中新法讯 China-Singapore Legal News中新法讯China-Singapore Legal News
Insight

Series Three: Chinese Technology Companies Going Global | Who Owns Core Technology: Intellectual Property and Data Arrangements

25 June 2026

Editor's Note: When Chinese tech enterprises go global, what they take with them is never just products and services — it's source code, algorithm models, training data, and R&D outcomes. Yet many enterprises only seriously address the cross-border arrangements for these core assets when overseas clients start asking questions, investors conduct due diligence, partners demand licensing rights, or project disputes arise — by which point many issues can no longer be resolved through last-minute supplementary documentation.

The ownership and authorization arrangements for technology, data, and IP determine whether an enterprise has the right to contract externally, whether it can serve overseas clients, whether it can withstand investor due diligence, and — when M&A, financing, or disputes arise in the future — whether the enterprise can account for the commercial value it truly owns.

This article, the third in the "Chinese Tech Enterprises Going Global" series, examines the issues that enterprises should focus on before going global, covering core asset ownership, IP chains, IP terms in client contracts, data flows, Singapore data protection and AI governance, and the licensing and regulatory boundaries that certain tech businesses may encounter.

Author: Chinalink Law Cross-Border Compliance Team

01. Core Asset Ownership and Title Chain

During their domestic development phase, tech enterprises tend to focus more on product R&D and client acquisition, and may not have fully addressed IP and technology outcome ownership arrangements. However, once they enter the going-global phase, this issue is rapidly magnified — overseas clients will ask, investors will check, and banks, auditors, and counterparties will also demand clear explanations.

Clients typically ask: Do you have the right to provide me with this technology or system? Which company actually owns the software, algorithms, models, and source code? Are there any claims from outsourced teams, collaborative R&D partners, or individual developers? If an infringement dispute arises in the future, who bears liability?

Investors also focus on:

  • Whether core patents, trademarks, software copyrights, and trade secrets belong to the target investment entity;
  • Whether founders, employees, consultants, and outsourced personnel have signed title confirmation documents;
  • Whether there are technology licensing, permission, or service arrangements between the domestic company and the overseas company;
  • Whether core assets are controlled by individuals, affiliates, or other entities.

Therefore, tech enterprises should at a minimum complete a core asset inventory before going global. Who owns the patents, trademarks, software copyrights, domain names, source code, algorithms, models, databases, technical documentation, R&D outcomes, client data, and trade secrets respectively? Have the relevant R&D personnel, outsourced teams, and collaboration partners signed IP ownership and confidentiality documents? Does the Singapore company or other overseas entity have the right to use these technologies and IP? If the overseas entity is to contract externally, are supplementary technology licenses, service agreements, or authorization documents needed? If these issues are not addressed in advance, they may later affect overseas client contracts, financing due diligence, M&A transactions, and even enterprise valuation.

02. Where to Place IP: Holding, Licensing, and Usage Boundaries

When discussing Singapore structuring, tech enterprises often ask a deceptively simple question: should the core IP be placed in the Singapore company? There is no uniform answer to this question. Whether IP is held by the Chinese company, the Singapore company, or used across domestic and overseas entities through licensing arrangements depends on the enterprise's business model, financing plans, tax arrangements, R&D team location, client contract requirements, and future capital pathway.

In practice, most Chinese enterprises have never conducted a thorough review of IP ownership and the scope of rights during their domestic R&D phase — the question of which entity should serve as the IP holding entity and which entity should conduct IP cooperation externally is often seriously discussed for the first time only when the enterprise is preparing to go global.

It is important to note: if the R&D team, technology investment, and primary costs are all in China, simply transferring IP to an overseas company may give rise to transfer pricing, related-party transaction, and commercial reasonableness issues. Conversely, if a Singapore company has already been established and is expected to contract with overseas clients, this does not necessarily require direct IP transfer — a more common approach is to use technology licenses, software authorizations, service agreements, or commercialization licenses to enable the overseas company to lawfully use the relevant technology and IP within agreed scope.

