> **来源:[研报客](https://pc.yanbaoke.cn)** © 2026, United Nations All rights reserved worldwide Requests to reproduce excerpts or to photocopy should be addressed to the Copyright Clearance Center at copyright.com. All other queries on rights and licences, including subsidiary rights, should be addressed to: United Nations Publications 405 East 42nd Street New York, New York 10017 United States of America Email: publications@un.org Website: https://shop.un.org The designations employed and the presentation of material on any map in this work do not imply the expression of any opinion whatsoever on the part of the United Nations concerning the legal status of any country, territory, city or area or of its authorities, or concerning the delimitation of its frontiers or boundaries. Mention of any firm or licensed process does not imply the endorsement of the United Nations. United Nations publication issued by the United Nations Conference on Trade and Development UNCTAD/DIAE/PCB/2025/4 ISBN: 978-92-1-154633-0 eISBN: 978-92-1-157543-9 Sales No. E.26.II.D.1 # Acknowledgements This report was prepared, under the overall guidance of Nan Li Collins, Director of the UNCTAD Division on Investment and Enterprise, by a report team under the supervision of Hamed El Kady, Chantal Dupasquier and Massimo Meloni and comprised of Kiyoshi Adachi, Helena Afonso, Vincent Beyer, Mathilde Closset, Maha El Masri, Anastasia Leskova, Guoyong Liang and Louise Malingrey. UNCTAD extends its appreciation for the cooperation of the International Telecommunication Union, which provided access to the database of national digital strategies and their data, namely the ICT Regulatory Tracker and Fifth Generation Digital Collaborative Regulation. UNCTAD gratefully acknowledges the valuable research information provided by the Digital Policy Alert initiative of the St. Gallen Endowment for Prosperity through Trade. # Table of contents # Abbreviations # Note 1 # Introduction 2 # I. Shaping the foundations: data governance, intellectual property and competition 5 A. National, regional and sectoral digital strategies 7 B. Data governance, intellectual property and competition 9 1. Data governance 9 2. Intellectual property 15 3. Competition 17 # II. Stimulating investment 23 A. Openness to FDI 25 B. Investment facilitation 29 C. Investment promotion 32 # III. Fostering impact 37 A. Digital local content 39 B. Taxation 41 C.Environment 46 D. Digital skills and linkages 48 E. Other aspects of international investment agreements for sustainable development 51 # Annex: summary of policy guidance 55 # Bibliography 59 # Boxes # Box I.1. Cross-border data transfer and localization requirements 11 # Box I.2. Investment and innovation in the digital economy: the experience of China with intellectual property legislation 16 # Box I.3. Digital market frameworks 19 # Box III.1. Local content obligations in digital sectors 40 # Box III.2. Nigeria's VAT reform for e-commerce and digital transactions 44 # Figures Figure 1. Mapping the digital economy for investment analysis 3 Figure 2. Policies for the digital economy matter 4 Figure I.1. Countries are active in the adoption of data governance policies 10 Figure I.2. Provisions on the free flow of data are gaining importance 13 Figure I.3. Gaps remain in the adoption of WIPO treaties 15 Figure I.4. Competition measures focus on abuse of dominance in all countries 18 Figure I.5. Top 15 countries have a strong competition institutional framework 21 Figure II.1. An important share of screened projects in digital sectors 25 Figure II.2. Restrictions in digital economy-related sectors are more in media and telecommunications and consist mostly of foreign equity limits .. 27 Figure II.3. A significant share of WTO members liberalized market access for FDI in selected digital services 28 Figure II.4. Facilitation is the second most used promotional digital measure 30 Figure II.5. Most digital investment facilitation measures targeted streamlining 30 Figure II.6. Top 15 countries' IPAs promote a wide range of digital economy subsectors 34 Figure II.7. Developing countries emphasize more incentives for digital infrastructure than developed ones 35 Figure III.1. Developed and developing countries are actively regulating content moderation 39 Figure III.2. Digital economy-specific taxes are implemented more widely by developed and top 15 countries than developing economies and LDCs ... 42 Figure III.3. Developing countries take a more cross-cutting approach to digital tax policy measures 43 Figure III.4. E-waste regulations have been implemented in a third of LDCs and less than half of developing countries as opposed to nearly all developed countries 47 Figure III.5. Development-focused provisions are scarce in treaties regulating the digital economy 53 # Abbreviations <table><tr><td>AfCTA</td><td>African Continental Free Trade Agreement</td></tr><tr><td>AI</td><td>artificial intelligence</td></tr><tr><td>APEXBrazil</td><td>Brazilian Trade and Investment Promotion Agency</td></tr><tr><td>ASEAN</td><td>Association of Southeast Asian Nations</td></tr><tr><td>BCR</td><td>binding corporate rule</td></tr><tr><td>BEPS</td><td>base erosion and profit shifting</td></tr><tr><td>BPO</td><td>business process outsourcing</td></tr><tr><td>CIT</td><td>corporate income tax</td></tr><tr><td>CINDE</td><td>Costa Rican Investment Promotion Agency</td></tr><tr><td>CNIPA</td><td>China National Intellectual Property Administration</td></tr><tr><td>DMA</td><td>Digital Markets Act</td></tr><tr><td>DSA</td><td>digital service tax</td></tr><tr><td>EU</td><td>European Union</td></tr><tr><td>FDI</td><td>foreign direct investment</td></tr><tr><td>G5 Benchmark</td><td>Benchmark for Fifth Generation Digital Collaborative Regulation</td></tr><tr><td>GATS</td><td>General Agreement on Trade in Services</td></tr><tr><td>GDP</td><td>gross domestic product</td></tr><tr><td>GDPR</td><td>General Data Protection Regulation</td></tr><tr><td>IIA</td><td>international investment agreement</td></tr><tr><td>IBFD</td><td>International Bureau of Fiscal Documentation</td></tr><tr><td>ICT</td><td>information and communication technology</td></tr><tr><td>IOM</td><td>International