While WTO-level discussions on digital trade rules have been delayed, rule-making at the bilateral and regional levels—through e-commerce chapters in free trade agreements (FTAs) and stand-alone digital trade agreements (DTAs)—has advanced rapidly. However, because these agreements differ substantially across countries and over time in both the depth and scope of their provisions, regulatory fragmentation has intensified. At the same time, the rapid development of artificial intelligence (AI) is introducing new challenges to the emerging digital trade order. Issues such as privacy and copyright infringement arising from large-scale data collection and use, data dominance by digital platforms, the spread of misinformation, and heightened cyber security risks fall outside what traditional trade rules anticipated. AI technologies now generate multidimensional implications across data governance, intellectual property rights, competition policy, and ethical and safety standards, thereby heightening the need for domestic regulatory preparedness as well as international cooperation and institutionalization.

Digital trade agreements can be broadly classified into: (1) agreements embedded in FTAs (as e-commerce or digital trade chapters) and (2) stand-alone digital agreements concluded separately from FTAs. The former category can also be typologized—such as U.S.-style, EU-style, and China-style models—for comparative analysis. The U.S.-style model (e.g., TPP, USMCA) typically incorporates, as a dedicated FTA chapter, high-standard and open provisions on cross-border data transfers, prohibitions on data localization requirements (including restrictions on mandating the use or location of computing facilities), and prohibitions on requiring the transfer of, or access to, source code. By contrast, EU-style agreements often include e-commerce disciplines within the services framework; they tend to address cross-border data flows and prohibitions on data localization within a single provision and do not generally include a rule on non-discriminatory treatment of digital products. By contrast, so-called China-style digital disciplines, as reflected in RCEP, tend to remain closer to a “status quo maintenance” approach with respect to the moratorium/non-imposition of customs duties on electronic transmissions, rather than establishing stronger new obligations, and do not include source code protection provisions. They also accord relatively broad regulatory discretion by allowing Parties, where deemed necessary, to apply exceptions for legitimate public policy objectives (LPPO) and national security exceptions with respect to cross-border data transfers. Notably, China’s recent pursuit of accession to DEPA and CPTPP suggests a potential pathway toward engagement with higher-standard digital trade disciplines. Representative stand-alone digital agreements include DEPA and the U.S.–Japan Digital Trade Agreement. Overall, digital trade agreements tend to be more detailed and more binding with respect to core issues—such as data transfers, localization prohibitions, and source code—when they are concluded more recently and when they are negotiated among advanced economies.

Against the backdrop of the AI era, this study examines those areas of digital trade disciplines most closely linked to AI—data governance, technical barriers to trade (TBT), competition, intellectual property rights, and AI regulation and cooperation. It analyzes major economies’ domestic legal frameworks and the current state of digital trade rules, anticipates the direction of AI-era digital trade norms, and explores implications for Korea’s regulatory strategy.

From a data governance perspective, the EU has developed a dual structure—promoting the free flow of data within the internal market while maintaining strict controls over external access—through the GDPR and related legislation such as the Data Act and the Data Governance Act. The United States generally prioritizes free cross- border data transfers, but it has strengthened national-security-driven controls by restricting transfers of sensitive data to adversarial countries, including through the enactment of the Protecting Americans’ Data from Foreign Adversaries Act (PADFA) in 2024. China adopted the 2024 Provisions on Promoting and Regulating Cross-Border Data Flows, expanding exemptions from security assessments and standard contractual requirements and thereby improving predictability. Korea comprehensively overhauled its rules on overseas transfers of personal information through the 2023 amendment to the Personal Information Protection Act (PIPA), shifting from a predominantly consent-based structure to a framework that recognizes multiple legal bases, including treaties and international agreements, adequacy decisions by the supervisory authority, and certifications. In parallel, Korea has sought to strengthen the enabling conditions for industrial data use through legislation such as the Data Industry Act and the Industrial Digital Transformation Promotion Act. Going forward, to support AI development, the domestic framework may need to be adjusted to facilitate appropriate data use for AI, and—regarding cross-border transfers—Korea should consider adopting a risk-based approach, while ensuring alignment with domestic law and applying calibrated restrictions where warranted, including on a reciprocity basis.

