Taiwan's Approach to AI Governance

The Institutionalization of the Taiwan Personal Data Protection Committee - Triumph of Digital Constitutionalism: A Legal Positivism Analysis 2023/07/13 The Legislative Yuan recently passed an amendment to the Taiwan Personal Data Protection Act, which resulted in the institutionalization of the Taiwan Personal Data Protection Commission (hereunder the “PDPC”)[1]. This article aims to analyze the significance of this institutionalization from three different perspectives: legal positivism, digital constitutionalism, and Millian liberalism. By examining these frameworks, we can better understand the constitutional essence of sovereignty, the power dynamics among individuals, businesses, and governments, and the paradox of freedom that the PDPC addresses through governance and trust. I.Three Layers of Significance 1.Legal Positivism The institutionalization of the PDPC fully demonstrates the constitutional essence of sovereignty in the hands of citizens. Legal positivism emphasizes the importance of recognizing and obeying (the sovereign, of which it is obeyed by all but does not itself obey to anyone else, as Austin claims) laws that are enacted by legitimate authorities[2]. In this context, the institutionalization of the PDPC signifies the recognition of citizens' rights to control their personal data and the acknowledgment of the sovereign in protecting their privacy. It underscores the idea that the power to govern personal data rests with the individuals themselves, reinforcing the principles of legal positivism regarding sovereign Moreover, legal positivism recognizes the authority of the state in creating and enforcing laws. The institutionalization of the PDPC as a specialized commission with the power to regulate and enforce personal data protection laws represents the state's recognition of the need to address the challenges posed by the digital age. By investing the PDPC with the authority to oversee the proper handling and use of personal data, the state acknowledges its responsibility to protect the rights and interests of its citizens. 2.Digital Constitutionalism The institutionalization of the PDPC also rebalances the power structure among individuals, businesses, and governments in the digital realm[3]. Digital constitutionalism refers to the principles and norms that govern the relationship between individuals and the digital sphere, ensuring the protection of rights and liberties[4]. With the rise of technology and the increasing collection and use of personal data, individuals often find themselves at a disadvantage compared to powerful entities such as corporations and governments[5]. However, the PDPC acts as a regulatory body that safeguards individuals' interests, rectifying the power imbalances and promoting digital constitutionalism. By establishing clear rules and regulations regarding the collection, use, and transfer of personal data, the PDPC may set a framework that ensures the protection of individuals' privacy and data rights. It may enforce accountability among businesses and governments, holding them responsible for their data practices and creating a level playing field where individuals have a say in how their personal data is handled. 3.Millian Liberalism The need for the institutionalization of the PDPC embodies the paradox of freedom, as raised in John Stuart Mill’s “On Liberty”[6], where Mill recognizes that absolute freedom can lead to the infringement of others' rights and well-being. In this context, the institutionalization of the PDPC acknowledges the necessity of governance to mitigate the risks associated with personal data protection. In the digital age, the vast amount of personal data collected and processed by various entities raises concerns about privacy, security, and potential misuse. The institutionalization of the PDPC represents a commitment to address these concerns through responsible governance. By setting up rules, regulations, and enforcement mechanisms, the PDPC ensures that individuals' freedoms are preserved without compromising the rights and privacy of others. It strikes a delicate balance between individual autonomy and the broader social interest, shedding light on the paradox of freedom. II.Legal Positivism: Function and Authority of the PDPC 1.John Austin's Concept of Legal Positivism: Sovereignty, Punishment, Order To understand the function and authority of the PDPC, we turn to John Austin's concept of legal positivism. Austin posited that laws are commands issued by a sovereign authority and backed by sanctions[7]. Sovereignty entails the power to make and enforce laws within a given jurisdiction. In the case of the PDPC, its institutionalization by the Legislative Yuan reflects the recognition of its authority to create and enforce regulations concerning personal data protection. The PDPC, as an independent and specialized committee, possesses the necessary jurisdiction and competence to ensure compliance with the law, administer punishments for violations, and maintain order in the realm of personal data protection. 