Organization for Migration</td></tr><tr><td>IoT</td><td>Internet of things</td></tr><tr><td>IP</td><td>intellectual property</td></tr><tr><td>IPA</td><td>investment promotion agency</td></tr><tr><td>IPFSD</td><td>Investment Policy Framework for Sustainable Development</td></tr><tr><td>ISDS</td><td>investor-State dispute settlement</td></tr><tr><td>IT</td><td>information technology</td></tr><tr><td>LDC</td><td>least developed country</td></tr><tr><td>MCC</td><td>model contractual clause</td></tr><tr><td>MNE</td><td>multinational enterprise</td></tr><tr><td>OECD</td><td>Organisation for Economic Co-operation and Development</td></tr><tr><td>PPP</td><td>public-private partnership</td></tr><tr><td>ProColombia</td><td>Promotion of Trade, Investment, and Tourism of Colombia</td></tr><tr><td>Procomer</td><td>Costa Rican Foreign Trade Promotion Agency</td></tr><tr><td>ProInversion</td><td>Peru Private Investment Promotion Agency</td></tr><tr><td>R&D</td><td>research and development</td></tr><tr><td>SCC</td><td>standard contractual clause</td></tr><tr><td>SDGs</td><td>Sustainable Development Goals</td></tr><tr><td>SEP</td><td>significant economic presence</td></tr><tr><td>SEZ</td><td>special economic zone</td></tr><tr><td>SME</td><td>small and medium-sized enterprise</td></tr><tr><td>TRIPS</td><td>Trade-Related Aspects of Intellectual Property Rights</td></tr><tr><td>TVET</td><td>technical and vocational education and training</td></tr><tr><td>UNCTAD</td><td>United Nations Conference on Trade and Development</td></tr><tr><td>VAT</td><td>value-added tax</td></tr><tr><td>VUCEM</td><td>Ventanilla Única de Comercio Exterior Mexicana</td></tr><tr><td>WIPO</td><td>World Intellectual Property Organization</td></tr><tr><td>WIR25</td><td>World Investment Report 2025</td></tr><tr><td>WTO</td><td>World Trade Organization</td></tr></table> # Note Under its overall mandate on trade and development, the United Nations Conference on Trade and Development (UNCTAD) serves as the focal point within the United Nations Secretariat for all matters related to foreign direct investment. Its work is carried out through intergovernmental deliberations, research and analysis, technical assistance activities, seminars, workshops and conferences. The following symbols have been used in the tables: - Two dots (. ) indicate that data are not available or not separately reported. Rows in tables have been omitted in those cases where no data are available for any of the elements in the row. - A hyphen (-) indicates that the item is equal to zero or its value is negligible. - A blank in a table indicates that the item is not applicable. A slash (/) between dates representing years – for example 2023/24 indicates a financial year. - Use of an end dash (-) between dates representing years – for example 2023–2024 signifies the full period involved, including the beginning and end years. - Reference to "dollars" ($) means United States dollars, unless otherwise indicated. - Annual rates of growth or change, unless otherwise stated, refer to annual compound rates. - Details and percentages in tables do not necessarily add to totals because of rounding. # Introduction The digital economy has become a major driving force for global growth. It is expected to represent more than two-thirds of new value creation in the next decade, with an estimated annual growth rate between 10 to 12 per cent, significantly higher than that of global gross domestic product (GDP) (UNCTAD, 2025a). In developing countries, it is increasingly recognized as a key driver of productivity, innovation and sustainable development (UNCTAD, 2025b). The United Nations Conference on Trade and Development (UNCTAD)'s World Investment Report 2025 (WIR25) focused on international investment in the digital economy. It analyses foreign direct investment (FDI) trends, drivers and policy determinants, concentrating primarily on the narrow scope digital economy, as defined in figure 1 (UNCTAD, 2025a). The report recommends strategic policy measures for governments, partners and stakeholders to attract and leverage FDI in the digital economy, in line with the Sustainable Development Goals (SDGs) and commitments under the Global Digital Compact and the Pact for the Future adopted in 2024. FDI plays a critical role in the growth of the digital economy but remains unevenly distributed. Large multinational enterprises (MNEs) dominate cross-border investment in digital sectors, with the top 20 players mostly from China and the United States. Cross-border mergers and acquisitions in the technology sector have averaged nearly $1 trillion annually over the past decade, but less than 15 per cent have involved companies from developing countries. Greenfield investment is also concentrated. Between 2020 and 2024, developing countries attracted a total of $531 billion in announced greenfield projects in the digital economy, nearly 80 per cent of which were directed to 10 countries.<sup>1</sup> The United States is the leading source of greenfield investment (36 per cent), though South-South investment is also increasing, with China, Taiwan Province of China and Singapore representing 27 per cent of the total. # This uneven distribution extends to the sectoral level, reinforcing the digital divide. Between 2020 and 2024, developing countries attracted a total of $531 billion in announced greenfield projects in the digital economy, nearly 80 percent of which were directed to 10 countries Greenfield investment in digital services in developing countries rose from $6 billion in 2020 to$ 37 billion in 2024. However, this expansion is unevenly distributed: only 18 fintech projects were announced in Africa in 2024 against 206 in developing Asia. Greenfield investment in digital equipment manufacturing is concentrated in Asia, while Africa and Latin America play a marginal role. The infrastructure investment gap that fuels the digital divide is estimated at $1.6 trillion (ITU, 2025). Yet, greenfield investment in information and communication technology (ICT) reached $15 billion in 2024, far below the $61 billion needed annually, leaving regions like sub-Saharan Africa