In the digital era, power is no longer solely defined by territory or military capacity. Data flows, critical infrastructure, and algorithmic and compute capability increasingly shape the contours of sovereignty and dictate the architecture of global power. As China expands its digital reach, both the U.S. and the EU are reassessing long-standing assumptions about openness and interdependence in the Global North. What once may have seemed like a matter of trade or technological preference has now taken on the character of strategic competition and even confrontation.
Centered within this reassessment is not simply the question of what China is building, but how. With national security, industrial policy and governance philosophy increasingly intertwined in Beijing's digital agenda, Europe and the U.S. are reorienting their regulatory frameworks to grapple with China's role in the global digital ecosystem. How they respond could redefine global standards for privacy, data flows and digital trade.
The growth of China's tech sector
Over the past two decades, China has rapidly become a major global technology player. This rise has been deliberate. The government has heavily invested in next-generation technologies, including artificial intelligence, 5G, quantum computing and semiconductors. Strategic plans such as "Made in China 2025" and "China's Digital Silk Road" underscore China's efforts to reduce its dependence on foreign technology and expand its technological influence abroad. These initiatives not only include commercial investments but significant government coordination, subsidies and regulatory alignment as well. Other initiatives such as the "New Generation Artificial Intelligence Development Plan" illustrate the Chinese Communist Party's intention to achieve self-sufficiency and global leadership in these sectors.
Firms like Huawei, Tencent, Alibaba and ByteDance have benefited from favorable domestic policy environments, access to a massive consumer market, and direct or indirect government support. This blending of public and private roles has raised questions in Western governments about the level of autonomy Chinese companies exercise from state influence, particularly in areas with national security implications. Chinese law, notably the 2017 National Intelligence Law, requires organizations and individuals to support intelligence work when requested by the state.
From caution to scrutiny: A regulatory shift in Brussels
Europe's digital strategy has long been grounded in regulatory frameworks and rights-based principles such as data minimization, consumer protection and accountability. The EU General Data Protection Regulation set a global benchmark for privacy standards, but European policymakers have more recently emphasized strategic autonomy in digital infrastructure. Initiatives such as the Digital Services Act, Digital Operational Resilience Act and Cyber Resilience Act reflect a growing recognition that digital systems can be targets for foreign influence or coercion. European leaders have also raised concerns about critical dependencies on non-EU suppliers, especially in terms of telecommunications, cloud computing and semi-conductors. Moreover, there is now a marked shift eastward where digital governance once centered on transatlantic flows and U.S. platform dominance.
The Draghi Report, commissioned by the European Commission to chart a path toward European competitiveness, reflects this evolving stance. While emphasizing digital sovereignty, it pointedly identified the risk of dependencies on authoritarian regimes in sectors such as semiconductors and cloud infrastructure. Similarly, the Letta Report on the EU's single market underlined the need for strategic coherence across digital and industrial policy to secure Europe's technological autonomy.
These reports are not rhetorical exercises; they inform legislative and regulatory efforts already in motion. In January 2025, Italy's data protection authority, the Garante, ordered the Chinese AI startup DeepSeek to block its chatbot in-country after the company failed to address the concerns of Italian regulators. Italy was not alone. Additional countries, including Germany and Belgium, have restricted the use of DeepSeek by government officials or requested the removal of the application from app stores in their country. In July 2025, Ireland's Data Protection Commission opened a second GDPR investigation into TikTok, another Chinese-owned application, over data transfers to China; this follows a prior 530 million euros fine. Although TikTok expanded upon its data governance strategy through the launch of Project Clover which pledged to establish localized data centers in Europe, the core question remains: even if data is stored in the EU, can Chinese-owned companies shield it from Beijing's legal reach?
This pivot is also visible in Brussels' recent use of the Foreign Subsidies Regulation. In April 2024, the European Commission launched its first ex officio probe into Chinese wind turbine subsidies, marking a shift in scrutiny from traditional digital platforms into broader techno-industrial dependencies. The Commission has argued that subsidies like these distort competition within the internal market, threatening the EU's ambition to be a global leader in green technology. Margrethe Vestager, then the Commission's Executive Vice President for A Europe Fit for the Digital Age, succinctly explained, "China is for us simultaneously a partner, an economic competitor, and a systemic rival. And the last two dimensions are increasingly converging." In response, Beijing announced its own investigation into whether the EU has adopted unfair trade practices. The outcome of this investigation could set a precedent for future digital and industrial oversight mechanisms.
