding to operating; or different parties may each hold different rights. In collaborative or authorised-operation scenarios, contractual arrangements among the parties determine the allocation.

Entitlement analysis depends on how the data was obtained. The authors set out a four-pathway analysis:

  1. Self-generated data. The applicant holds all three rights simultaneously — holding, use, and operating. However, reviewers will look for any underlying authorisation: if the data was collected during a government-commissioned project, for example, the project agreement may contain terms on data ownership or confidentiality that affect the entitlement analysis.

  2. Publicly collected data. The applicant holds use-right and holding-right. Whether operating-right also attaches depends on any public-access restrictions disclosed by the data source. Where the data was obtained from an open-source channel, the applicable open-source licence must be examined; commercial-use restrictions in the licence translate directly into a restriction on operating-right.

  3. Contractually obtained data. The rights the applicant holds depend entirely on what the agreement grants. Reviewers will also check whether the counterparty had the right to grant what the agreement purports to grant — a seller who holds only holding-right and does not hold operating-right cannot validly transfer operating-right to a buyer. The authors compare this to the civil-law concept of unauthorised disposition (无权处分): the transaction may look compliant on its face, but the agreement itself is of uncertain validity.

  4. Derived or transformed data. For data that has been processed from a source dataset to create something new, the reviewers apply a three-part test: (a) the source data was lawfully and compliantly obtained; (b) the processing itself was lawful and compliant, meaning the processing party held use-right; and (c) the derived product is materially different from the source dataset (实质变更). If all three conditions are met, the derived product is treated as self-generated, and the applicant holds all three rights.

This pathway analysis directly parallels the reasoning in the Datatang v. Yinmu data-IP registration case, where the courts had to work through the same chain-of-custody questions when assessing whether a registered data-IP certificate had probative weight.

Gate three — completeness and internal consistency of submitted materials

The third review gate is material quality. The authors identify two principal failure modes.

Inadequate legal opinions. For initial registrations, the Review Guidelines require the legal opinion to address two things: compliance of the registrant (登记主体合规) and compliance of the subject-matter (登记对象合规). Crucially, the lawyer must also analyse the type and completeness of the property rights being claimed and deliver a reasoned conclusion on them. The authors note that lawyers who have previously worked only on transaction-listing compliance evaluations (数据交易标的上市合规评估) may find the property-rights entitlement analysis unfamiliar — that analysis is typically absent from listing opinions, which focus on whether the data can lawfully flow and be traded rather than on which party holds which right.

The authors illustrate with an example. Company A holds a licence from Company B to process B’s data resources into a data product, which A and B jointly sell under a co-signed agreement. A’s product would pass a listing compliance review without difficulty: the flow and commercialisation are authorised. But in the registration context, the reviewer cannot determine from the listing opinion alone whether A holds operating-right — defined under the Registration Measures as the right to dispose of data externally through transfer, licensing, capital contribution, or security arrangement. The specific role A plays in the joint sales agreement needs to be explained and supported. That supplementary analysis is the gap that causes rejections.

SZDEX has published a reference framework (《数据产权登记法律意见书参考框架》) for legal opinion structure, and the authors recommend counsel follow it when preparing registration opinions rather than repurposing listing opinions for a different purpose.

Contradictions and inconsistencies across materials. Material inconsistency is described as the single most common reason for rejection. Two variants appear:

The first is a conflict between the application form and the self-evidencing materials: for example, an agreement governing contractually obtained data contains time-limited or use-restricted rights, but the applicant has filled in no restrictions under the “rights term” and “rights limitations” fields, or has described the data type as enterprise data while the source documents show that personal information is present.

The second is a conflict between the self-evidencing materials and the legal opinion: the reviewer sees two accounts of the same facts that do not align. A common example is a lawyer identifying a data type in the opinion (personal information) that differs from the type the applicant selected in the application form (enterprise data or public data). Another is a lawyer disclosing three data sources in the opinion while the application package contains supporting documents for only one. The authors attribute this pattern to applicants submitting materials as soon as the legal opinion arrives, without first reviewing it against what they have already filed.

The three-fence review model

The source describes SZDEX’s overarching review architecture as a “three-fence” (三道防线) mechanism: applicant self-certification (申请人自证) as the first fence; third-party legal opinion (第三方法律服务机构他证) as the second; and the registrar’s own compliance review as the third and final fence. Whether and to what extent third-party legal service providers must participate is not yet settled across jurisdictions — the authors note that practice varies and will ultimately be resolved by national rules when they emerge. In the current state of play, the registrar’s review is particularly consequential precisely because no authoritative national registration standard has been issued.

Why overseas counsel should care

  • Registration is a pre-condition for data-asset monetisation. Clients who want to list data products on an exchange, securitise data assets, or use data in capital contributions will need a registration certificate with substantive evidential weight. The 91-per-cent rejection rate means most first attempts are wasted without prior preparation — and preparation means understanding the three-gate analysis before the application is filed.
  • “Data ownership” language in commercial agreements is a red flag. The source is unambiguous: the concept does not exist in Chinese law. Agreements drafted by overseas counsel that use “ownership” framing will create friction at the entitlement-analysis stage; contracts should instead allocate the three rights explicitly and confirm which party holds each.
  • Legal opinions need to be purpose-built for registration. Recycling a transaction-listing opinion for a registration application is a known failure mode. Counsel retained for registration work should follow SZDEX’s reference framework and address holding-right, use-right, and operating-right separately, with a chain-of-custody analysis that traces the data back to its source pathway.
  • Contractual due diligence on counterparty entitlement is material. Where client data originates from a purchase agreement, the seller’s own rights profile must be verified up the chain. A seller who lacks operating-right cannot pass operating-right to a buyer — a gap that may not surface until the registration review.

DCC sources

  • Original: 陈一芊、胡婧卓, 《DEXC+专栏|数据产权登记审核,审核员都在想什么?——送上一份数据产权登记合规审核指南》, 深圳数据交易所 DEXC+ 专栏 WeChat Official Account (source).
  • Instruments referenced in source: 《深圳数据交易所有限公司数据产权登记办法(试行)》; 《深圳数据交易所有限公司数据产权登记合规审核指引(试行)》; 《数据产权登记法律意见书参考框架》; data-foundation-system opinions; data property-rights registration guide.

This is an editorial summary, not a translation of Chen Yiqian and Hu Jingzhuo’s piece. Conceptual framings and analytical structure are attributed; any simplification, error of emphasis, or operational extrapolation is DCC’s. Not legal advice.

FILED UNDER

— Not legal advice.

§ SUBSCRIBE

The Monday brief.

One short email every Monday. New briefs on Chinese data-compliance rules from the previous week, with the source law cited.

Opt-in only. Unsubscribe anytime by replying "unsubscribe" to any issue.