← Back to reports library

Data Strategy Feed Inventory (2019–2025)

The Data Strategy pillar now contains 134 briefs spanning 2019–2026. Coverage captures EU data-space deployment, U.S. interoperability mandates, Asia-Pacific localisation, multilateral data-trust frameworks, and pre-2020 transfer foundations. The table below…

Data Strategy Program · Coverage focus 2019 · Updated March 03, 2026

The Data Strategy pillar now contains 134 briefs spanning 2019–2026. Coverage captures EU data-space deployment, U.S. interoperability mandates, Asia-Pacific localisation, multilateral data-trust frameworks, and pre-2020 transfer foundations. The table below tracks 2019–2025 cadence after the latest additions.

Year Briefs Primary coverage clusters Newly added coverage (Mar 2024 refresh)
2019 2 Cross-border adequacy, multilateral trusted-flow foundations Added mutual EU–Japan adequacy via 2019-01-23-eu-japan-adequacy-decision and the G20 Osaka DFFT launch through 2019-06-29-g20-osaka-dfft-declaration
2020 12 EU Data Strategy conclusions, Brazil LGPD go-live, RBI localisation, Schrems II, China PIPL draft, EU–UK TCA bridge Added cross-border coverage via 2020-07-16-schrems-ii-privacy-shield-invalidated, Brazil oversight through 2020-08-26-brazil-anpd-established, China privacy consolidation with 2020-10-21-china-pipl-draft, and continuity planning with 2020-12-24-eu-uk-tca-data-bridge
2021 16 China Data Security Law, TEFCA launch, regional privacy build-outs ASEAN governance & G7 DFFT coordination via 2021-01-19-asean-data-management-framework, 2021-02-10-edpb-edps-opinion-data-governance-act, 2021-03-25-eu-council-data-governance-act-general-approach, 2021-04-28-g7-digital-ministers-dfft, 2021-05-28-g7-trade-ministers-dfft-statement, 2021-08-01-brazil-lgpd-sanctions-effective, 2021-10-22-g7-digital-trade-principles, 2021-11-12-apec-cbpr-system-upgrade, 2021-12-14-oecd-enhanced-data-sharing-recommendation
2022 21 EU Data Act milestones, TEFCA, APAC localisation Global governance milestones through 2022-02-10-african-union-data-policy-framework, 2022-03-25-eu-us-data-privacy-framework-announcement, 2022-06-28-g7-elmau-dfft-commitments, 2022-07-13-onc-uscdi-v3-release, 2022-08-03-india-withdraws-personal-data-protection-bill, 2022-09-01-china-cross-border-security-assessments-effective, 2022-10-01-japan-appi-cross-border-transfer-rules, 2022-11-28-eu-data-act-council-general-approach, 2022-12-14-oecd-government-access-declaration
2023 24 EU Data Act approvals, DPDP Act, TEFCA FHIR roadmap Multilateral trust frameworks via 2023-01-01-california-cpra-effective-date, 2023-02-03-asean-ai-governance-guide, 2023-05-20-g7-hiroshima-dfft-roadmap, 2023-08-11-india-dpdp-act-assent, 2023-11-17-apec-golden-gate-data-flows
2024 21 EHDS adoption, ISO 5259-4, Indonesia PDP enforcement Cross-border data partnerships: 2024-03-21-eu-japan-dfft-roadmap, 2024-06-14-g7-apulia-digital-trust-commitments
2025 34 EU Data Act application, CSRD controls, U.S. healthcare metrics Roadmap extended with DGA transitional compliance, Article 40 penalty regimes, the first DGA evaluation, Data Act contract templates, and the 2026 connected-product access runway

Cluster drill-down

APAC data localisation and governance

  • Foundational: RBI payment aggregator localisation, Singapore PDPA amendments, China Data Security Law, Vietnam Decree 53, India DPDP Act assent, Indonesia PDP law countdown/enforcement.
  • New coverage:
  • 2019-01-23-eu-japan-adequacy-decision – PPC complaint channel and supplemental rules enabling EU–Japan trusted data flows.
  • 2019-06-29-g20-osaka-dfft-declaration – Osaka Track launch aligning G20 economies on Data Free Flow with Trust.
  • 2021-01-19-asean-data-management-framework – regional governance blueprint and model clauses.
  • 2021-05-28-g7-trade-ministers-dfft-statement – interoperability and SME enablement commitments for trusted cross-border flows.
  • 2021-11-12-apec-cbpr-system-upgrade – CBPR expansion towards the Global CBPR Forum.
  • 2022-08-03-india-withdraws-personal-data-protection-bill – transition to India’s Digital Personal Data Protection Bill.
  • 2022-10-01-japan-appi-cross-border-transfer-rules – stronger transparency, transfer accounting, and breach notification duties under the amended APPI.
  • 2023-02-03-asean-ai-governance-guide – AI stewardship expectations grounded in ASEAN data controls.
  • 2023-08-11-india-dpdp-act-assent – consent-led privacy regime with penalties and cross-border notifications.
  • 2023-11-17-apec-golden-gate-data-flows – Golden Gate Declaration commitments on trusted flows and SME enablement.
  • 2020-10-21-china-pipl-draft – draft consent, localisation, and cross-border transfer regime with extraterritorial reach and high penalties.
  • Gap watch: Track forthcoming ASEAN Global CBPR certification criteria and Thailand’s PDPA enforcement roadmap.

