Launch Q3 2026
BearGuard®
BearGuard®
Governance & AI Guardrails
DE EN
🔒 Standards & Certifications

APEC CBPR (Cross-Border Privacy Rules)

The APEC CBPR system is a voluntary certification system for cross-border data transfers in the Asia-Pacific region based on the APEC Privacy Principles.

LinkedIn X WhatsApp

Summary

The APEC Cross-Border Privacy Rules (CBPR) System is a voluntary, market-driven mechanism designed to facilitate cross-border data transfers between APEC member economies. It is based on the APEC Privacy Principles of 2004 and was operationalized in 2011. Companies that obtain CBPR certification commit to meeting privacy standards verified by recognized Accountability Agents.

  • Voluntary Certification: Companies apply to accredited Accountability Agents.
  • Nine Principles: Based on APEC Privacy Principles (Notice, Choice, Access, etc.).
  • Cross-Border Recognition: Certified companies can more easily transfer data between participating economies.
  • PRP System: Complementing CBPR, the Privacy Recognition for Processors (PRP) system exists for data processors, also forming part of the APEC privacy framework.
  • Global CBPR Forum: Since 2022 expanded as an independent international forum beyond APEC.

History

The foundation was laid in 2004 with the APEC Privacy Framework, which established nine privacy principles for all 21 APEC member economies. In 2005, the APEC Data Privacy Subgroup began developing the CBPR system as a practical instrument for business. After a multi-year development process, the CBPR system was formally endorsed by APEC trade ministers in 2011. The United States joined as the first economy in 2012, followed by Mexico (2013), Japan (2014), Canada (2015), Singapore (2017), the Republic of Korea (2017), Australia (2018), the Philippines (2019), and Chinese Taipei (Taiwan) (2019). In 2022, the Global CBPR Forum was established to extend the system to non-APEC countries and strengthen its global character. Since its founding, additional members have expressed interest or joined, including the United Kingdom, Bermuda, the Cayman Islands, and Jersey.

Scope

The APEC CBPR system targets companies that transfer personal data across borders within the APEC region. It applies to:

  • Private companies of any size in participating APEC economies.
  • Data exporters and importers seeking to demonstrate legally sound cross-border data transfers.
  • Multinational corporations implementing consistent privacy standards across the APEC region.

Currently participating economies in the APEC CBPR system (as of 2024): USA, Mexico, Japan, Canada, Singapore, Republic of Korea, Australia, Philippines, and Chinese Taipei (Taiwan). Since 2022, non-APEC countries can also join through the Global CBPR Forum; the Forum's members additionally include the United Kingdom, Bermuda, the Cayman Islands, and Jersey.

Key Requirements

  • Notice: Transparent information to individuals about data collection and use.
  • Collection Limitation: Collect only data necessary for the stated purpose.
  • Uses of Personal Information: Use data only for stated or compatible purposes.
  • Choice: Individuals have the opportunity to object to the use of their data.
  • Integrity of Personal Information: Ensuring data accuracy and currency.
  • Security Safeguards: Appropriate technical and organizational protective measures.
  • Access and Correction: Individuals can view and have their data corrected.
  • Accountability: Organizations are responsible for compliance with the principles and must demonstrate this. Recognized Accountability Agents include TrustArc (USA), JIPDEC (Japan), and IMDA (Singapore).
  • Preventing Harm: Protective measures to avoid harm to individuals.

Related Frameworks

PDPA-SGPrivacy/Datenschutz

Corrections & Errata

2026-QA-013 Correction 28 February 2026
Quality Audit: APEC CBPR (Cross-Border Privacy Rules)

4 corrections:
- Philippines missing as participating economy
- Singapore joining date potentially wrong (2016 instead of 2017)
- Mexico joining date wrong: 2013, not 2012
- Taiwan/Chinese Taipei joining date potentially wrong (2020 instead of 2019)
1 update:
- Global CBPR Forum members after 2022 missing
5 clarifications.
1 note.

Full details on the errata page →

Content last reviewed: 7 March 2026. Found an error or need an update? [email protected]