2.Dire Need for the Institutionalization of the PDPC There has been a dire need for the establishment of the PDPC following the Constitutional Court's decision in August 2022, holding that the government needed to establish a specific agency in charge of personal data-related issues[8]. This need reflects John Austin's concept of legal positivism, as it highlights the demand for a legitimate and authoritative body to regulate and oversee personal data protection. The PDPC's institutionalization serves as a response to the growing concerns surrounding data privacy, security breaches, and the increasing reliance on digital platforms. It signifies the de facto recognition of the need for a dedicated institution to safeguard the individual’s personal data rights, reinforcing the principles of legal positivism. Furthermore, the institutionalization of the PDPC demonstrates the responsiveness of the legislative branch to the evolving challenges posed by the digital age. The amendment to the Taiwan Personal Data Protection Act and the subsequent institutionalization of the PDPC are the outcomes of a democratic process, reflecting the will of the people and their desire for enhanced data protection measures. It signifies a commitment to uphold the rule of law and ensure the protection of citizens' rights in the face of emerging technologies and their impact on privacy. 3.Authority to Define Cross-Border Transfer of Personal Data Upon the establishment of the PDPC, it's authority to define what constitutes a cross-border transfer of personal data under Article 21 of the Personal Data Protection Act will then align with John Austin's theory on order. According to Austin, laws bring about order by regulating behavior and ensuring predictability in society. By granting the PDPC the power to determine cross-border data transfers, the legal framework brings clarity and consistency to the process. This promotes order by establishing clear guidelines and standards, reducing uncertainty, and enhancing the protection of personal data in the context of international data transfers. The PDPC's authority in this regard reflects the recognition of the need to regulate and monitor the cross-border transfer of personal data to protect individuals' privacy and prevent unauthorized use or abuse of their information. It ensures that the transfer of personal data across borders adheres to legal and ethical standards, contributing to the institutionalization of a comprehensive framework for cross-border data transfer. III.Conclusion In conclusion, the institutionalization of the Taiwan Personal Data Protection Committee represents the convergence of legal positivism, digital constitutionalism, and Millian liberalism. It signifies the recognition of citizens' sovereignty over their personal data, rebalances power dynamics in the digital realm, and addresses the paradox of freedom through responsible governance. By analyzing the PDPC's function and authority in the context of legal positivism, we understand its role as a regulatory body to maintain order and uphold the principles of legal positivism. The institutionalization of the PDPC serves as a milestone in Taiwan's commitment to protect individuals' personal data and safeguard the digital rights. In essence, the institutionalization of the Taiwan Personal Data Protection Committee represents a triumph of digital constitutionalism, where individuals' rights and interests are safeguarded, and power imbalances are rectified. It also embodies the recognition of the paradox of freedom and the need for responsible governance in the digital age in Taiwan. Reference: [1] Lin Ching-yin & Evelyn Yang, Bill to establish data protection agency clears legislative floor, CNA English News, FOCUS TAIWAN, May 16, 2023, https://focustaiwan.tw/society/202305160014 (last visited, July 13, 2023). [2] Legal positivism, Stanford Encyclopedia of Philosophy, https://plato.stanford.edu/entries/legal-positivism/?utm_source=fbia (last visited July 13, 2023). [3] Edoardo Celeste, Digital constitutionalism: how fundamental rights are turning digital, (2023): 13-36, https://doras.dcu.ie/28151/1/2023_Celeste_DIGITAL%20CONSTITUTIONALISM_%20HOW%20FUNDAMENTAL%20RIGHTS%20ARE%20TURNING%20DIGITAL.pdf (last visited July 3, 2023). [4] GIOVANNI DE GREGORIO, DIGITAL CONSTITUTIONALISM IN EUROPE: REFRAMING RIGHTS AND POWERS IN THE ALGORITHMIC SOCIETY 218 (2022). [5] Celeste Edoardo, Digital constitutionalism: how fundamental rights are turning digital (2023), https://doras.dcu.ie/28151/1/2023_Celeste_DIGITAL%20CONSTITUTIONALISM_%20HOW%20FUNDAMENTAL%20RIGHTS%20ARE%20TURNING%20DIGITAL.pdf (last visited July 13, 2023). [6]JOHN STUART MILL,On Liberty (1859), https://openlibrary-repo.ecampusontario.ca/jspui/bitstream/123456789/1310/1/On-Liberty-1645644599.pdf (last visited July 13, 2023). [7] Legal positivism, Stanford Encyclopedia of Philosophy, https://plato.stanford.edu/entries/legal-positivism/?utm_source=fbia (last visited July 13, 2023). [8] Lin Ching-yin & Evelyn Yang, Bill to establish data protection agency clears legislative floor, CNA English News, FOCUS TAIWAN, May 16, 2023, https://focustaiwan.tw/society/202305160014 (last visited, July 13, 2023).