EU data-space and multilateral trust frameworks

  • Foundational: EU Data Strategy release, Data Governance Act, EHDS milestones, ISO 5259-4, EU Data Act enforcement runway.
  • New coverage:
  • 2020-06-09-eu-council-data-strategy-conclusions – Council direction on interoperable European data spaces.
  • 2021-03-25-eu-council-data-governance-act-general-approach – neutrality, confidentiality, and supervision baselines for data intermediaries and data altruism registration.
  • 2021-02-10-edpb-edps-opinion-data-governance-act – supervisory safeguards and neutrality expectations for DGA intermediaries.
  • 2021-12-06-oecd-enhancing-data-sharing – OECD access-and-sharing benchmarks for multi-party data spaces.
  • 2022-03-25-eu-us-data-privacy-framework-announcement – transatlantic roadmap and redress promises.
  • 2022-06-28-g7-elmau-dfft-commitments & 2023-05-20-g7-hiroshima-dfft-roadmap – DFFT roadmaps with institutional partnership planning.
  • 2024-03-21-eu-japan-dfft-roadmap & 2024-06-14-g7-apulia-digital-trust-commitments – IAP on DFFT launch, EU–Japan interoperability coordination.
  • 2022-11-28-eu-data-act-council-general-approach – staged switching, B2G safeguards, and SME protections heading into trilogue negotiations.
  • 2025-09-12-eu-data-act-penalty-regimes – Article 40 notification window for national penalty frameworks that determine enforcement severity across Member States.
  • 2025-09-24-eu-dga-data-intermediation-compliance – transitional deadline for legacy data intermediation services to meet Chapter III neutrality and security controls.
  • 2025-09-24-eu-dga-evaluation-deadline – Commission evaluation deliverable that will steer any follow-on DGA legislative proposals.
  • 2025-10-01-eu-data-act-new-contract-compliance – Chapter IV fairness and switching requirements for contracts concluded after 12 September 2025.
  • 2025-10-20-eu-data-act-model-contract-terms – Commission model clauses for data access and cloud switching under Article 41 of the Data Act.
  • 2025-11-25-eu-data-act-connected-products-roadmap – product roadmap checkpoint ahead of the September 2026 Article 3 access obligation for connected products.
  • 2020-12-24-eu-uk-tca-data-bridge – temporary bridge that maintained EU–UK flows while adequacy was finalised, guiding SCC fallback planning.
  • Gap watch: Monitor sector data-space funding calls (energy, mobility) and upcoming DGA data intermediation certification.
  • Track Commission follow-up on the 2025 DGA evaluation and any Data Act implementing acts covering smart contracts and interoperability.

Government access, privacy, and economic security

  • Foundational: Schrems II adjustments, Brazil LGPD enforcement, TEFCA/TIA coverage, EU financial data space call.
  • New coverage:
  • 2021-04-28-g7-digital-ministers-dfft – policy direction for transparency, redress, and SME toolkits.
  • 2021-05-28-g7-trade-ministers-dfft-statement – trade ministers align on interoperable transfer mechanisms and SME support.
  • 2022-02-10-african-union-data-policy-framework – continental governance operating model.
  • 2022-06-28-g7-elmau-dfft-commitments – Elmau roadmap for DFFT implementation and interoperable data spaces.
  • 2022-12-14-oecd-government-access-declaration – baseline safeguards for law enforcement access.
  • 2024-06-14-g7-apulia-digital-trust-commitments – integration of DFFT, AI assurance, and secure connectivity.
  • 2023-01-01-california-cpra-effective-date – CPRA enforcement runway with sensitive data and minimization duties.
  • 2025-11-21-global-cbpr-membership-criteria – prepares organisations for Global CBPR Forum membership criteria and CAPE guidance rollout following the 2025 work programme and fall workshop.
  • 2020-07-16-schrems-ii-privacy-shield-invalidated – removal of Privacy Shield and transfer impact assessment requirements for SCCs.
  • Gap watch: Prepare for OECD follow-up guidance on metrics and the Global Cross-Border Privacy Rules Forum certification profiles expected in 2025.

Latin America data protection enforcement

  • Foundational: Brazil LGPD go-live and initial enforcement runway.
  • New coverage:
  • 2021-08-01-brazil-lgpd-sanctions-effective – ANPD sanction powers and evidence expectations for localization, breach response, and lawful bases.
  • 2020-08-26-brazil-anpd-established – decree establishing ANPD governance and enforcement remit ahead of LGPD effectiveness.
  • Gap watch: Monitor ANPD guidance on cross-border transfers and administrative sanction calculation methods as the authority publishes sector playbooks.

Immediate follow-ups

  • Track regulatory outputs: Pending Global CBPR Forum programme requirements, post-evaluation legislative changes under the DGA, and implementing acts or guidance supporting Data Act Article 3, Article 40 enforcement follow-through, and Article 41 execution.
  • Sustain cadence: Prioritise coverage of African data-space pilots, Thailand PDPA enforcement, and sectoral Data Act guidance (energy, health, mobility) to maintain runway visibility through 2026.

A full list of Data Strategy briefs, including slug, summary, and topics, is available in reports/data-strategy-audit.md and the feed directory (zephtech-site/content/feed).