Editor’s Note — DCC.
This brief summarises 《DEXC+专栏丨特许经营业务下的公共数据,能用?怎么用?》 by Hu Jingzhuo (胡婧卓) and Chen Yiqian (陈一芊), both Transaction Review Supervisors in the Compliance Department of the Shenzhen Data Exchange. The piece sits squarely in the practical zone DCC tracks from this source: it addresses a compliance gap that practitioners encounter daily but that most legal guidance has not caught up with — what happens when the data a company holds is public data because the company holds a government franchise, rather than because it is a public authority. The authors draw on the 2024 Infrastructure and Public Utility Franchise/Concession Management Measures (《基础设施和公用事业特许经营管理办法(2024)》, hereinafter “the Management Measures”), the Guangdong provincial public-data management rules, and the Futian District authorised-operation pilot to work through two analytical paths for establishing data-use authority.
The core tension the brief resolves is institutional: franchise-generated public data is not freely available to the concession holder just because the holder operates the relevant infrastructure. The legal basis for processing and commercialising it must be traced through the concession agreement itself — or, where the agreement is silent (as most legacy agreements are), through the asset-ownership and revenue provisions of the Management Measures. Overseas counsel advising clients in China’s infrastructure, energy, transport, or urban-services sectors should read this as a practitioner’s checklist, not a theoretical overview.
What counts as a franchise or concession operation, and why does it matter for data?
The 2024 Management Measures define a franchise/concession operation (特许经营, literally “specially-permitted business operation”) as an arrangement in which a government selects a Chinese or foreign legal entity through open competitive process, records the parties’ rights, obligations, and risk allocation in an agreement, and grants that entity the right to invest in, build, and operate designated infrastructure or public utilities for a defined period in exchange for revenue from those operations.
The data-compliance significance of that definition is immediate. Where a concession holder operates infrastructure or public utilities and provides public products or public services under such an agreement, the data generated in that process meets the statutory definition of public data (公共数据) under the Shenzhen Special Economic Zone Data Regulations: data produced or processed by public management and service bodies in the course of performing their public management duties or providing public services. The concession holder is, in regulatory terms, acting in a quasi-governmental capacity when it delivers those services — which means the data produced along the way carries a public-data classification, with all the restrictions and procedural requirements that entails.
The authors give practical examples to anchor the question: can a gas utility (energy franchise) process consumer usage data to build a district-level household consumption dataset or a corporate creditworthiness product based on commercial gas-consumption patterns? Can an urban on-street parking franchise process its parking records to produce a vehicle-flow dataset covering a particular district? These are not hypothetical. They are the routine project types that compliance teams at data exchanges encounter when concession holders approach the market to monetise their operational data.
Two analytical routes when the concession agreement is silent on data
In practice, the authors note, most existing franchise agreements contain no explicit data-ownership or data-use provisions. The regulatory instruments that mandated those agreements were not drafted with data monetisation in mind. That silence does not mean the concession holder has free rein — it means the analysis must proceed through the Management Measures themselves. The authors identify two routes.
Route 1 — Asset ownership. The Management Measures require concession agreements to specify the ownership of assets during the operating period and the handover mechanics when the concession expires. Where an agreement provides that project assets during the concession period belong to the concession holder, that asset-ownership provision can serve as the basis for claiming rights over data resources generated by those assets.
The asset route, however, comes with a significant internal constraint: the same agreements commonly include asset-transfer restriction clauses, under which the concession holder cannot transfer assets used in the project without the implementing authority’s consent. The authors argue that licensing or selling a data product derived from the concession’s operational data — whether delivered via API or as a packaged dataset — may constitute a transfer of data-asset rights (specifically, a transfer of use or ownership rights in the data). If that characterisation is accepted by applying an analogy to the asset-transfer concept in the State-Owned Assets Law (《企业国有资产法》), the concession holder may need the implementing authority’s prior approval before proceeding with any data-product licensing or sales. The prudent approach, the authors state, is to obtain that approval rather than assume it is not required.
Route 2 — Revenue attribution. The Management Measures also provide that, subject to agreement otherwise, efficiency gains, cost reductions, and innovations generated by the concession holder during the operating period belong to the concession holder. The authors read this provision as supporting the concession holder’s entitlement to revenue derived from operating the public data produced during the concession — again, absent a contrary agreement provision.
Taken together, the two routes provide a workable analytical structure, but neither offers a clean, uncontested path to commercialisation. Both are subject to what the specific agreement says, to local regulatory overlays, and — on the asset route — to the latent asset-transfer problem.
The compliance checklist for third-party assessors
The authors set out a three-stage compliance checklist directed at legal advisers conducting data-product compliance assessments for concession holders. It maps onto the standard transaction-review workflow at a data exchange.
Subject-entity compliance. Verify that the concession holder obtained its concession rights through the legally required open competitive process. A concession awarded irregularly — outside the competitive mechanism mandated by the Management Measures — cannot supply a valid legal basis for downstream data use.
Subject-matter compliance. Review the concession agreement carefully for (a) any explicit data-ownership or data-use provisions (if they exist, they govern); (b) any asset-transfer restrictions that could apply to data-product licensing; and (c) any applicable local rules on the development and use of the specific category of public data involved. The local regulatory layer is material: different provinces and cities have adopted varying rules on how public data generated within their jurisdictions may be used, and the concession holder’s geographic scope determines which overlay applies.