I.Summary In 1995, the Computer-Processed Personal Data Protection Law was implemented in the Republic of China. With the constant development of information technology and the limitations in the application of the legislation, the design of the original legal system is no longer consistent with practical requirements. Considering the increasing number of incidents of personal data leaks, discussions were carried out over a long period of time and the new version of the Personal Information Protection Act was passed after three readings in April, 2010. The title of the law was changed to Personal Information Protection Act. The new system has been officially implemented since 1 October, 2012. The new Act not only revised the provisions of the law in a comprehensive way, but also significantly increased the obligations and responsibilities of enterprises. In terms of civil liability, the maximum amount of compensation for a single incident is 200 Million NTD. For domestic industries, how to effectively respond to the requirements under the Personal Information Protection Act and adopt proper corresponding measures to lower the risk has become a key task for enterprise operation. II. Main Points 1. Implementation of the Enforcement Rules of the Personal Information Protection Act Personal information protection can be said the most concerned issue in Taiwan recently. As a matter of fact, the Computer-Processed Personal Data Protection Law was established in Taiwan as early as August 1995. After more than 10 years of development, computer and information technology has evolved significantly, and many emerging business models such as E-commerce are extensively collecting personal data. It has become increasingly important to properly protect personal privacy. However, the previous Computer-Processed Personal Data Protection Law was only applicable to certain industries, i.e. the following 8 specific industries: the credit investigation business, hospital, school, telecommunication business, financial business, securities business, insurance business, and mass media. And other business was designated by the Ministry of Justice and the central government authorities in charge of concerned enterprises. In addition, the law only protected personal information that was processed by “computer or automatic equipment”. Personal information that was not computer processed was not included. There were clearly no sufficient regulations for the protection of personal data privacy and interest. There were numerous incidents of personal data leaks. Among the top 10 consumer news issued by the Consumer Protection Committee of the Executive Yuan in 2007, “incidents of personal data leaks through E-commerce and TV shopping” was on the top of the list. This provoked the Ministry of Justice and the Ministry of Economic Affairs to “jointly designate” the retail industry without physical boutique (including 3 transaction models: online shopping, catalogue shopping and TV shopping) to be governed by the Computer-Processed Personal Data Protection Law since 1 July 2010. To allow the provisions of the personal information protection legal system to meet the environment of rapid change, the Executive Yuan proposed a Draft Amendment to the Computer-Processed Personal Data Protection Law very early and changed the title to the Personal Information Protection Act. The draft was discussed many times in the Legislative Yuan. Personal Information Protection Act was finally passed after three readings in April 2010, which was officially published by the Office of the President on 26 May. Although the new law was passed in April 2010, to allow sufficient time for enterprises and the public to understand and comply the new law, the new version of the personal information protection law was not implemented on the date of publication. In accordance with Article 56 of the Act, the date of implementation was to be further established by the Executive Yuan. After discussions over a long period of time, the Executive Yuan decided for the Personal Information Protection Act to be officially implemented on 1 October 2012. However, the implementation of two articles is withheld: Article 6 of the Act about the principal prohibition against the collection, processing and use of special personal information and Article 54 about the obligation to notice the Party within one year for personal information indirectly acquired before the implementation of the new law. In terms of the personal data protection legal system, other than the most important Personal Data Protection Act, the enforcement rules established in accordance with the main law also play a key role. The previous Enforcement Rules of the Computer-Processed Personal Data Protection Law were published and implemented on 1 May, 1996. Considering that the Computer-Processed Personal Data Protection Law was amended in 2010 and that its title has been changed to the Personal Data Protection Act, the Ministry of Justice also followed the amended provisions under the new law and actively studied the Draft Amendment to the Enforcement Rules of the Computer-Processed Personal Data Protection Act. After it was confirmed that the new version of the Personal Data Protection Act would be officially launched on 1 October 2012, the Ministry of Justice announced officially the amended enforcement rules on 