Continuing to browse our website indicates your consent to our use of cookies. For more information, see our Privacy policy.

Digital trade

Toward better digital rules: Improving digital policymaking in APAC


Published 01 July 2025

Economies around the world are working to adopt various digital regulations in areas such as AI, data privacy, IP rights, and online safety. But seldom do governments assess the impacts of these digital rules – some taken almost directly from other jurisdictions without careful consideration of local needs. A regulatory impact assessment process can act as an antidote by bringing coherence to regulations, cross-border interoperability, and a chance for businesses to help shape the new data-driven world.

The number of digital regulations has ballooned in the Asia-Pacific (APAC) region in the past few years. According to Digital Policy Alert, 22 APAC governments have adopted over 1,500 digital laws and regulations in the last two decades, including on cross-border data transfer, consumer protection, cybersecurity, and content moderation. Most of these digital laws and regulations were adopted in the past five years, when the APAC region’s digital regulatory stock grew by more than 300%. In addition, more than 300 laws and regulatory proposals are currently in consultation processes.

The proliferation of regulations reflects APAC governments' growing concerns about the many challenges posed by the digital economy, such as online fraud, data breaches, and deceptive marketing tactics. In a 2024 Ipsos survey, 76% of APAC consumers expressed concerns about data privacy related to AI; another Ipsos survey found that 57% of consumers expect personal data leaks in 2025. Concerns are also rising among businesses: Data breaches cost on average US$4.9 million annually to firms around the world.

National security considerations also drive governments to adopt digital regulations; export controls of sensitive technologies and bans on China AI models like DeepSeek have become increasingly common. The proliferation of digital regulations in some cases also manifests the “Brussels Effect”: the phenomenon of jurisdictions adopting regulations that are similar to the European Union’s sweeping laws, such as the General Data Protection Regulation (GDPR) and the Digital Services Act (DSA). In addition, it reflects “bureaucratic capture,” wherein government agencies prioritize their own interests in securing resources and their influence in policymaking.

As digital technologies become key drivers of economic growth and national security, the impetus for and design of digital regulations is shaped by a complex mix of national digital competitiveness, industrial policy, and strategic priorities. For example, countries are increasingly leaning toward “digital nationalism,” prioritizing domestic interests while curbing the influence of foreign companies. Digital regulations may be needed to guard against various online harms, but a growing body of research shows that some types of digital regulations can create increasingly heavy costs on businesses that would be inimical to innovation and digital adoption, at a juncture where trade in digital services is a driver of economic growth, especially in APAC.

For example, findings from a 2018 study suggest that the GDPR has resulted in a 2% drop in exposed firms’ revenues. Taken at face value, this would cost the Asia-Pacific an implied US$600 billion, or 1% of the region’s gross domestic product (GDP). If barriers to cross-border transfer of data dampen digital services trade by up to 5% as posited in some studies, data localization mandates would result in some US$80 billion in lost digital trade in the APAC region. Granted, the costs of digital regulations may be offset by broader societal benefits. In the APAC region, these benefits are often framed qualitatively. Improved measurement of the cost and benefits of digital regulations are needed, to understand their potential and actual impacts.

Regulatory impact assessments

In the search for appropriate guardrails for the digital economy to flourish, policymakers need to carefully weigh the benefits and costs of laws and regulations. Governments have sought to approach this balancing exercise through regulatory impact assessments (RIAs). Such assessments are typically performed by the ministry or agency pursuing a regulation. Experiences from around the world suggest that RIAs enable governments and the public to properly scrutinize proposed regulations, pre-empt the introduction of unnecessary or overly burdensome regulations, sensitize agencies to greater deliberation on the kinds of regulations they would pursue, and allow private-sector stakeholders to assess and provide meaningful feedback on regulations.

However, research also shows that RIAs still fall short of their potential as gatekeepers to sieve out regulations that harm rather than benefit society. Nearly 50 academic studies on RIAs used in the United States, the European Union, South Korea, and other economies show that RIAs could be improved, for example in terms of rigor. Even when RIAs are formally conducted by the executive branch, political considerations often influence the process and outcomes. Nonetheless, an RIA process is precisely the antidote to recognize the impetus for and transparency issues behind any regulation and a means to call out politicized motivations and demonstrate their effects.

The critical importance of rigorous RIAs in the digital era cannot be overstated. Poorly vetted regulations can result in large economic costs and alter economies’ development pathways. Hastily implemented digital rules, especially if modeled after regulations from other jurisdictions without careful consideration for local needs, can also undermine public trust in policymakers’ ability to analyze and institute regulations for the public good.

The purpose of this study is to assess the APAC region’s use of RIAs specific to digital regulations and promote a common baseline of a Model RIA on Digital Regulations. In particular, this study: (1) reviews APAC governments’ use of RIAs in general and RIAs used to assess digital regulatory proposals in particular; and (2) proposes ways for APAC economies to enhance the rigor of their RIAs for digital regulations, including through the Model RIA for Digital Regulations. Even though each APAC economy is different in its institutional frameworks, political economy dynamics, and development levels, a baseline RIA, such as the one proposed here, can accommodate national differences and enable countries to account for local circumstances.

This study also analyzes and rates the contents of 27 RIAs on digital regulations in seven APAC economies where data on RIAs is publicly accessible – Australia, Canada, Chile, South Korea, Mexico, New Zealand, and the United States – and which collectively represent almost two-thirds of the APAC region’s GDP. The exercise is to understand what RIAs focus on, and how well RIAs analyze the proposed regulations, their costs and benefits, and their alternatives, and where there are gaps in RIAs that can be bridged.

The main findings of this study are:

  1. 86% of the 22 APAC economies analyzed carry out RIAs, but leading emerging economies such as India and Indonesia use RIAs inconsistently.
  2. The rigor of APAC’s RIAs on digital regulations can be improved; RIAs can still come across as rubber-stamping exercises rather than as proper gatekeepers.
  3. To ensure they promote digital technologies, which underpin services trade as the growth driver of the 21st century, APAC governments should urgently enhance the quality of their RIAs on digital regulations and adopt a Model RIA on Digital Regulations.
  4. APAC governments should periodically review and update their RIAs on digital regulations, including through a public consultation.
  5. APAC governments should prune their digital regulatory stock to ensure regulations remain current and do not undermine economic growth.
  6. Asia-Pacific Economic Cooperation (APEC) members should set up an APEC Pathfinder to collectively enhance RIAs for digital policy.

Download the full report here.


Kati Suominen is a Research Fellow at the Hinrich Foundation. She is the Founder and CEO of Nextrade Group that helps governments, multilateral development banks, and Fortune 500 technology companies enable trade through technology.

Articles by this expert

View bio

Have any feedback on this article?

contact us

BACK TO TOP