CBPR System
Global Cross-Border Privacy Rules (CBPR) Forum
Global voluntary certification for cross-border personal data protection. 9 participating economies: US, Canada, Mexico, Japan, South Korea, Singapore, Philippines, Taiwan, Australia.
Jurisdiction
Multi-jurisdiction (APAC + Americas)
Enacted
Pending
Effective
Jan 1, 2022
Enforcement
National authorities in participating economies
Voluntary certification system - 9 participating economies
Global CBPR ForumWhy It Matters
CBPR certification streamlines cross-border data transfers for AI chatbot platforms operating across APAC and Americas markets. Singapore and Philippines recognize CBPR for data transfer compliance.
Recent Developments
Transitioned from APEC to Global CBPR Forum in 2022; 9 economies participating
At a Glance
Applies to
Requires
Who Must Comply
- Organizations seeking CBPR certification
- Cross-border data transfers between participating economies
- Companies operating in multiple APAC/Americas jurisdictions
Obligations fall on:
Safety Provisions
- Voluntary cross-border data protection certification
- Accountability and transparency requirements
- Dispute resolution mechanisms
- Privacy by design principles
- Recognized for streamlined cross-border transfers
Compliance & Enforcement
Penalties
Penalties vary by jurisdiction
Primary Source
Global CBPR Forum
https://www.cbprs.org/
View on map
Multi-jurisdiction (APAC + Americas)
Focus Areas
General regulation
Cite This
APA
Multi-jurisdiction (APAC + Americas). (2022). Global Cross-Border Privacy Rules (CBPR) Forum.
Related Regulations
Brunei PDPO
Brunei's personal data protection order requiring DPIA and imposing penalties up to 10% Brunei turnover or $1M.
India DPDP Act
STRICTEST children's provisions in APAC. Children = under 18; verifiable parental consent MANDATORY; PROHIBITION on tracking, behavioral monitoring, targeted advertising to children.
Indonesia PP 17/2025
Indonesia's comprehensive child online protection regulation establishing age-appropriate design requirements for electronic systems accessible to children. Most granular age classification globally (5 groups). Requires risk assessments, privacy-by-default, parental consent, DPIAs, and prohibits data profiling of children. First of its kind in Asia and Global South.
China CSL Amendments
First major revision of China's foundational Cybersecurity Law since 2017. Introduces formal AI governance provisions, significantly increases penalties, and expands extraterritorial application to all cybersecurity violations.
AU National AI Plan
National AI policy roadmap replacing previously proposed mandatory AI guardrails. Focuses on leveraging existing legal frameworks rather than new mandatory requirements. Establishes the Australian AI Safety Institute (AISI) to monitor, test, and share information on AI risks and harms.
India AI Governance Guidelines
Voluntary AI governance framework built on seven core principles ('sutras'): Trust, People First, Innovation over Restraint, Fairness & Equity, Accountability, Understandable by Design, and Safety/Resilience/Sustainability. Establishes AI Governance Group, AI Safety Institute, and Technology & Policy Expert Committee.
Last updated January 22, 2026. Verify against primary sources before relying on this information.