BOX 5.1 Defining localization barriers to digital trade
There is not an established definition for localization barriers to digital trade. In submissions to the USITC, industry
representatives and experts used the terms “forced localization,” “local data storage requirements,” “local content,”
and “localization barriers to trade” interchangeably. However, these terms generally are not limited to measures that
target the transmission or storage of data. For many years, governments have imposed local-content requirements in
such areas as information technology and renewable energy in an attempt to foster the growth of domestic industries.
Thus, USTR broadly defines the term “localization barriers to trade” as:
[M]easures designed to protect, favor, or stimulate domestic industries, service providers, and/or
intellectual property (IP) at the expense of goods, services, or IP from other countries. Localization
barriers are measures that can serve as disguised trade barriers when they unreasonably
differentiate between domestic and foreign products, services, IP, or suppliers, and may or may not
be consistent with WTO rules.
While localization barriers to trade may encompass a wide range of protectionist measures, this study will use the
term “localization barriers to digital trade” to refer to those measures that have been applied to the digital sector.
Sources: USTR website, “Localization Barriers to Trade,” http://www.ustr.gov/trade-topics/localization-barriers
(accessed May 6, 2013); World Trade Organization (WTO) website, “Glossary: Local-Content
Measure,” http://www.wto.org/english/thewto_e/glossary_e/local_content_measure_e.htm (accessed May 6, 2013).
TABLE 5.1 Selected examples of localization barriers to digital trade
Requires local storage of data
Argentina, Australia, Canada, China,
Greece, Indonesia, and Venezuela
BSA, BRT, Cate, Citi
Mandates or encourages local content
Australia, Brazil, China, India, and certain
EU member states
USTR, BSA, BRT, MPAA
Provides government procurement
preferences to local digital firms
Brazil, Canada, China, India, Nigeria,
Paraguay, and Venezuela
Source: USTR, 2013 National Trade Estimate Report on Foreign Trade Barriers, 2013; BSA, “Lockout,” June 2012,
9; Motion Picture Association of America (MPAA), “Trade Barriers,” October 15, 2012, 2; Citi, written submission to
the USITC, March 14, 2013, 2; BRT, “Promoting Economic Growth,” 2012, 5–6; Cate, “Provincial Canadian
Geographic Restrictions,” 2008, 1.
Localization barriers to digital trade are distinguished from companies’ voluntary
decision to localize to lower costs, to get access to the best talent or resources, or to
ensure that they meet the needs of consumers in the market.
For example, for companies
that provide digital services over the Internet, using servers that are geographically closer
to the user reduces latency and lowers the probability of dropped or disordered
Thus, providers of cloud services locate servers where they make
sense logistically and economically.
For digital content producers, localization may be
necessary because “It’s not enough just to translate. The game needs to be adapted for
each market,” according to the founder of a Russian game company.
localization strategies, which are driven by companies’ economic needs, measures that
explicitly or implicitly require a company to use local digital products and services often
thwart optimal business decisions and distort trade.
Industry official, interview by USITC staff, San Francisco, CA, April 16, 2013.
USITC, hearing transcript, March 7, 2013, 45–46 (testimony of Michael Mandel, Progressive Policy
Institute). “Latency” is the total time it takes a data packet to travel across a network connection.
BSA, written comments to USTR, May 10, 2013. Cloud computing is discussed in chapter 2.
Khrennikov, “Zynga of Russia That Doesn’t Want to Be,” Bloomberg, November 28, 2012.
Companies Have Had to Localize Data Servers to Comply with
Several countries require companies to store or maintain data on local servers, either
explicitly or implicitly.
Explicit policies state that companies must keep data within the
country where the data was collected. Implicit policies compel companies to store data on
local servers by requiring, for example, that data be available for regulators to review,
which effectively means that the data must be stored in-country. Both types of policies
are often justified by governments as necessary to protect data privacy and/or the security
of systems; however, local data requirements also may “serve as thinly veiled
An example of a law that explicitly requires the local storage of data is Greek Law No.
3917/2011, Article 6, which implements the requirements of the EU’s Data Retention
The EU directive requires Internet and telecommunications service providers
to retain certain data about a subscriber, largely about their communications by phone
and over the Internet.