severely underserved. For instance, least developed countries (LDCs) account for 3 percent of the total investment in data centres. Policies for the digital economy matter. Investors prioritize transparent, stable and predictable policy environments, access to digital skills and talent, as well as supportive regulations for the development of the sector (Stephenson, 2020). Experience from a diverse group of developing countries confirms that the quality of digital policy frameworks plays a pivotal role in attracting investment. In other words, countries with mature digital economy frameworks tend to attract more FDI in the digital sectors (figure 2). While investment in the digital economy offers opportunities for skills development, innovation and revenue generation, it also raises challenges for governments, for example the environmental impact from data centres, risks of market concentration by dominant digital firms and concerns over control of strategic digital assets. Realizing the benefits from FDI in the digital economy therefore requires targeted and forward-looking policy frameworks that balance investor needs with broader development goals. This toolkit reflects policy lessons from developed and developing countries. It builds on the mapping of 101 national digital strategies and on the analysis of investment policy trends drawn from the UNCTAD Investment Policy Monitor database and the Digital Policy Alert initiative of the St. Gallen Endowment for Prosperity through Trade (UNCTAD, 2025a and 2025b). It also draws on the experience of 15 developing countries with mature regulatory frameworks for telecommunications and digital markets, and significant FDI presence in the digital economy. These countries are Armenia, Brazil, Colombia, Costa Rica, Kenya, Mexico, Nigeria, Rwanda, Pakistan, Peru, Saudi Arabia, Singapore, South Africa, Thailand and Türkiye. They are referred to in this document as the "top 15 countries". Policies for the digital economy matter Figure 1. Mapping the digital economy for investment analysis Source: UNCTAD, based on various sources. Abbreviations: AI, artificial intelligence; ICT, information and communication technology. The toolkit aims to provide policymakers with concrete guidance on policies for international investment in the digital economy. It expands on the analysis presented in WIR25, which examined strategic policy approaches. This publication adds further analysis by distilling policy lessons and presenting practical, action-oriented guidance detailing the WIR25 recommendations.<sup>3</sup> By highlighting good practices in policies to promote investment in the digital economy, this toolkit also directly contributes to the Digital Infrastructure Investment Catalyster, launched by the ITU and UNCTAD at the Fourth International Conference on Financing for Development and endorsed by the Sevilla Platform for Action.<sup>4</sup> The policy guidance is summarized in the annex. # Figure 2. Policies for the digital economy matter Relationship between digital FDI and policy score (Developing countries by region, size of circle is proportional to nominal GDP) Source: UNCTAD. Note: Digital FDI is the natural logarithm of total announced cross-border investment in the digital economy accumulated between 2015 and 2024. Policy score is the combined score from the latest ICT Regulatory Tracker and G5 Benchmark from the International Telecommunication Union (ITU). The data are based on 122 developing countries. The relationship between the policy score and digital FDI attraction, though smaller, remains positive when considering digital FDI projects as a share of total announced FDI projects or digital FDI over GDP. # I. Shaping the foundations: data governance, intellectual property and competition # A. National, regional and sectoral digital strategies # Digital strategies help shape the enabling environment for the digital economy and attract investment. At the regional level, they can promote policy harmonization, interoperability and joint infrastructure initiatives that enhance investment attractiveness. At the national level, they provide a roadmap for digital transformation, signalling commitment and offering transparency and predictability, both crucial for investment in the digital economy. When all relevant institutions are involved in design and implementation, they also enable a coordinated approach. At the sectoral level, targeted strategies for emerging technologies and industries, such as artificial intelligence (AI), data centres or semiconductors, help clarify priorities, regulatory requirements and sustainability standards, thereby supporting investment. Country experiences # All regional strategies promote interconnectivity and regional integration, but they differ in investment focus and national uptake. The African Union's Digital Transformation Strategy prioritizes blended finance, public-private partnerships (PPPs) and infrastructure investment. In Asia, the Central Asia Regional Economic Cooperation and the Association of Southeast Asian Nations (ASEAN) strategies promote investment through regulatory alignment and interoperability. In Latin America and the Caribbean, eLAC2026 addresses investment mainly through enabling conditions. The European Union (EU) combines strong investment provisions with binding requirements, ensuring full alignment at the national level. In developing countries, uptake at the national level remains uneven, limiting the capacity of regional strategies to generate consistent investment signals across countries. While 70 per cent of countries in Latin America and the Caribbean reference them in their national strategies, only half of African countries do so (UNCTAD, 2025b). National digital strategies are increasingly prevalent and sophisticated, yet their investment dimension remains limited. Several developing countries that have attracted international investment in the digital economy were early adopters of national digital strategies, including Kenya (2005), Peru (2006), Singapore (2006), Armenia (2008) and Colombia (2010). By 2024, 86 per cent of developing countries and 80 per cent of LDCs had adopted