What enterprises truly need to focus on is not the formal location of the IP, but rather:

  • Whether core asset ownership is clear;
  • Whether the overseas entity has a lawful basis for use;
  • Whether the scope, fees, and term of authorizations between domestic and overseas entities are reasonable;
  • Whether the IP terms in external client contracts are consistent with the enterprise's internal arrangements;
  • Whether this set of arrangements can be understood and accepted by investors at the time of future financing or M&A.

For early-stage enterprises, complex cross-border IP restructuring may not be necessary at the outset, but they should at a minimum ensure that core asset ownership is clear, authorization pathways are well-defined, and the documentary system is internally consistent.

03. IP and Data Provisions in Overseas Client Contracts

When tech enterprises go global, the IP provisions in overseas client contracts are often the area where risks become concentrated. Common issues include:

  • Clients demanding full ownership of custom development outcomes;
  • Demanding use of the enterprise's existing software, source code, or algorithms;
  • Demanding perpetual, worldwide, irrevocable, sub-licensable usage rights;
  • Contracts failing to distinguish between the enterprise's pre-existing technology and new project outcomes;
  • Failure to specify ownership of derivative developments, model training results, or data analysis outcomes;
  • Failure to restrict client copying, reverse engineering, or provision to third parties;
  • Confidentiality clauses being too generic to adequately cover technical materials and commercial information.

The key to addressing these issues lies in distinguishing three categories of assets. First, the enterprise's pre-existing technology — such as its existing software systems, existing code, algorithm models, technical frameworks, and existing databases. This is the enterprise's core asset and should not be acquired by a client through a single project engagement. Second, project customization outcomes — such as interfaces, modules, configurations, or application scenarios developed for specific needs, which may be allocated by commercial negotiation but with clear boundaries. Third, client data and processing results — where client data, user data, or transaction data are involved, further distinctions are needed regarding data sources, purposes of use, processing rights, analytical outcomes, and model optimization results. If not clarified in the contract in advance, an enterprise may believe it has merely delivered a project, while the client believes it has acquired all outcomes and technology usage rights.

Case Scenario: An AI Enterprise's Overseas Client Contract Dispute

A Chinese AI enterprise signed a risk control model development contract with a Southeast Asian financial institution. The client demanded that the contract state that "all outcomes, models, algorithms, and data generated by the project shall belong to the client." Eager to secure the deal, the enterprise signed without negotiating the IP terms. After project delivery, the client not only deployed the model across multiple affiliated companies but also used the core algorithm in its own commercial product development. When the enterprise discovered this and attempted to assert its rights, the contract terms had already granted all rights to the client. If the enterprise had distinguished at the contracting stage between its "pre-existing model framework" (retaining ownership) and the "client-specific configurations and interfaces" (granting usage rights), the outcome could have been entirely different.

04. Data Flows, Singapore Data Protection, and Regulatory Requirements

A common scenario in practice: an enterprise believes it is doing "system deployment" or "technology outsourcing," but during actual delivery, the Chinese team has already accessed the overseas client's business data through remote access, system maintenance, log analysis, and other activities. Once such data flows occur, compliance obligations are no longer something that can be deferred. Enterprises need to at least clarify:

  • Whether personal information is being collected or processed;
  • Whether the client's business data, transaction data, or sensitive data is being processed;
  • Whether the data originates from China, Southeast Asia, or other regions;
  • Whether the data will be transmitted, stored, accessed, or analyzed cross-border;
  • What roles the Singapore company, overseas client, cloud service provider, and third-party service providers respectively play;
  • Whether data processing purposes, scope, security measures, confidentiality obligations, and deletion mechanisms need to be specified in the contract.

Drawing a clear data flow map is the first step. Where is data generated, where is it stored, who accesses it, for what purposes, is it provided to third parties, and how is it handled after project completion? Many enterprises are not incapable of going global — they are simply unable to explain how data flows. In cross-border operations, being "unable to explain" data flows can itself become a risk point in client reviews, investor due diligence, and regulatory inquiries.