However, the Greek law goes farther by also requiring that the
retained data on “traffic and location” stay “within the premises of the Hellenic
The European Commission is “aware that the law imposes restrictions on
electronic communications service providers regarding the geographic location of data
generation and storage, which has an economic effect on these providers and limits their
freedom to organise their business,” and has stated that it will take appropriate action if
Data localization requirements that governments justify on data privacy grounds
reportedly are found in many countries.
For example, two Canadian provinces, British
Columbia and Nova Scotia, have laws requiring that health records be stored in Canada
and not moved to any other jurisdiction.
The provinces passed the laws in response to
the perception that the USA PATRIOT Act would allow the U.S. government to access
personal data about Canadian citizens.
Similarly, Australia’s Personally Controlled
Electronic Health Records Act of 2012 prohibits the overseas storage of any Australian
electronic health records, without regard to actual risks or safeguards of data storage.
Laws or policies that implicitly require the localization of data servers for the security of
financial information or systems infrastructure can be challenging to identify because
USITC, hearing transcript, March 7, 2013, 25, 38, 70, 157, 161, 186, 216, 232, 318 (testimony of
Stephen Ezell, Information Technology & Innovation Foundation; of Joshua Meltzer, Brookings; of Jake
Colvin, National Foreign Trade Council; of Ed Black, Computer & Communications Industry Association;
and of David LeDuc, Software & Information Industry Association); ITIF, written testimony to the USITC,
March 7, 2013, 1; BRT, “Promoting Economic Growth,”2012, 2–8.
CCIA, written comments to USTR, May 20, 2013, 6; BRT, “Promoting Economic Growth,” 2012, 7.
Tsolias, “Privacy, Data Retention and Data Protection,” January 9, 2013; Law 3917/2011, Official
Gazette of the Hellenic Republic, 22A/2011.
Electronic Freedom Foundation website, https://www.eff.org/issues/mandatory-data-retention/eu
(accessed May 2, 2013).
Greek Law No. 3917/2011, art. 6. A summary of the law is available in Tsolias, “Privacy, Data
Retention and Data Protection,” January 9, 2013.
European Commission, “Written Response to Parliamentary Question,” June 14, 2011.
BRT, “Promoting Economic Growth,” 2012, 5–6.
British Columbia, Freedom of Information and Protection of Privacy Amendment Act, 2004.
Cate, “Provincial Canadian Geographic Restrictions,” 2008, 3.
USITC, hearing transcript, March 7, 2013, 27 (testimony of Stephen Ezell, Information Technology
and Innovation Foundation); BRT, “Promoting Economic Growth,” 2012, 5; USTR, 2013 National Trade
Estimate, 2013, 31.
localization requirements may arise only in practice, as companies seek to comply with
other requirements. In the financial sector, for example, data may have to be stored
locally to comply with government requirements related to regulatory supervision and
ensuring continuity of operations.
Thus, Venezuela and Argentina limit offshore data
processing, and China allows offshore data processing only for a bank’s corporate
Indonesia’s National Bank requires that banks obtain its approval before
any cross-border personal data transfers may occur.
Industry participants have focused on the harms caused by such measures. The rules can
constrain foreign digital companies’ ability to choose where and how to store data;
prevent companies from operating in the market; force local data storage; or require the
restructuring of operations to comply with data requirements.
whether the measure is intended to disfavor foreign firms or achieve prudential policy
outcomes can be challenging. In some cases, governments offer prudential reasons for
their rules, but do not narrowly tailor them to address the concern. For example, the
Australian and Canadian rules on health records described above apply a blanket
requirement that certain personal data be stored in-country. By contrast, the United
States, which also provides strong rules for the treatment of “protected health
information” under the Health Insurance Portability and Accountability Act of 1996
(HIPAA), allows cross-border transfer if administrative, physical, and technical
safeguards are provided.
Thus, the U.S. law addresses prudential concerns through a
risk-based approach, while the Canadian and Australian measures apply a location-based
approach. As noted by industry participants, while the objectives of these measures may
be driven by prudential policy concerns, the means by which they are obtained must also
be carefully considered to avoid forcing the use of local data servers.
Certain Local-Content Policies Extend to Digital Industries
In some cases, governments have expressly required that companies use a specified
percentage or quota of local digital inputs or include digital content from the country
implementing the law. Nigeria’s Local Content Development Act of 2010 provides an
example (box 5.2) of a broad measure that covers many sectors, including digital
products and services. As previously discussed, these measures may constrain
companies’ supply chain choices, drive sub-optimal business decisions, or limit markets.