such strategies, up from less than half a decade earlier (UNCTAD, 2025a). Recent strategies are more comprehensive, addressing enabling conditions, such as regulatory frameworks and infrastructure. However, explicit investment targets and promotion measures are uncommon: fewer than half mention FDI, and only 20 per cent refer to investment promotion agencies (IPAs) (section III.C). Furthermore, many strategies lack alignment with broader development, investment, industrial and environmental policies. # The adoption of sector- and technology-specific strategies in developing countries is limited. Strategies for AI, data centres and semiconductors can play a catalytic role in investment attraction by clarifying national priorities, providing regulatory certainty and signalling long term commitment to sector development. For example, AI strategies in Brazil, China, Kenya, Rwanda, Singapore and South Africa are being used to guide talent development and responsible governance, and countries such as Chile, China, Finland, Qatar and Singapore have developed frameworks to address the energy efficiency of data centres (UNCTAD, 2025b). Despite their potential The adoption of sector- and technology-specific strategies in developing countries is limited to mobilize investment, the adoption of sectoral strategies among developing countries is uneven. For instance, by 2023, just 17 per cent of African countries and 24 per cent in Latin America had an AI strategy, compared with three quarters of developed economies. Since then, uptake has accelerated with new strategies in countries such as Côte d'Ivoire (2025), Kenya (2025), Nigeria (2024) and Rwanda (2024), and several others in the pipeline. # Policy lessons 1. Long-term strategic vision and consistent implementation foster more conducive environments for international investment in the digital economy. 2. Digital strategies yield stronger results when integrated with national industrial, infrastructure, trade, education and environmental policies. Linking digital priorities to overall development objectives helps ensure coherence, avoid duplication and reinforce cross-sector synergies. 3. Involving IPAs, digital economy institutions and sectoral ministries in both strategy design and execution enhances coherence and facilitates alignment between regulatory reform, infrastructure development and skills planning. Clear mandates and inter-agency coordination mechanisms promote efficiency and reduce policy fragmentation. 4. Targeted frameworks for emerging sectors such as artificial intelligence, data centres or semiconductors provide clarity on national priorities and regulatory expectations. They also signal long-term commitment and help mobilize investment into high-growth and strategically significant industries. 5. Regional digital strategies can help harmonize regulations, enhance interoperability and foster shared infrastructure. Aligning national frameworks with regional initiatives creates economies of scale and clearer investment signals across borders. # Policy guidance 1. Define priority sectors for investment attraction in the digital economy that support progression along the digital value chain and contribute to broader strategic industrial development goals. 2. Provide key elements to inform investment planning, including the identification of infrastructure gaps and planned regulatory initiatives. 3. Integrate environmental and sustainability considerations in digital strategies. 4. Inform targeted investment promotion efforts by specifying the types of investments and investors that can advance structural transformation and digital upgrading. 5. Reinforce coordination mechanisms to ensure that the IPA, regulatory bodies and digital economy institutions operate with aligned mandates and share implementation responsibilities effectively. 6. Define targeted frameworks for high-growth digital sectors, ensuring clarity on national priorities, regulatory expectations, and investment opportunities. 7. Align national digital investment strategies with regional digital initiatives to leverage economies of scale, facilitate cross-border digital integration, and promote regulatory consistency across countries. # B. Data governance, intellectual property and competition # Data governance, competition and intellectual property are essential pillars of an attractive environment for investment in the digital economy. Data security regulations, copyright laws to protect intellectual property (IP) and data privacy regulations are paramount for investors in new digital activities (Stephenson, 2020). Competition policy also plays a key role in maintaining fair and dynamic markets, preventing monopolistic practices and dominance that can crowd out smaller firms. Together, these policies provide predictability and confidence for investors in the digital economy. # 1. Data governance Country experiences # Data protection and governance remain the leading regulatory priorities worldwide. Data access, protection, transfer and security account for nearly half of all data-related measures in developing countries and 58 per cent in developed ones. Most frameworks define individual data rights, specify the obligations of processors and controllers, and, in developing countries, emphasize establishing and strengthening national data protection authorities for enforcement and compliance (figure I.1). Cybersecurity regulation is also expanding rapidly. These measures represent 28 per cent and 33 per cent of data-related policies adopted in developed and developing countries, respectively, in the last five years. Typical features include criminalization of unauthorized access, designation of enforcement agencies and mandatory compliance measures, such as security standards, periodic risk assessments and incident reporting. Approaches vary according to national capacities and priorities. All countries emphasize risk management, data protection, infrastructure resilience and national security, but developed countries focus on long-term resilience, standardization and emerging threats such as AI security and post-quantum cryptography. Developing countries prioritize