26 September, 2012. The title of the enforcement rules was also amended to the Enforcement Rules of the Personal Data Protection Act. The new version of personal data protection law and enforcement rules was thus officially launched, creating a brand new era for the promotion of personal data protection in Taiwan. II. Personal Data Administration System and Information Privacy Protection Charter Before the amendment to the Personal Data Protection Act was passed, the Legislative Yuan made a proposal to the government in June 2008 to promote a privacy administration and protection certification system in Taiwan, in reference to foreign practices. In August of the following year, the Strategic Review Board of the Executive Yuan passed a resolution to promote the E-Commerce Personal Data Administration and Information Security Action Plan. In December of the same year, approval was granted for the plan to be included in the key government promotion plans from 2010 to 2013. Based on this action plan, since October 2010, the Ministry of Economic Affairs has asked the Institution for Information Industry to execute an E-Commerce Personal Data Administration System Setup Plan. Since 2012, the E-Commerce Personal Data Administration System Promotion Plan and the Taiwan Personal Information Protection and Administration System (TPIPAS) have been established and promoted, with the objective of procuring enterprises to, while complying with the personal data protection legal system, properly protect consumers’ personal information through the establishment of an internal administration mechanism and ensuring that the introducing enterprises meet the requirements of the system. The issuance of the Data Privacy Protection Mark (dp.mark) was also used as an objective benchmark for consumers to judge the enterprise’s ability to maintain privacy. Regarding the introduction of the personal data administration system, enterprises should establish a content administration mechanism step by step in accordance with the Regulations for Taiwan Personal Information Protection and Administration System. Such system also serves as the review benchmark to decide whether domestic enterprises can acquire the Data Privacy Protection Mark (dp.mark). Since domestic enterprises did not have experience in establishing internal personal data administration system in the past, starting 2011, under the Taiwan Personal Information Protection and Administration System, enterprises received assistance in the training of system professionals such as Personal Data Administrators and Personal Data Internal Appraisers. Quality personal data administrators can help enterprises establish complete internal systems. Internal appraisers play the role of confirming whether the systems established by the enterprises are consistent with the system requirements. As of 2012, there are almost 100 enterprises in Taiwan that participate in the training of system staff and a total of 426 administrators and 131 internal appraisers. In terms of the introduction of TPIPAS, in additional to the establishment and introduction of administration systems by qualified administrators, enterprises can also seek assistance from external professional consulting institutions. Under the Taiwan Personal Information Protection and Administration System, applications for registration of consulting institutions became available in 2012. Qualified system consulting institutions are published on the system website. Today 9 qualified consulting institutions have completed their registrations, providing enterprises with personal data consulting services. After an enterprise completes the establishment of its internal administration system, it may file an application for certification under the Taiwan Personal Information Protection and Administration System. The certification process includes two steps: “written review” and “site review”. After the enterprise passing certification, it is qualified to use the Data Privacy Protection Mark (dp.mark). Today 7 domestic companies have passed TPIPAS certification and acquired the dp.mark: 7net, FamiPort, books.com.tw, LOTTE, GOHAPPY, PAYEASY and Sinya Digital, reinforcing the maintenance of consumer privacy information through the introduction of personal data administration system. III. Event Analysis The Taiwan Personal Information Protection and Administration System (TPIPAS) is a professional personal data administration system established based on the provisions of the latest version of the domestic Personal Data Protection Act, in reference to the latest requirements of personal data protection by international organizations and the experience of main countries in promoting personal data administration system. In accordance with the practical requirements to protect personal data by industries, TPIPAS converted professional legal conditions into an internal personal data administration procedure to effectively assist industries to establish a complete and proper personal data administration system and to comply with the requirements of personal data legislations. With the launch of the new version of the Personal Data Protection Act, introducing TPIPAS and acquiring dp.mark are the best strategies for enterprises to lower the risk from the personal data protection law and to upgrade internal personal data administration capability.