The EU's caution toward foreign influence in critical infrastructure dates back to debates surrounding Gazprom and energy dependence in the early 2000s. These concerns have since broadened to include digital platforms, recognizing that data and influence flow more easily through fiber-optic cables and mobile apps than through gas pipelines. A growing number of policymakers in Brussels now support examining the risks of outbound investment screening to digital sectors. In this context, the Digital Services Act and the EU AI Act are not merely frameworks for innovation governance but instruments of geopolitical positioning.
Washington's strategic guardrails
In the U.S., concerns about China's digital rise are less of a shift than an escalation as Washington pursues a path of containment rather than cooperation. This approach has sharpened under successive administrations.
During his first term, President Donald Trump declared a national emergency in May 2019 via Executive Order 13873, citing the threat of foreign adversaries exploiting vulnerabilities in the information and communications technology and services supply chain. Five years later, the Biden administration built upon and expanded this national emergency, issuing Executive Order 14117 on "Preventing Access to Americans' Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern." Executive Order 14117, among other measures, directed the U.S. Department of Justice to develop a regulation to prevent large-scale transfers of sensitive personal and U.S. government-related data. In April 2025 during the second Trump administration, the DOJ's final rule on protecting Americans' sensitive data from foreign adversaries through the Data Security Program went into effect, prohibiting China and other countries of concern access to certain categories of bulk sensitive personal and government-related data.
These moves parallel legislative efforts that target applications and platforms. The 2024 Protecting Americans from Foreign Adversary Controlled Applications Act forced ByteDance to divest from TikTok or face a U.S. ban. After an expedited legal battle, a temporary nationwide shutdown of TikTok occurred in January 2025; President Trump paused this shutdown a day later. At present, ByteDance has until 17 Sept. 2025 to divest or face a ban in the U.S. The TikTok ban reflects a growing willingness to use legislative tools to reshape digital markets based not on performance, but on ownership and strategic control. TikTok's data governance model — including efforts to wall off U.S. user data via Project Texas — seems to have done little to ease congressional scrutiny.
Aside from restricting data flows, the U.S. has also focused on leveraging trade policy to further its containment strategy. Export controls on advanced semiconductors and AI hardware, tightened under the Biden administration and extended by Congress, aimed to curb China's access to frontier technologies. The CHIPS and Science Act further institutionalized this effort by combining domestic industrial policy with explicit restrictions on beneficiary firms expanding operations in China. The Netherlands, under U.S. diplomatic pressure, imposed its own export bans on advanced lithography machines, demonstrating the alignment and effectiveness of allied enforcement.
These measures have only grown in scope. In January 2025, the U.S. Department of Commerce rescinded the Biden-eraFramework for AI Diffusion, a widely criticized tiered approach for access to advanced graphics processing units. In July 2025, the Trump administration reversed a ban on Nvidia's most advanced AI chip sales to China, opting instead for a case-by-case license regime. The White House has since confirmed that Nvidia has agreed that 15% of revenue they receive from selling chips in China will go to the U.S. government. This decision sparked bipartisan questions and backlash, a reflection of the fragmented U.S. policy discourse around these issues.
Infrastructure, influence, and the China question
For both Washington and Brussels, the question is no longer whether China is a technology superpower, but how to govern that reality. The 5G debate crystallized these anxieties and intensified scrutiny of Chinese technology and infrastructure providers.
Huawei, a Chinese telecommunications giant, has been at the center of a multiyear debate over whether its equipment poses security risks. The U.S.-led Clean Network campaign sought to rally allies against the inclusion of Huawei equipment in national telecom infrastructure by arguing that the company's ties to the Chinese government could create potential vulnerabilities to foreign interference.