cybercrime prevention, critical infrastructure protection, cloud regulation and financial cybersecurity, often through dedicated or strengthened legal frameworks. # Adoption gaps persist in data protection and cybercrime legislation. According to UNCTAD's Cyber Global Tracker, nearly all developed countries and top 15 countries have adopted both frameworks, while only four out of five developing countries and about 60 per cent of LDCs have adopted data protection laws (UNCTAD, 2025a). Cybercrime legislation is more widespread, covering 94 per cent of developing countries and 73 per cent of LDCs. Approaches vary according to national capacities and priorities Figure I.1. Countries are active in the adoption of data governance policies Data governance measures by type and by level of development, 2020-2024 (Percentage) Source: UNCTAD, Investment Policy Monitor and Digital Policy Alert initiative of the St. Gallen Endowment for Prosperity through Trade. Data protection frameworks are well established among the top 15. Nearly all, except Pakistan, have data protection laws and enforcement authorities, with mandatory data breach notification, right to access, correction and, most of the time, erasure, and often data portability. Several countries require a data protection officer, and sanctions range from fines to imprisonment or, in Brazil and Colombia, suspension/closure of operations. Cross-border data transfer regulations are widespread in both developed and developing countries. These measures define the conditions for transferring personal data abroad, often through adequacy decisions, recognition of foreign standards or standard contractual clauses (box I.1). All top 15 countries have introduced measures of this type. Approaches vary in stringency: Saudi Arabia and Türkiye apply strict controls, while Singapore adopts a more flexible regime. Data localization requirements are increasing, particularly in developing countries. Over the past five years, several countries have introduced new or stringent data localization rules. While such measures can encourage domestic data storage and foster the development of local digital infrastructure, overly rigid requirements can potentially discourage investment where infrastructure remains limited (section III.A). Approaches vary depending on national circumstances (UNCTAD, 2021), with many countries opting for sector-specific rules or restrictions on cross-border transfers to address data security and privacy concerns. In practice, most localization measures focus on sensitive or strategic data, such as government, defence, financial, and ICT-related information. Examples among the top 15 countries include requirements applying to payment institutions in Mexico and Türkiye, telecommunications providers in Mexico, social media platforms in Pakistan, and government and financial data in Nigeria and Saudi Arabia. # Box 1.1. # Cross-border data transfer and localization requirements Cross-border data flows form a critical foundation of the digital economy, enabling international business operations, innovation and investment. Countries with restrictive or unclear data transfer policies risk discouraging capital inflows, stifling innovation and limiting long-term economic engagement. Both developed and developing countries employ a range of regulatory models to protect personal data, safeguard national interests and promote accountability in the global data economy. Many have adopted multi-layered regulatory frameworks that incorporate contractual safeguards, regulatory oversight, consent-based mechanisms, data localization requirements and international agreements. The following is an overview of general restrictions and mechanisms used globally: # Data localization requirement Some countries impose data localization rules that require data to be stored or processed within national borders, especially when national security concerns exist. Egypt requires local hosting for classified government data. Viet Nam mandates storage of "core and important" data domestically. Thailand mandates domestic or ASEAN-based data centres for high-risk systems. # Approval or prior notification Countries can mandate prior approval or notification before data can be transferred abroad, particularly when the recipient country lacks an adequate legal framework. For instance, Algeria requires either prior notification or authorization by the data protection authority before data processing or transfer. The Russian Federation requires notification for transfers to adequate countries (see below) and prior approval for others. # Adequacy decisions A country or regional organization may determine that a foreign country ensures a level of personal data protection that is adequate or aligned with its own standards. In such cases, countries with data protection regimes offering an "essentially equivalent" level of protection may be granted adequacy status, thereby removing the requirement for additional safeguards. Under this mechanisms, the EU's General Data Protection Regulation (GDPR) allows for the free flow of personal data from the Union to non-EU countries. # Standard contractual clauses (SCCs) or model contractual clauses (MCCs) SCCs and MCCs are legally binding clauses approved by a data protection authority that ensure data transferred to a third country is adequately protected. Usually, they impose legally binding obligations on both the data exporter and importer to ensure an adequate level of protection. For example, the European Commission published draft SCCs for cross-border data transfers to countries whose privacy protection standards are not considered adequate. # Binding corporate rules (BCRs) BCRs are internal policies used by multinational companies for intra-group transfers. For instance, under the new Personal Data Protection Law No. 6698 of Türkiye binding BCRs are recognized as one of the legal mechanisms for international data transfers. Other mechanisms include certification or sectoral codes of conduct approved by supervisory authorities. These tools allow organizations to demonstrate compliance with data protection standards and can be used as