Legal Analysis of the U.S. BIOSECURE Act: Implications for Taiwanese Biotechnology Companies 2024/11/15 I.Introduction The U.S. BIOSECURE Act (H.R.8333)[1](hereunder, "BIOSECURE Act" or "Act") is a strategic legislative measure designed to protect U.S. biotechnology technologies and data from potential exploitation by foreign entities deemed to be threats to national security. Passed by the House of Representatives on September 9, 2024, with a vote of 306-81[2], the Act demonstrates robust bipartisan support to limit foreign influence in critical U.S. sectors. Passed during the legislative session known as "China Week[3]," the Act imposes restrictions on government contracts, funding, and technological cooperation with entities classified as "Biotechnology Companies of Concern" (hereunder, "BCCs") that are affiliated with adversarial governments. Given Taiwan's prominent role in biotechnology and its strong trade ties with the U.S., Taiwanese companies must examine the implications of the BIOSECURE Act, specifically in regard to technology acquisition from restricted foreign companies and compliance obligations for joint projects with U.S. partners. This analysis will delve into three core aspects of the BIOSECURE Act: (1) the designation and evaluation of BCCs, (2) prohibitions on transactions involving BCCs, and (3) enforcement mechanisms. Each section will evaluate potential impacts on Taiwanese companies, focusing on how the Act might influence technology transfers, compliance obligations, and partnership opportunities within the U.S. biotechnology supply chain. II.Designation and Evaluation of Biotechnology Companies of Concern A central element of the BIOSECURE Act is the process of identifying and evaluating foreign biotechnology companies considered potential threats to U.S. national security.[4] Under Section 2(f)(2) of the Act, a "Biotechnology Company of Concern" is defined as any entity associated with adversarial governments—specifically, China, Russia, North Korea, and Iran[5]—that engages in activities or partnerships posing risks to U.S. security[6]. These risks may include collaboration with foreign military or intelligence agencies, involvement in dual-use research, or access to sensitive personal or genetic information of U.S. citizens. Companies already designated as BCCs include BGI, MGI, Complete Genomics, WuXi AppTec, and WuXi Biologics, all of which have substantial ties to China and the Chinese government or military[7]. Under Section 2(f)(4) of the Act, the Office of Management and Budget (OMB) is required to continuously evaluate and update the BCC list in consultation with agencies such as the Department of Defense, Department of Commerce, and the National Intelligence Community to reflect evolving security concerns[8]. The designation process presents significant challenges for Taiwanese companies, particularly those that have connections with BCCs or rely on BCC technologies for their products, diagnostics, or research initiatives. For instance, if a Taiwanese company uses gene sequencing technology or multiomics tools sourced from one of the designated BCCs, it may face restrictions when pursuing contracts with U.S. entities or seeking federal funding. To proactively address these challenges, Taiwanese companies should establish compliance protocols that verify the origin of their technology and data sources. Moreover, developing new supply chain relationships with U.S. or European suppliers may not only reduce reliance on BCC-affiliated technology but also enhance Taiwanese companies' reputation as secure and reliable partners in the biotechnology industry. By adapting proactively to the BCC designation process, Taiwanese companies can anticipate and respond to future regulatory shifts more effectively. Diversifying their technology base away from BCCs positions these companies to better align with U.S. biosecurity standards, thereby becoming more attractive collaborators for U.S.