Skip to main content
NOPE
In Effect Standard Data Protection Context Relevance

CBPR System

Global Cross-Border Privacy Rules (CBPR) Forum

Global voluntary certification for cross-border personal data protection. 9 participating economies: US, Canada, Mexico, Japan, South Korea, Singapore, Philippines, Taiwan, Australia.

Jurisdiction

Multi-jurisdiction (APAC + Americas)

GLOBAL

Enacted

Unknown

Effective

Jan 1, 2022

Enforcement

National authorities in participating economies

Voluntary certification system - 9 participating economies

Who Must Comply

This law applies to:

  • Organizations seeking CBPR certification
  • Cross-border data transfers between participating economies
  • Companies operating in multiple APAC/Americas jurisdictions

Capability triggers:

crossBorderTransfer (increases)
multiJurisdictionOperations (required)
Required Increases applicability

Who bears obligations:

Data Controller

Safety Provisions

  • Voluntary cross-border data protection certification
  • Accountability and transparency requirements
  • Dispute resolution mechanisms
  • Privacy by design principles
  • Recognized for streamlined cross-border transfers

Enforcement

Enforced by

National authorities in participating economies

Penalties

Penalties vary by jurisdiction

Varies by jurisdiction; certification can be revoked

Quick Facts

Binding
No
Mental Health Focus
No
Child Safety Focus
No
Algorithmic Scope
No

Why It Matters

CBPR certification streamlines cross-border data transfers for AI chatbot platforms operating across APAC and Americas markets. Singapore and Philippines recognize CBPR for data transfer compliance.

Recent Developments

Transitioned from APEC to Global CBPR Forum in 2022; 9 economies participating

Cite This

APA

Multi-jurisdiction (APAC + Americas). (2022). Global Cross-Border Privacy Rules (CBPR) Forum. Retrieved from https://nope.net/regs/apac-cbpr

BibTeX

@misc{apac_cbpr,
  title = {Global Cross-Border Privacy Rules (CBPR) Forum},
  author = {Multi-jurisdiction (APAC + Americas)},
  year = {2022},
  url = {https://nope.net/regs/apac-cbpr}
}

Related Regulations

In Effect BN Data Protection

Brunei PDPO

Brunei's personal data protection order requiring DPIA and imposing penalties up to 10% Brunei turnover or $1M.

In Effect IN Data Protection

India DPDP Act

STRICTEST children's provisions in APAC. Children = under 18; verifiable parental consent MANDATORY; PROHIBITION on tracking, behavioral monitoring, targeted advertising to children.

In Effect ID Data Protection

Indonesia PP 17/2025

Indonesia's comprehensive child online protection regulation establishing age-appropriate design requirements for electronic systems accessible to children. Most granular age classification globally (5 groups). Requires risk assessments, privacy-by-default, parental consent, DPIAs, and prohibits data profiling of children. First of its kind in Asia and Global South.

In Effect NP AI Safety

Nepal AI Policy

Nepal national AI policy establishing governance framework and development priorities. Creates AI Governance Council (chaired by Minister for Communications and IT), AI Regulation Council, National AI Centre, and AI Regulatory Authority. Six pillars including ethics, human resource development, and sectoral application.

In Effect PK AI Safety

Pakistan AI Policy

Pakistan's national AI roadmap establishing six strategic pillars: AI Innovation Ecosystem, Awareness and Readiness, Research and Development, Infrastructure, Governance, and International Cooperation. Creates National AI Fund (NAIF), Centres of Excellence in 7 cities, and targets training 200,000 individuals annually.

In Effect MM Online Safety

Myanmar Cybersecurity Law

Myanmar's cybersecurity law requiring platforms with 100,000+ users to register and imposing data retention requirements. Enacted post-2021 coup with uncertain enforcement.

Back to all regulations Check if this applies to you