appropriate safeguards for transfers to countries without an adequacy decision, provided they are legally binding and enforceable commitments between the parties. # Multilateral initiatives on data protection are limited and fragmented. The United Nations Global Digital Compact (2024), which sets out commitments on data privacy, security and cross-border flows, is non-legally binding. Other international frameworks, such as article 39 of the World Trade Organization (WTO)'s Trade-Related Aspects of Intellectual Property Rights (TRIPS) Agreement, protect commercially confidential information, but do not cover personal data. At the regional level, the Council of Europe's Convention 108, updated in 2018 as Convention $108+$ , is the only legally binding instrument on data protection. Its membership is, however, limited. The EU GDPR adequacy regime serves as a global reference, shaping conditions for cross-border data flows. Data protection provisions also appear in bilateral and regional trade and investment agreements, promoting alignment with international frameworks and encouraging domestic ones. # International investment agreements (IIAs) increasingly include binding provisions on free data flows and prohibit data localization. Early non binding approaches have given way to stronger commitments over the past decade (figure 1.2). In addition, free flow of data provisions are also included in financial and telecommunications services chapters. For financial services, treaties typically require States to allow data transfer and processing abroad. Regarding telecommunications services, provisions often reflect the World Trade Organization's (WTO) General Agreement on Trade in Services (GATS) Annex on Telecommunications, mandating access to public networks for moving information across borders. # Treaties also increasingly recognize governments' right to restrict data flows or require local storage for reasons such as privacy, data protection or national security. Although no uniform model exists, treaties at times extend coverage of General Agreement on Tariffs and Trade Article XX and GATS Article XIV-style exceptions to provisions on the free flow of data or refer to "legitimate policy objectives", with safeguards against arbitrary measures.[6] Figure 1.2. Provisions on the free flow of data are gaining importance Frequency of provisions mandating the free flow of data (Number) Non-binding provision on free flow of data Binding provision on free flow of data Source: UNCTAD, based on the TAPED data set. Note: Based on the analysis of treaties concluded between 2000 and 20024. # Cybersecurity frameworks are common among top 15 countries. Most, like Pakistan, adopted a dedicated cybercrime or cybersecurity law, while others such as Armenia and Mexico, integrate these elements in criminal codes and data protection legislations. All criminalize cyber offences; several also require incident reporting, and some mandate or encourage threat intelligence monitoring (e.g. Colombia, Peru, Pakistan). Many countries, including Rwanda and Thailand, organize monitoring at the national level and define critical infrastructure protection measures. A growing number adopts compliance standards such as codes of conduct and guidelines. At the institutional level, several countries have dedicated cybersecurity agencies or committees. Colombia and Costa Rica have assigned responsibilities to information technology (IT) ministries, in Pakistan law enforcement is in charge, and in Armenia tasks are shared among several institutions. All top 15 countries have national computer security incident response teams. Multilateral cooperation on cybersecurity is more advanced. The Budapest Convention on Cybercrime, which entered into force in 2004, remains the most comprehensive treaty, covering a wide range of offences, including illegal access, data interference, and online fraud, with 78 parties as of January 2025, including eight of the top 15 countries. The recent United Nations Treaty against Cybercrime expands cooperation on evidence exchange and prosecution of digital crimes. Regional frameworks, including the African Union Convention on Cyber Security and Personal Data Protection (2014), the Arab Convention on Combating Information Technology Offences (2010), the Shanghai Cooperation Organization Agreement on International Information Security (2009) and the Commonwealth of Independent States Agreement on Cooperation in the Fight against Cybercrime (2001), further reinforce cybersecurity as a shared global responsibility. # Policy lessons 1. Comprehensive data protection laws and independent enforcement authorities are essential to boost investment and consumer confidence. These should include clear rules on data breach notification, data portability rights and effective sanctions to ensure compliance. 2. Flexible and phased approaches, including gradually expanding the scope of data protection rules, introducing compliance requirements in stages, and/or piloting regulations in specific sectors, allow countries to protect data while supporting investment in the digital economy, trade and technological progress. 3. Complementing cybercrime laws with regulations on incident reporting, critical infrastructure, and institutional coordination enhances national cybersecurity. Establishing dedicated entities helps clarify roles and responsibilities. 4. Regular legal updates ensure responsiveness to emerging technologies and evolving threats and cooperation with global initiatives supports knowledge exchange and capacity-building. 5. International coordination enables information sharing and consistent standards for data protection and cybersecurity across borders. 6. In IIAs, commitments on free data flows and limits on data localization have grown stronger. They also increasingly recognize governments' rights to regulate for privacy, data protection, and national security, reflecting efforts to balance openness with policy space. # Policy guidance 1. Establish comprehensive data protection frameworks that mandate data breach notification, include data portability rights, and define effective sanctions to promote transparency, user control, and compliance. 