-based biotechnology and life sciences companies. Given the rapid pace of regulatory and security developments, staying informed about changes in BCC designations will enable Taiwanese companies to operate with greater agility, adjusting suppliers and adopting new compliance measures as needed. Such proactive alignment can strengthen their resilience and reinforce their status as stable and secure participants in the global biotechnology landscape. III.Prohibition on Government Contracts and Funding A core component of the BIOSECURE Act is its stringent restrictions on contracting and funding involving entities linked to BCCs, as detailed in Section 2(a) of the act[9]. These restrictions extend beyond direct federal interactions to include any recipients of federal funds, prohibiting them from using such funds to procure biotechnology products or services from BCCs[10]. By curtailing federal support and preventing indirect financial benefits to these companies, the U.S. aims to mitigate national security risks posed by adversarial governments. The wide-reaching scope of these prohibitions makes the BIOSECURE Act one of the most comprehensive legislative efforts to secure the biotechnology sector and address concerns over foreign technologies potentially compromising U.S. security interests. For Taiwanese biotechnology companies, these prohibitions introduce substantial compliance demands, particularly for companies that utilize BCC technology within their supply chains. For example, a Taiwanese company engaged in a joint research project with a U.S. government contractor may be required to demonstrate that none of its technology or data sources originate from BCCs. Compliance could necessitate rigorous supply chain audits and operational adjustments, potentially increasing short-term costs. However, aligning with U.S. regulatory standards preemptively can position Taiwanese companies as more desirable partners for U.S. entities that are increasingly prioritizing security and regulatory adherence. The BIOSECURE Act also incentivizes Taiwanese companies to explore alternative technology providers that meet U.S. biosecurity criteria, including secure data management practices, compliance with federal regulations, and the absence of connections to adversarial governments. By sourcing technology from approved U.S. or European biotechnology companies, Taiwanese companies can enhance their market access and collaborative prospects in the U.S. biotechnology and life sciences sectors. This strategy may also foster long-term stability in partnerships and mitigate risks associated with supply chain disruptions, particularly if more companies are designated as BCCs in the future[11]. Establishing partnerships with U.S.-aligned suppliers can also provide Taiwanese companies with a competitive edge in securing government contracts and research funding, as U.S.-based entities increasingly prefer suppliers that comply with national biosecurity requirements. IV.Enforcement Mechanisms, Transition Periods, and Taiwanese Considerations The BIOSECURE Act outlines key enforcement mechanisms and transitional provisions designed to facilitate the adjustment process for companies affected by its restrictions. Specifically, Section 2(c) of the Act provides an eight-year grandfathering period for contracts established prior to the Act’s effective date involving existing BCCs, allowing these agreements to continue until January 1, 2032[12]. This provision is intended to provide companies that are dependent on BCC-supplied biotechnology ample time to transition to compliant suppliers. In addition, the Act includes a "safe harbor" provision[13], which clarifies that equipment previously produced by a BCC but now sourced from a non-BCC entity will not be restricted. This allows companies to re-source components without the risk of penalties for past procurement decisions. For Taiwanese companies, this transition period presents a critical opportunity to adapt to the new regulatory environment without facing immediate disruptions to business operations. Companies dependent on BCC technology for essential biotechnological functions can leverage the eight-year window to gradually phase out such suppliers, thereby minimizing the impact on operations while ensuring future compliance. For example, a Taiwanese company that relies on a BCC’s sequencing technology for genomic research can use this period to forge partnerships