Editor’s Note — DCC.
The Data 20 Articles (December 2022) introduced what is, by some distance, the most architecturally distinctive concept in Chinese data law: structural separation of data property rights (数据产权结构性 分置) into three independently transferable rights — the right to hold (持有权), the right to use (使用权), and the right to operate (经营权). Overseas counsel asked to map this onto familiar Western frameworks (ownership, license, sublicense; or copyright’s separable bundle of rights) usually find no clean analogue. The Data 20 Articles policy text itself is dense and abstract.
This NDA policy interpretation is the regulator walking through the framework in plain language with operational examples. DCC reproduces NDA’s three illustrative scenarios — the group-company data subsidiary, the hospital-pharma research pool, the data-broker commission arrangement — and the four-part rationale for the design, with our framing for overseas counsel. The examples are NDA’s; the framing around how this maps to existing transactional vocabulary is DCC’s.
The Data 20 Articles set the architecture; this interpretation explains the picks
In December 2022 the CPC Central Committee and the State Council jointly issued the Opinions on Building a Basic Data System to Better Play the Role of Data Elements (the “Data 20 Articles” or 数据二十条). Article III instructed regulators to explore a structural separation system for data property rights: instead of a unitary “data ownership” right, the regime would recognize three independently severable rights — to hold, to use, and to operate data — and would assign them to different parties depending on the data’s source and the activities each party performs.
In the three-and-a-half years since, the structural-separation principle has anchored a sequence of downstream rules:
- Data resource registration (NDA, December 2024) — administrative registration of data resources, naming a “registrant” who is typically the data holder.
- Public data authorized operation specifications (NDA, October 2024) — the holder / operator distinction in public-data licensing.
- Data property rights registration work guide (draft) (NDA, May 2025) — a draft framework for registering each of the three rights separately, with eight ownership-clarity rules and five registration types. (See DCC’s brief on what data registration actually confirms.)
- FTZ data-circulation negative lists — the operating mechanism for cross-border movement of data falling within a negative-list category.
Each of these downstream rules assumes the structural-separation vocabulary. Overseas counsel encountering, say, the Beijing FTZ negative list or a public-data authorized-operation agreement will see references to “holder,” “use right,” and “operating right” as though they were settled categories — and find no clean definitional source in the policy text.
This NDA policy interpretation is the closest thing to a definitional source. It is also unusually clear by Chinese-regulator standards, with three worked examples that map directly onto recognizable commercial arrangements.
What each of the three rights actually means
NDA defines the three rights as follows.
Right to hold (持有权)
The right to hold lawfully acquired data — directly or through a custodian — and to be protected against third parties stealing, tampering with, leaking, or destroying that data.
NDA’s illustrative scenario: a large corporate group stands up a data-tech subsidiary (数科公司, common abbreviation for 数据科技子公司) and instructs it to consolidate, store, and maintain all group data and to provide unified data services. The group structures the arrangement so the holding right is allocated to the data-tech subsidiary.
For overseas counsel, this is closest to a custodianship right — a right against the world to keep what one lawfully possesses, with a defensive perimeter against intrusion. It does not entail a right to use or to commercialize. Group A in NDA’s example holds; whether it may use the data or operate (commercialize) it is a separate question, allocated by separate rights.
Right to use (使用权)
The right to process, aggregate, analyze, etc. the data — for the right-holder’s own production or operations, or to produce derivative data.
NDA’s illustrative scenario: a hospital builds a data resource pool with PI safeguards in place and permits pharmaceutical R&D companies to enter the pool to perform analytical work and develop new products. The hospital grants the pharma companies the use right only — not the holding right (the data stays under the hospital’s control) and not the operating right (the pharma may not on-sell). This compartmentalization, NDA says, “secures data safety while allowing more parties to participate in releasing data-element value.”
For overseas counsel, this maps roughly to a scoped license to process — close to GDPR-style processor terms, but unbundled from any custodial or commercial-distribution permission.
Right to operate (经营权)
The right to transfer, license, capitalize, or pledge data — i.e., to commercialize. The right may be exercised on a paid or free basis. It is the right to bring the data to market.
NDA’s illustrative scenario: an enterprise wants a data broker (数据中介机构) to sell its data, but worries about losing control of the underlying data set. The enterprise grants the broker the operating right only — the broker may take the data to market and negotiate transactions on the enterprise’s behalf, but does not itself hold or use the data. Once a buyer is identified and creditworthiness verified, the data supplier provides the data directly.
For overseas counsel, this is closest to a distribution / commercialization right, severed from possession and processing — somewhat analogous to a music publisher’s role in licensing master rights without holding the masters.
How the three rights relate
NDA emphasizes two structural properties of the framework that are worth flagging because they cut against intuitions from Western IP and property law.
Severability — same party may hold all, one, or some. A single party can hold all three rights simultaneously, or just one or two, in any combination. NDA’s example: in a data-fusion arrangement, a data-space operator partners with multiple OEMs and suppliers to jointly develop fused data sets. The parties can contract for joint holding and joint use rights, with a single party holding the operating right (i.e., one party authorized to take the fused data to market). Or all parties may jointly hold all three. The Data 20 Articles framework does not impose a default allocation — it gives parties a structured vocabulary in which to negotiate.
Non-exclusivity — multiple parties may hold the same right over the same data. This is the property that most surprises overseas counsel. NDA’s two examples:
- A party that lawfully holds all three rights over a data set may copy the data and provide the copy to a counterparty with corresponding authorization. Both parties now hold all three rights over the same underlying data, non-exclusively. Neither’s rights derogate from the other’s.