2. Create independent and well-resourced enforcement authorities responsible for overseeing data protection and cybersecurity, ensuring accountability and effective coordination across institutions. 3. Adopt phased and adaptable regulatory approaches, using interim measures where comprehensive laws are not yet in place, and ensuring frameworks remain flexible and aligned with technological change and national development priorities. 4. Ensure that national cybersecurity legislation covers incident reporting, threat intelligence monitoring, and critical infrastructure protection, supported by clear coordination mechanisms, compliance standards, and regular legal updates supported by capacity-building. 5. Promote international and regional cooperation to harmonize data protection and cybersecurity standards, facilitate secure cross-border data flows, and develop shared cybersecurity resources. 6. Carefully consider provisions in IIAs that address cross-border data flows, while explicitly preserving the ability to regulate in the public interest, including for privacy, data protection and national security. # 2. Intellectual property Country experiences # The global IP regime provides a common foundation, but gaps remain. The TRIPS Agreement establishes de facto minimum standards for WTO members, requiring national laws to protect computer programmes, integrated circuit designs, and proprietary data against unfair commercial use. In many jurisdictions, computer software, hardware and digital technologies may also be patented if they meet applicable criteria. The World Intellectual Property Organization (WIPO) Copyright Treaty and the WIPO Performances and Phonograms Treaty (known as the WIPO Internet Treaties) reaffirm that copyright protections and exceptions for authors extend to the digital environment. A gap remains, however, in their adoption. Almost all developed countries and most top 15 countries have ratified them, but only a little over half of developing countries and less than a third of LDCs have done so (figure 1.3).<sup>7</sup> Rapid technological change is testing the limits of existing IP frameworks. Key challenges include protecting algorithms and data-mining tools, determining how protected data may be used to train AI, and clarifying whether AI-generated content qualifies for IP protection under copyright law. High-value digital patents are largely concentrated in developed economies, widening the technological gap. National frameworks must therefore promote local innovation, safeguard access to knowledge, and implement international commitments that support sustainable development (box I.2). For developing countries, aligning digital economy laws requires balancing innovation, industry protection, and compliance with international norms. Policymakers should monitor international developments to adapt domestic regulations accordingly. Rapid technological change is testing the limits of existing IP frameworks Figure I.3. Gaps remain in the adoption of WIPO treaties Ratification of WIPO Internet treaties, share of countries (Percentage) Developed Developing LDCs Top 15 Source: UNCTAD, based on data from WIPO. # Box 1.2. # Investment and innovation in the digital economy: the experience of China with intellectual property legislation Supportive innovation and IP policies and strong national research and development (R&D) capacity allowed China to underpin the rapid development of digital technologies and contributed to the growth of its digital economy patents. By the end of 2023, patents reached 1.95 million, or 39 per cent of all patents granted (National Bureau of Statistics, China). The country also has the largest number of patent applications globally in both AI (Zheng, 2020) and blockchain-related technologies (Statista Research Department, 2022). Most filings with the China National Intellectual Property Administration (CNIPA) came from domestic applicants (1,6 million). According to WIPO, China also hosts the largest number of innovation clusters worldwide, including the top-ranked cluster by patents, scientific publications and venture capital activity. Several studies suggest that recent amendments to China's Patent Law that came into effect in 2021 have facilitated the commercialization of research in digital technologies (Zhou, et al, 2023 and Liu, et al, 2025). Significant developments include, inter alia, increased penalties for infringements and the extension of the statute of limitations on patent litigation, both of which are designed to enable easier enforcement of patent rights and signal a heightened commitment to enforcement of IP rights. Implementing regulations in 2023 introduced an open licensing regime to encourage greater access to patented technologies, including in the digital realm. In addition, China promulgated guidelines clarifying the scope of patent applications for AI technologies and big data algorithms in 2024. The development of digital technologies is supported by reforms in other IP domains. A 2021 amendment to China's Copyright Act broadened the scope of copyrightable material to include digital works including, for example, webcasts, on-line games and game graphics, and expanded certain neighbouring rights to include Internet livestreaming (Yu, 2021). Several pilot projects allowed startups to use their IP as sole collateral for loans (CNIPA, 2019). The growth in the number of patents has also necessitated a dedicated dispute resolution system to address IP issues. The Chinese Government has 124 State-level IP protection centres and 2,230 mediation organizations for IP disputes, which concluded nearly 140,000 mediation cases in 2024.