with compliant technology suppliers, thereby avoiding sudden disruptions in research or production. Additionally, the Act includes a waiver provision[14] that allows case-by-case exemptions under specific conditions, particularly when compliance is infeasible, such as in instances where critical healthcare services abroad are at risk[15]. By making strategic use of the phased enforcement and waiver provisions, Taiwanese companies can restructure their supply chains to align fully with U.S. requirements. Those that plan these transitions carefully not only ensure regulatory compliance but also enhance their appeal as resilient and trustworthy partners in the U.S. market. Exploring new collaborations with U.S.-approved biotechnology suppliers can further bolster supply chain resilience against future geopolitical or regulatory uncertainties. The transition period[16] and waiver options[17] reflect the BIOSECURE Act's balanced approach between immediate security needs and pragmatic implementation, which Taiwanese companies can capitalize on to build robust, compliant biotechnological operations. V.Conclusion The U.S. BIOSECURE Act[18] presents both significant challenges and strategic opportunities for Taiwanese biotechnology companies. The Act’s restrictions on contracts with designated BCCs and funding constraints necessitate a reassessment of technology acquisition strategies and a reinforcement of compliance practices. Taiwanese companies seeking deeper integration into U.S. and global biotechnology markets will benefit from aligning their procurement approaches with non-BCC suppliers, particularly those in the U.S. or allied countries. This proactive alignment will not only mitigate potential compliance risks but also enhance Taiwanese companies’ reputations as reliable global partners in biotechnology. The phased enforcement and waiver provisions of the BIOSECURE Act[19] provide Taiwanese companies with a clear pathway to navigate the evolving regulatory landscape, allowing them to establish stronger, more resilient supply chains that meet U.S. standards. Such alignment positions these companies as competitive players in the biotechnology sector, contributing to secure and innovative progress in an increasingly interconnected world. By actively engaging with the BIOSECURE Act’s compliance demands, Taiwanese biotechnology companies can leverage the Act's phased implementation to ensure sustained, secure access to the U.S. market and foster strategic biotechnology partnerships. Reference: [1] U.S. CONGRESS, H.R. 8333 – U.S. BIOSECURE Act (2024), https://www.congress.gov/bill/118th-congress/house-bill/8333 (last visited Nov. 1, 2024). [2] OFFICE OF THE CLERK, U.S. HOUSE OF REPRESENTATIVES, Roll Call Vote No. 402 on H.R. 8333 (Sept. 9, 2024), https://clerk.house.gov/Votes?RollCallNum=402&BillNum=H.R.8333 (last visited Nov. 1, 2024). [3] JANINE LITTLE, U.S. House Of Representatives Passes The BIOSECURE Act During “China Week”, Global Supply Chain Law Blog (Sept. 13, 2024), https://www.globalsupplychainlawblog.com/supply-chain/u-s-house-of-representatives-passes-the-biosecure-act-during-china-week/ (last visited Nov. 1, 2024). [4] SABINE NAUGÈS & SARAH L. ENGLE, BIOSECURE Act: US Target on Chinese Biotechnology Companies, NAT'L L. REV. (Sept. 13, 2024), https://natlawreview.com/article/biosecure-act-us-target-chinese-biotechnology-companies (last visited Nov. 1, 2024). [5] 10 U.S.C. § 4872(d) (2024), https://www.law.cornell.edu/uscode/text/10/4872 (last visited Nov. 1, 2024). [6] U.S. CONGRESS, H.R. 8333 – U.S. BIOSECURE Act (2024), https://www.congress.gov/bill/118th-congress/house-bill/8333 (last visited Nov. 1, 2024). [7] id. [8] id. [9] id. [10] id. [11] JANINE LITTLE, U.S. House Of Representatives Passes The BIOSECURE Act During “China Week”, Global Supply Chain Law Blog (Sept. 13, 2024), https://www.globalsupplychainlawblog.com/supply-chain/u-s-house-of-representatives-passes-the-biosecure-act-during-china-week/ (last visited Nov. 1, 2024). [12] U.S. CONGRESS, H.R. 8333 – U.S. BIOSECURE Act (2024), https://www.congress.gov/bill/118th-congress/house-bill/8333 (last visited Nov. 1, 2024). [13] id. [14] id. [15] id. [16] id. [17] id. [18] id. [19] id.