Security-related measures also can favor local industries or set thresholds for use of local
content. For example, China’s Multi-Level Protection Scheme (MLPS) applies to
banking, energy, telecommunications, education, and transportation.
ostensibly aims to protect data in networks related to sensitive infrastructure, assigning
all software information systems a value based on their importance to “national security,
Citi, written submission to the USITC, March 14, 2013, 2.
This requirement is contained in Regulation No. 7/15/PBI/2007 on the Implementation of Risk
Management in the Utilization of Information Technology. DLA Piper, “Data Protection Laws of the World,”
March 2012, 108.
BRT, “Promoting Economic Growth,” 2012, 7.
U.S. Department of Health and Human Services website, HIPAA, The Security Rule,
http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/index.html (accessed May 2, 2013).
BRT, “Promoting Economic Growth,” 2012, 7.
USITC, China: Effects of Intellectual Property Infringement, May 2011, 5-30.
BOX 5.2 Nigeria’s Local Content Development Act of 2010: Impact on digital products and services
Nigeria’s Oil and Gas Sector Local Content Development Act of 2010 (the Act) imposes a localization requirement by
mandating the use of Nigerian companies in a range of services sectors, including many services that are provided
digitally. The Act, which builds upon previous localization efforts, establishes a Nigerian Content Development and
Monitoring Board to enforce requirements for Nigerian content, defined as a specific percentage of total funds spent,
labor hours, or input volume, for any operator in the oil and gas sector.
For digitally traded services, the Act specifies that 50 percent of the amount spent on IT management consultancy
services must be local. The same is true for data management services, while the figure rises to 60 percent for data
and message transmitting services and to 100 percent for general banking, auditing, and life insurance services.
These are all digital or digitally enabled services.
The oil and gas sector is the primary contributor to Nigeria’s gross domestic product, so the Act has had a large
impact on the country’s other business sectors, including suppliers of digital and digitally enabled services. The Board
has granted exemptions to the requirements, and is reported to have missed previous targets because Nigeria cannot
yet produce enough local products and services to fill the quotas. However, the government recently has reaffirmed
its intent to enforce the requirements.
Sources: Nigerian Content Development and Monitoring Board website, http://www.ncdmb.gov.ng/ (accessed June 4,
2013); Amanze-Nwachuku, “Nigerian Content and Indigenous Participation,” September 14, 2010; Onwuemenyi,
“Nigerian Content: Measuring the Gains,” May 1, 2012; Vanguard News, “Local Content Policy Has Created 30,000
Jobs,” January 22, 2013.
social order and economic interests.”
Any system assigned a value of three or higher
(out of five possible levels) must be provided by a Chinese company, owned by Chinese
citizens, and use core technology based on Chinese intellectual property.
requirement will exclude U.S. and foreign companies from providing digital services to
large portions of the Chinese market, if (as reported) systems routinely are assigned a
value of three or higher.
Audiovisual quotas provide another example of explicit local-content mandates that can
reach digital products and services. Current laws in many countries place limits on the
number of foreign films that can enter the market, or cap the percent of time that radio or
television stations can play foreign content, or set a minimum play time for domestically
As people consume more media online, these local-content
requirements reportedly are expanding into the trade of digital products, such as movies,
music, and e-books, to the detriment of U.S. companies selling their content in foreign
For example, the EU’s 2007 Audiovisual Media Services (AVMS) Directive has
expanded the scope of previous directives requiring preferences for European content to
also reach on-demand or streaming video services.
Although the AVMS Directive does
not set quotas for on-demand services, it does require member states to encourage
BSA, “Lockout,” June 2012, 9.
USITC, China: Effects of Intellectual Property Infringement, 5-30.
At the 23rd U.S.-China Joint Commission on Commerce and Trade (JCCT) meeting in December
2012, the Chinese government committed to revise the MLPS to address industry concerns. USTR, 2013
Report on Technical Barriers to Trade, 2013, 54; USTR, “Fact Sheet: 23rd U.S.-China Joint Commission on
Commerce and Trade,” 2012.
USTR, 2013 National Trade Estimate Report, 2013. See examples from Australia, Brazil, Canada,
China, EU (France, Italy, Poland, Spain), Korea, Malaysia, Sri Lanka, and Venezuela, among others.
MPAA, USTR written comments, October 2012, 2.
Documents you may be interested
Documents you may be interested