[8] <sup>8</sup> Work report by Shen Changyu, Director General of CNIPA, at the National Intellectual Property Administration Directors' Conference in 2025 (in Chinese). Source: UNCTAD, based on various sources. Countries adopt different approaches to update IP legislation to reflect the realities of the digital age. Among the top 15 countries, several have reformed their laws: Kenya modernized IP definitions, Nigeria introduced digital distribution rights for copyrighted work, Brazil extended IP rights to electronic games. Armenia extended patentability to software, to protect the innovation and concept per se. In AI development, Singapore permits copying lawfully accessed works for computational data analysis, unless the source is infringing. However, copying is still allowed if the user did not know and, in the case of flagrantly infringing sites, could not reasonably have known that the source was infringing, or where using an infringing copy is necessary for a prescribed purpose and used only for that purpose. Saudi Arabia is considering draft legislation protecting creations where humans contribute to AI-produced works, while Singaporean jurisprudence has followed a similar approach. # Digital platforms are increasingly subject to IP-related regulation. Singapore requires fair remuneration for online use of creative content, and Kenya, Mexico, Nigeria and Türkiye mandate takedown procedures for infringing material. Legislations can also provide "safe harbour" provisions that limit platform liability when they act passively or comply with due diligence obligations (e.g. Kenya, Mexico, Nigeria). # Policy lessons 1. Updating IP legislation is key to clarity, innovation and investor confidence. This can include adapting copyright and patent frameworks, addressing AI-related challenges such as training data use and ownership of AI-generated content, and updating legal definitions to reflect new digital products and distribution models. 2. Digital platforms require tailored rules for fair compensation and liability. Defining responsibilities, establishing safe harbours and implementing efficient takedown systems promote a level playing field and protect creators. 3. Strong enforcement and international cooperation enhance credibility. Mechanisms such as WIPO Alert and domain-name dispute systems can strengthen enforcement and cross-border coordination.[9] # Policy guidance 1. Adapt IP laws to cover digital innovations, including software, AI-generated content and other emerging technologies, and update legal definitions and frameworks to reflect new digital content types and distribution models. 2. Regulate digital platforms through clear takedown procedures, liability rules and safe harbour protections. Promote revenue-sharing and fair remuneration models for digital content creators. 3. Leverage digital tools, such as mobile apps and AI-based enforcement methods, to streamline IP systems and improve accessibility, linking IP modernization with broader innovation and industrial strategies. 4. Foster international cooperation to combat online IP infringement and strengthen cross-border enforcement through existing mechanisms and global initiatives. # 3. Competition # Country experiences # Both developed and developing countries have tightened competition rules for digital sectors. Between 2020 and 2024, over one-third of new competition-related digital policy measures targeted digital services, e-commerce and platform markets. More than half of these measures in developed economies, and about 40 per cent in developing ones, focused on preventing data-related abuses by large platforms (figure I.4). These typically targeted exclusionary practices, algorithmic manipulations, self-preferring and other forms of anti-competitive behaviour by large online platforms. Several were informed by regional initiatives, notably the EU's unified framework to regulate large digital platforms and prevent Aldriven market distortions (box I.3).10 # Reinforcing oversight of mergers in digital and technology-driven markets has been a major policy focus. Key initiatives included revising merger notification thresholds, preventing "killer" acquisitions, and strengthening enforcement and transparency. Some developed countries have broadened merger review criteria to include network effects, privacy, labour conditions and environmental impact. While certain countries introduced specific platform regulations, others adopted "soft law" approaches or adapting traditional competition, privacy, or consumer protection frameworks. Many developed and developing countries have also expanded the powers of national regulators and competition authorities through new investigative tools, higher fines and improved assessment of anti-competitive agreements. Finally, some developing countries, e.g. China and South Africa, introduced measures to help small and medium-sized enterprise (SMEs) integrate with e-commerce platforms and participate more effectively in digital markets. # Figure 1.4. # Competition measures focus on abuse of dominance in all countries Digital policy measures on competition, by type and level of development, 2020-2024 (Percentage) <table><tr><td></td><td>Developed</td><td>Developing</td></tr><tr><td>Abuse of dominance</td><td>52</td><td>41</td></tr><tr><td>Merger control</td><td>25</td><td>32</td></tr><tr><td>Anti-competitive agreements and other regulation</td><td>9</td><td>17</td></tr><tr><td>Competition authority governance</td><td>14</td><td>10</td></tr></table> Source: UNCTAD, Investment Policy Monitor and Digital Policy Alert initiative of the St. Gallen Endowment for Prosperity through Trade. # Box 1.3. # Digital market frameworks Acknowledging the shortcomings of traditional competition laws, which tend to be reactive and focused on individual cases, a more targeted regulatory approach has been adopted in some regions to regulate large tech firms. A notable example includes the EU's Digital Markets Act (2022) designed to address competition challenges in digital markets. The Digital Markets Act (DMA) regulates large online platforms that serve as key intermediaries between businesses and consumers, including search engines, web browsers, operating systems, and online advertising services. A platform qualifies as a gatekeeper if it has a strong economic presence, at least 45 million monthly users in the EU or 10,000 business users, and a dominant market position for three years. The DMA ensures fair competition by requiring gatekeepers to allow third-party interoperability, provide business users with data access, and ensure transparency in digital advertisi