In the TBT area, the WTO TBT Agreement remains focused on goods and does not directly apply to services or AI technologies. The EU has institutionalized a risk-based approach through the EU AI Act, while the United States continues to lack comprehensive federal regulation despite growing state-level legislative activity. China has introduced AI-related TBT-type regulations by imposing filing and labeling obligations for generative AI and algorithmic services and by issuing numerous national standards. Korea has enacted the Artificial Intelligence Basic Act (scheduled to take effect in 2026), establishing a domestic AI regulatory framework. However, current digital trade disciplines do not yet establish direct, binding obligations specifically tailored to AI-TBT issues, although certain ICT-related provisions (including those involving the use of cryptography) have been introduced in some agreements. Meanwhile, the Korea–EU DTA and the EU–Singapore DTA extend elements traditionally associated with the TBT domain—such as international standardization, mutual recognition of conformity assessment, information exchange, and enhanced transparency—into the digital services space. This suggests that future digital trade agreements may increasingly seek to apply and expand TBT-type disciplines to digital services. Korea, for its part, should participate more proactively in international standard-setting processes and, where appropriate, expand mutual recognition arrangements in order to adapt flexibly to fast-evolving AI technologies and maintain global competitiveness.

From a competition policy perspective, the concentration of data and platform markets has intensified concerns about dominance, and AI development may further strengthen data concentration and platform lock-in structures. Yet current digital trade agreements have not sufficiently developed direct and binding rules to address these concerns. Some agreements—such as the Korea–Singapore DPA and DEPA—include competition-related cooperation provisions centered on information exchange and voluntary cooperation among authorities. Over the medium to long term, attempts could emerge to incorporate obligations on data portability and interoperability into digital trade rules in order to mitigate lock-in effects and promote fair competition; however, given differences in domestic regulatory systems and national interests, it is unlikely that such obligations will be adopted as binding treaty commitments in the near term.

In the intellectual property area, digital trade disciplines often include protections such as prohibitions on requiring the transfer of, or access to, source code (and algorithms) as a condition for market access. With the spread of generative AI, a central issue is whether data use in training may infringe copyrights or other IP rights, and a key focal point is the recognition and scope of a text and data mining (TDM) exception. The EU explicitly provides for TDM exceptions in its copyright framework, and Japan has adopted provisions that broadly allow data use for analysis purposes under its Copyright Act. By contrast, Korea does not have a TDM-specific exception; instead, legality is assessed case-by-case primarily through the “fair use” clause (Copyright Act Article 35-5). From the standpoint of enhancing legal predictability in potential infringement disputes, Korea should consider either (i) introducing a TDM-specific exception or (ii) clarifying, through guidelines and/or legislative refinement, the applicability criteria of the fair use clause to TDM and AI training contexts.

As the importance of AI regulation and international cooperation has grown, recent digital trade agreements have increasingly incorporated AI-related cooperation provisions. For example, the Korea–Singapore DPA and DEPA include dedicated provisions on AI, and also contain separate provisions on data innovation. While the UK–Singapore Digital Economy Agreement (DEA) explicitly provides for joint research and policy cooperation across the AI domain. Looking ahead, rising demands for trust and transparency amid the spread of generative AI may prompt digital trade agreements to address “responsible AI” measures—such as labeling requirements for AI-generated outputs—through cooperation clauses, best-endeavor language, or gradually strengthened commitments. In light of these developments, Korea’s Framework Act on Artificial Intelligence (AI Basic Act) should consider introducing an AI sandbox mechanism, and it would be desirable to issue clear guidance on the scope and implementation of labeling obligations for AI-generated content.

Korea’s current portfolio of digital trade agreements varies considerably across instruments in terms of both the level of disciplines and the degree of bindingness. As Korea expands its engagement in digital trade agreements, it will be important to include core disciplines—such as cross-border data transfers, prohibitions on data localization requirements, and source code protection—as consistently as possible as a common baseline, and to institutionalize them as effective, enforceable obligations in order to reduce firms’ compliance costs arising from rule fragmentation. In addition, meeting the demands of the AI era calls for a balanced digital trade framework that advances openness while maintaining appropriate safeguards. This, in turn, will require a coordinated set of measures—refined risk-based data disciplines, expanded TBT-type disciplines for digital services, and an institutionalized governance framework for AI ethics and safety.