If a tech enterprise establishes a company in Singapore and processes personal data, it also needs to pay attention to the obligations under Singapore's Personal Data Protection Act (PDPA) regarding data collection, use, disclosure, protection, cross-border transfer, and data breach notification. For enterprises in fintech, AI risk control, payments, insurtech, or those providing AI and data analytics systems to financial institutions, attention should also be paid to the principles and industry practices relating to AI governance in Singapore's financial regulatory sphere — these requirements are often transmitted to tech service providers through client contracts, due diligence questionnaires, and supplier onboarding requirements.

In addition, tech enterprises should conduct a round of business model compliance assessment before going global: whether the business in the target market constitutes a regulated activity. Fintech, payment services, digital assets, fund and investment advisory, loan facilitation, insurtech, healthcare, edtech, cybersecurity, and platform businesses involving personal data processing all warrant particular caution. Merely providing technical systems to financial institutions is fundamentally different in regulatory nature from directly providing payment, investment, or lending services to end users.

05. Foundational Document Preparation for Technology, Data, and IP

Tech enterprises do not necessarily need a complex documentary system at the outset, but the following six categories of documents have foundational value:

1. IP and R&D Outcome Ownership Documents. Including employee IP assignment agreements, outsourced development contracts, collaborative R&D agreements, and technology outcome confirmation letters.

2. Confidentiality and Trade Secret Protection Documents. Including NDAs, employee confidentiality agreements, partner confidentiality clauses, and technical material delivery records.

3. Cross-Border Technology Licensing or Service Agreements. Where the Singapore company contracts externally but the technology and team are primarily in China, agreements are needed to explain the service, authorization, and revenue relationships between the domestic and overseas entities.

4. Overseas Client Contract Templates. Key coverage should include IP ownership, licensing scope, data processing, acceptance criteria, payment milestones, liability limitations, dispute resolution, and confidentiality obligations. Particular attention should be paid to distinguishing the three categories of assets: enterprise pre-existing technology, project customization outcomes, and client data.

5. Data Processing and Security Compliance Documents. Including data processing clauses, privacy policies, data security measure descriptions, and third-party service provider management terms.

6. Licensing and Regulatory Assessment Documents. For enterprises in fintech, healthcare, edtech, platform services, and similar sectors, a preliminary legal assessment should be conducted before formally commencing business to confirm whether the relevant business may trigger licensing, registration, filing, or other regulatory requirements.

Conclusion | Technology Provenance, Authorization Chains, and Data Flows Determine Whether the Singapore Structure Can Truly Support the Business

Going global for tech enterprises is not merely about expanding markets and clients — it is the cross-border extension of core assets, technical capabilities, data resources, and business models. Singapore can serve as an important go-global platform, but enterprises cannot focus solely on company establishment and bank accounts; they must also pay attention to how technology, data, and IP are arranged in a lawful, clear, and sustainable manner.

At least a few fundamental questions should be answered before going global: Who owns the core technology and IP? Does the overseas company have the right to use them? Will client contracts affect the enterprise's core assets? Is cross-border data processing involved? Could the business trigger licensing or regulatory requirements? If financing, M&A, or disputes arise in the future, can the existing arrangements withstand scrutiny? The earlier these issues are addressed, the more commercial options the enterprise will have in overseas markets and the stronger its negotiating position will be.

Specific solutions must still take into account the enterprise's industry sector, technology type, data sources, shareholder structure, team distribution, client types, and future transaction plans.

—END—

For further information on Chinese tech enterprises going global via Singapore, technology licensing, cross-border data flows, export controls, and related compliance arrangements, please contact the Chinalink Law professional team.

This article is compiled based on practical experience and publicly available legal analysis, for reference only, and does not constitute legal advice. Specific solutions should be assessed on a case-by-case basis, taking into account the enterprise's industry sector, technology type, data sources, shareholder structure, team distribution, counterparties, destination jurisdiction, and future transaction plans, with the advice of professional counsel.