The activities of accessing to Taiwan's biological resources can be governed within certain extent described as follows. 1 、 Certain Biological Resources Controlled by Regulations Taiwan's existing regulation empowers the government to control the access to biological resources within certain areas or specific species. The National Park Law, the Forestry Act, and the Cultural Heritage Preservation Act indicate that the management authority can control the access of animals and plants inside the National Park, the National Park Control Area, the recreational area, the historical monuments, special scenic area, or ecological protection area; forbid the logging of plants and resources within the necessary control area for logging and preserved forestry, or control the biological resources inside the natural preserved area. In terms of the scope of controlled resources, according to the guidance of the Wildlife Conservation Act and the Cultural Heritage Preservation Act, governmental management authority is entitled to forbid the public to access the general and protected wild animals and the plant and biological resources that are classified as natural monuments. To analyse the regulation from another viewpoint, any access to resources in areas and of species other than the listed, such as wild plants or microorganism, is not regulated. Therefore, in terms of scope, Taiwan's management of the access to biological resources has not covered the whole scope. 2 、 Access Permit and Entrance Permit Taiwan's current management of biological resources adopts two kinds of schemes: access permit scheme and entrance permit in specific areas. The permit allows management authority to have the power to grant and reject the collection, hunting, or other activities to access resources by people. This scheme is similar to the international standard. The current management system for the access to biological resources promoted by many countries and international organizations does not usually cover the guidance of entrance in specific areas. This is resulting from that the scope of the regulation about access applies for the whole nation. However, since Taiwan has not developed regulations specifically for the access of bio-research resources, the import/export regulations in the existing Wildlife Conservation Act, National Park Law, Forestry Act, and Cultural Heritage Preservation Act may provide certain help if these regulations be properly connected with the principle of access and benefit sharing model, so that they will help to urge people to share the research interests. 3 、 Special Treatments for Academic Research Purpose and Aborigines Comparing to the access for the purpose of business operation, Taiwan's regulations favour the research and development that contains collection and hunting for the purpose of academic researches. The regulation gives permits to the access to biological resources for the activities with nature of academic researches. For instance, the Wildlife Conservation Act, National Park Law, and theCultural Heritage Preservation Act allow the access of regulated biological resources, if the academic research unit obtains the permit, or simply inform the management authority. In addition, the access by the aborigines is also protected by the Forestry Act, Cultural Heritage Preservation Act, and the Aboriginal Basic Act. The aborigines have the right to freely access to biological resources such as plants, animals and fungi. 4 、 The Application of Prior Informed Consent (PIC) In topics of the access to and benefit sharing of biological resources, the PIC between parties of interests has been the focus of international regulation. Similarly, when Taiwan was establishing theAboriginal Basic Act, this regulation was included to protect the aborigines' rights to be consulted, to agree, to participate and to share the interests. This conforms to the objective of access and benefit sharing system. 5 、 To Research and Propose the Draft of Genetic Resources Act The existing Wildlife Conservation Act, National Park Law, Forestry Act,Cultural Heritage Preservation Act, Aboriginal Basic Act provide the regulation guidance to the management of the access to biological resources within certain scope. Comparing to the international system of access and benefit sharing, Taiwan's regulation covers only part of the international guidance. For instance, Taiwan has no regulation for the management of wild plants and micro-organism, so there is no regulation to confine the access to wild plants and microorganism. To enlarge the scope of management in terms of the access to Taiwan's biological resources, the government authority has authorize the related scholars to prepare the draft of Genetic Resources Act. The aim of the Genetic Resources Act is to establish the guidance of the access of genetic resources and the sharing of interests in order to preserve the genetic resources. The draft regulates that the bio-prospecting activity should be classified into business and academic, with the premise of not interfering the traditional usages. After classification, application of the permit should be conducted via either general or express process. During the permit application, the prospector, the management authority, and the owner of the prospected land should conclude an agreement jointly. In the event that the prospector wishes to apply for intellectual property rights, the prospector should disclose the origin of the genetic resources and provide the legally effective documents of obtaining these resources. In addition, a Biodiversity Fund should be established to manage the profits derived from genetic resources. The import/export of genetic resources should also be regulated. Violators should be fined.