- A party that builds a trusted data space (可信数据空间) infrastructure may authorize multiple downstream parties to use data within the space. All authorized parties simultaneously hold the use right over the same data set, non-exclusively.
The intuition behind the design — and this is the part NDA most wants overseas readers to absorb — is that data is not naturally rivalrous. Two parties using a data set for different downstream applications do not deprive each other of the underlying resource. The legal regime, NDA argues, should reflect that natural property rather than artificially impose exclusivity. (Contrast traditional real property: only one party may possess a piece of land at any time; the right is naturally exclusive.)
Why structural separation was chosen — NDA’s four-part rationale
NDA gives four reasons for the design choice.
Reason 1 — Reflect the multi-party-creation nature of data
Data is “co-created by multiple parties.” NDA’s example: a consumer’s transaction data on an e-commerce platform involves the consumer, the merchant, the logistics company, the payment provider, and the platform itself. Each party contributed something — the consumer provided the underlying transactional act, the merchant the product information, the logistics company the delivery data, the payment provider the settlement record, the platform the matching infrastructure. Asking “who owns the transaction data” is unproductive: the answer is “all of them, in different respects.”
The structural-separation framework lets the regime move past that question. Instead of debating who owns the data, parties debate who has which right over which data set in which scenario. NDA’s phrasing: “shift the focus from arguing about whose data it is to how the data should be used.”
Reason 2 — Capture the multiplier effect of data elements
Data has low replication cost. The same data set can be reused by many parties at near-zero marginal cost, with each use generating different value. This “data multiplier effect” (数据要素乘数效应) is, in NDA’s view, a primary source of the value uplift the regime is trying to unlock.
A unitary-ownership framework — where granting use to one party blocks use by another — would suppress the multiplier effect. The non-exclusive, three-rights structure preserves it: many parties can hold the same use right over the same data simultaneously, each generating distinct downstream value.
Reason 3 — Leave development room for new business models
Data is a “young” element. The technology, industries, and market structures are all evolving. NDA does not want to lock the regime into commercial models that fit the 2026 landscape but constrain 2030 innovation.
A structurally separated three-rights framework, NDA argues, lets each market participant describe their own rights content in the vocabulary appropriate to their arrangement, rather than forcing every commercial structure through a single-template ownership concept. The regime accommodates rather than dictates.
Reason 4 — Enable definitive resolution of disputes
The fourth — least emphasized but practically important — reason is dispute resolution. Disputes over data assets in current Chinese commercial practice frequently founder on the question of “who owns the data” because that question has no clean legal answer under existing IP and property frameworks. The three-rights structure provides a vocabulary in which a court can find a specific party has the holding right, a different party has the use right within a defined scope, and a third party has a non-exclusive use right under a separate license — and adjudicate accordingly. (For an illustration of how the Supreme People’s Court is starting to apply this analytical structure, see DCC’s brief on SPC’s 14 data-dispute case categories.)
What this tells overseas compliance teams
Five operational implications stand out.
-
The three-rights vocabulary is the operating vocabulary for every downstream Chinese data rule. Treat it as terms of art, not approximations. When a contract or rule refers to “holding right,” “use right,” or “operating right,” each term has a definitionally distinct scope. Counsel mapping these onto a Western license-grant template will lose precision.
-
Severability + non-exclusivity creates contracting flexibility most Western IP frameworks don’t. A multinational structuring a data-collaboration with a Chinese partner can negotiate granular allocations: hold-only here, use-only there, operating right reserved to a joint vehicle. There is no formal rule that one of the three rights “follows” the others. Treat each right as separately negotiable.
-
Data-tech subsidiaries (数科公司) are the canonical holding-right structure for Chinese corporate groups. Where a multinational’s Chinese affiliate sets up — or interacts with — a 数科公司, treat it as the holding-right node; use and operating rights for specific data sets typically sit elsewhere in the group, allocated by intra-group agreement.
-
Trusted-data-space arrangements are the canonical multi-party use-right structure. Where a Chinese counterparty proposes a “trusted data space” (可信数据空间) collaboration, the framework assumes all participants will hold non-exclusive use rights inside the space, with the holding right typically sitting with the space operator. Map your own internal classification accordingly.
-
The Data Property Rights Registration framework will codify the three-rights vocabulary in registrations. Once NDA’s Data Property Rights Registration Work Guide moves from draft to final, registered rights certificates will identify which of the three rights are being registered, by whom, over which data set. Compliance teams should expect Chinese counterparties to begin referencing registration certificates in transactional due diligence and contracting from 2027 onward.
The deeper point of NDA’s piece is that the three-rights structure is not a translation of a Western framework into Chinese vocabulary. It is an attempt at a data-native property concept, designed against the actual properties of digital information (non-rivalry, multi-party creation, low replication cost, derivative-generation capability). Whether the design will work in practice — i.e., whether courts and market actors will operationalize it cleanly — is the open question of the next five years. The intellectual ambition of the design is real, and NDA’s interpretation is the clearest available statement of what the regulator thinks it is building.
— 国家数据局, 政策解读 | 如何理解数据产权结构性分置 (Policy Interpretation: Understanding Structural Separation of Data Property Rights), 国家数据局 WeChat Official Account. Original article (Chinese).
Not legal advice. The above is DCC’s structured summary of NDA’s policy interpretation, with framing for overseas counsel; the illustrative scenarios and four-part rationale are NDA’s.