Circulation compliance. Address how the expiry of the concession period affects the data product. Most infrastructure PPP-style concessions run for around forty years. When the concession expires and assets revert to the government, do constraints on asset disposal also constrain continued trading in data products derived from those assets? The authors flag this as a point that requires explicit analysis and should not be left to implication.
Franchise-generated public data is not the same as authorised-operation public data
A significant portion of the source article addresses what the authors treat as a conceptual misclassification risk: the tendency to treat franchise- generated public data as already falling within the authorised-operation (公共数据授权运营) framework that has been the subject of extensive piloting across Chinese cities in recent years.
The public-data authorized-operation specifications and related local instruments establish a structured mechanism through which public-data holding bodies — government departments and their equivalents — can authorise designated operators to process and commercialise public data on their behalf. Major models include Beijing’s sector-by-sector dispersed authorisation zones and Shanghai’s centralised model under the Shanghai Data Group.
One view, the authors acknowledge, holds that the authorised-operation framework should be read broadly: any entity that has already obtained government permission to operate infrastructure and provide public services should be regarded as having implicitly received authorisation to process and commercialise the public data generated in that operation. On this reading, franchise-generated data falls within the authorised-operation regime without any further formality.
The authors reject that view and argue for a narrow reading. Their reasoning is structural: the authorised-operation mechanism is designed precisely around the requirement that the government select an operating entity through open competition following defined research and feasibility steps. Collapsing franchise operations into the authorised-operation category would allow concession holders to bypass both the competitive selection process and the pre-authorisation groundwork that the instruments are intended to require. The two regimes have different legal bases, different authorisation mechanisms, and should not be treated as equivalent.
The practical consequence of the authors’ position: a franchise holder that wants to commercialise its public data through an authorised-operation route needs to engage the relevant public-data governing body and obtain a formal authorisation, rather than assuming that its concession agreement already carries that permission.
Local regulatory overlays and the aggregation requirement
The authors draw attention to a further complication that practitioners frequently overlook. Several local governments — notably in Guangdong province — have enacted rules that require public data generated within the jurisdiction to be collected and consolidated into designated government platforms or data repositories (归集要求). Where such a requirement applies, the concession holder’s ability to operate a data-product business directly may be constrained, because the data must flow through the designated consolidation infrastructure first.
Practitioners advising concession holders on data-product development should therefore check two things: whether the relevant locality has adopted a public-data aggregation requirement, and if so, whether that requirement affects the commercial model the client is proposing. A data-product business premised on direct API licensing or direct dataset sales may need to be restructured if the underlying data is required to pass through a government consolidation node.
The forward-looking fix: amend existing agreements, and build the clause into new ones
The authors close with explicit operational guidance directed at the concession holders themselves. Their recommendation is twofold.
For existing concession agreements, they advise supplemental agreement (补充协议) as the mechanism: the concession holder and the implementing authority should negotiate and execute an amendment that explicitly addresses data-ownership, data-use rights, and any consent or approval requirements for data-product development and commercialisation. This is the straightforward path to removing the ambiguity that the asset-silence of most legacy agreements creates.
For future concession projects, they advise that data-rights provisions — including data ownership during the operating period, permitted data-use modalities, any applicable asset-transfer restrictions in the data context, and revenue-attribution rules for data-product sales — should be treated as standard agreement content from the outset, alongside the project-asset, infrastructure, and handover provisions that the Management Measures already require.
Why overseas counsel should care
- Infrastructure-sector clients face a compliance gap that standard data-law analysis misses. Any client holding a Chinese franchise or concession agreement in energy, transport, parking, water, or similar sectors may be sitting on data assets it is treating as ordinary enterprise data when that data is legally public data — subject to a different compliance framework and different commercialisation conditions.
- The asset-transfer risk in concession agreements is live and largely unpriced. Licensing data via API or selling datasets derived from concession-generated data could constitute an asset transfer requiring prior approval from the implementing authority under the agreement. Most legal reviews of data-product transactions do not look inside the concession agreement for this constraint.
- The authorised-operation framework, as it is evolving across Chinese cities, does not automatically cover franchise operations. Clients seeking to commercialise public data through the authorised-operation route need a formal authorisation from the relevant public-data governing body — the concession agreement is not a substitute.
- Local aggregation requirements vary and may block direct commercialisation. The viability of a data-product business depends in part on whether the locality requires the underlying public data to be routed through a government consolidation platform, which may change the available commercialisation models significantly.
DCC sources
- Original: 胡婧卓; 陈一芊 (Hu Jingzhuo; Chen Yiqian), 《DEXC+专栏丨特许经营业务下的公共数据,能用?怎么用?》, 深圳数据交易所 DEXC+ 专栏 WeChat Official Account (source).
- Public-data authorized-operation specifications
- Data foundation system opinions
- 《基础设施和公用事业特许经营管理办法(2024)》(2024 Infrastructure and Public Utility Franchise/Concession Management Measures)
- 《广东省公共数据管理办法》(Guangdong Province Public Data Management Measures)
- 《福田区公共数据授权运营暂行管理办法》(Futian District Provisional Public Data Authorised-Operation Management Measures)
This is an editorial summary, not a translation. Analysis, emphasis, and operational extrapolation are DCC’s. The original authors write in a personal capacity and the piece does not represent the official position of the Shenzhen Data Exchange. Not legal advice.