While not all U.S. allies have adopted a full ban, countries such as the U.K., Sweden and Denmark have implemented restrictions or phased out Huawei components from their core infrastructure. These decisions are not solely based on known technical backdoors. Rather, they reflect broader concerns about long-term dependency on suppliers governed by a foreign legal and political system that markedly differs from that of liberal democracies.
More than mere security assessments, these decisions reflect an emerging consensus that critical infrastructure policy must consider not just technical performance, but also the legal and political context in which suppliers operate. In China's case, the 2017 National Intelligence Law, which obliges companies to assist state intelligence efforts, has amplified Western concerns that Chinese commercial actors cannot be disentangled from state imperatives. The U.S. government has been especially vocal in its concerns that Chinese technology firms could be compelled to share sensitive data or assist in surveillance activities. Chinese officials and companies have repeatedly denied these claims.
In addition to these generalized concerns, a growing number of cybersecurity incidents have been linked to actors based in China. These include large-scale cyber espionage efforts targeting government agencies, intellectual property theft and alleged attempts to access critical infrastructure. Two examples of these efforts include the 2015 breach of the U.S. Office of Personnel Management that compromised data on over 21 million individuals and the 2021 exploitation of Microsoft Exchange Server vulnerabilities that affected tens of thousands of organizations globally. Cybersecurity threats are global and not unique to any one country. Beijing consistently denies involvement in these incidents and argues that it is also a victim of cyberattacks. Nevertheless, Western intelligence agencies increasingly view China's cyber activities as a form of strategic competition with a range of purposes: from espionage and intellectual property theft to efforts to shape political discourse abroad.
A geopolitical reframing of digital norms
The tension shift underway in the EU and U.S. reflects more than a reaction to specific threats. It marks a deeper transformation in how digital governance is conceived. For decades, liberal democracies assumed that openness and market-based regulation would naturally foster alignment. That assumption is fraying.
Beijing's concept of cyber sovereignty — where states maintain full control over their domestic internet and information space — is antithetical to the multi-stakeholder, rights-based frameworks generally championed in Western capitals. It should thus come as no surprise that policymakers in liberal democracies have made considerable efforts to close ranks.
China's growing role in shaping the digital landscape of developing countries may be among the most consequential and least visible aspects of its global strategy. While much attention has focused on its domestic surveillance model or disputes over integrated technology, the broader effort to build and influence digital ecosystems in the Global South could define the global information order in the coming decades. This will be especially true should the Global North's concerns become reality.
This also explains why China's digital infrastructure initiatives in developing nations have begun to shape EU and U.S. policy. The concern is not only the export of technology, but the silent diffusion of governance norms embedded within it.
Still, as these systems become more deeply embedded, concerns grow over the loss of local control, opacity of contracts, and long-term costs of vendor lock-in. In response, several Western governments and multilateral organizations have launched alternative financing mechanisms to compete with the Digital Silk Road. For example, the G7's "Partnership for Global Infrastructure and Investment" and the EU's "Global Gateway" initiative both seek to provide transparent, values-based infrastructure support as alternatives. These Western initiatives have begun to show tangible results. The Global Gateway, for example, aims to have high speed and diversified data connectivity along the EU-Africa-India digital corridor operational by the end of 2025. But these efforts also underscore a broader recognition: what happens in Nairobi or Gaborone may well determine the future of digital rights in New York or Prague.
Guardrails, not walls
As Europe and the U.S. confront the digital implications of China's rise, they do so from different institutional traditions. Yet, their trajectories are converging. Both are building legal, economic and infrastructural guardrails to navigate a world where openness may no longer be the desirable default.
For China, its ascent in the digital space reflects decades of investment, planning and a desire to shape its own path in a global system historically dominated by Western powers. It also reflects a distinct political vision wherein the state plays a central role in shaping the flow and use of information.
The growing attention that the EU and U.S. are paying to China's digital influence reflects a confluence of political history, strategic competition and technological transformation. They are not solely rooted in ideology or mistrust but are set in an evolving recognition that technology and geopolitics are increasingly intertwined. Practically, this translates to more complexity and consequences in the work of digital responsibility professionals who are themselves becoming digital policy diplomats and translators for their organizations.
Cheryl Saniuk-Heinig, CIPP/E, CIPP/US, is a former research and insights analyst at the IAPP.
