The awareness of global trade secret protection continues to rise. In May 2025, the U.S. House of Representatives passed H.R.1486, the Economic Espionage Prevention Act (EEPA). The Executive Yuan announced the second edition of the national core key technologies list by the end of 2024, expanding the scope of protection under the National Security Act. These regulations directly impact corporate operating strategies, and companies can refer to the Trade Secret Management System Standard published by the Institute for Information Industry for improving the protection of trade secrets.

The “Trade Secret Management System”, released by the Science & Technology Law Institute of Institute for Information Industry on March 1, 2023, is a standard to guide organizations developing a systematic trade secret management system in alignment with relevant regulations and their operation objectives. Its aim is to assist the organizations reducing the risks of trade secret leakage while improving organizational competitive advantages.

The Trade Secret Management System standard provides a framework for organizations to design, implement, and continuously improve their trade secret management performance. As defined in Article 2 of the Trade Secrets Act, "trade secret" could be any method, technique, process, formula, program, design, or other information that may be used in the course of production, sales, or operations, meeting following requirements:

1. It is not known to persons generally involved in the information of this type;

2. It has economic value, actual or potential, due to its secretive nature; and

3. Its owner has taken reasonable measures to maintain its secrecy.

The Trade Secret Management System standard comprises a total of 10 chapters. The following is a brief overview of each chapter:

Chapter 1: This chapter indicates the standard is applicable to all organizations regardless of their types, sizes, and the products or services they provide. It mentions that the organization can determine their management approached to meet the requirements of the standard.

Chapter 2: This chapter provides the definitions of specific terms used in the standard.

Chapter 3: This chapter introduces the top management’s responsibility to ensure the establishment, continuous appropriateness, completeness, and effectiveness of the trade secret management system.

Chapter 4: This chapter requires the organization to define the scope of its trade secrets and ensure the defined trade secrets can be identified. This chapter also requires organization set up the permission to restrict access to personnel who need to know or use the trade secrets.

Chapter 5: This chapter introduces the organization shall control the use of trade secrets, including actions such as copying, destruction, etc. Additionally, organization shall preserve the records of the aforementioned use of trade secrets and detect if any abnormal usage exists.

Chapter 6: This chapter discusses measures the organization shall take for internal personnel control. These measures include regular training on trade secret-related requirements, signing of confidentiality agreements, and various management actions the organization should take throughout the processes of personnel recruitment, employment, and departure.

Chapter 7: This chapter demonstrates the organization’s management of environments, equipment and internet involving its trade secrets. It requires the implementation of access control measures for places where trade secrets are stored or processed. It also stipulates controls on the use of record media and devices which can access trade secrets, as well as controlling the transmission of trade secrets via network.

Chapter 8: This chapter introduces the management measures the organization shall take when interacting with other parties. These measures include signing non-disclosure agreement (NDAs) with the party who will access trade secrets and requiring such party not to hold the trade secrets once the corporation ends.

Chapter 9: This chapter introduces that the organization shall establish a trade secret dispute resolution procedure to prevent or mitigate damages to the organization caused by disputes.

Chapter10: This chapter outlines the supervision and the improvement of the trade secret management system of the organization.

Organizations can follow the standard to build their own trade secret management system based on the Plan-Do-Check-Act (PDCA) concept. The trade secret management system would include defining trade secrets to be managed, establishing protocols for the use of trade secrets, managing employees, controlling of internet, devices and environment related to trade secrets, regulating external activities, developing trade secret dispute resolution procedure, and regularly monitoring the effectiveness to improve trade secret management performance. This standard could serve as a benchmark for the organization or third parties to evaluate compliance with expected trade secret managements.

With the global push for sustainable development, the connection between Intellectual Property (IP) and Environmental, Social, and Governance (ESG) considerations has become increasingly significant. Leading economies such as the World Intellectual Property Organization (WIPO), the United States, the European Union, and Japan have all incorporated IP policy into their ESG development strategies to drive green innovation and reinforce corporate social responsibility.

Taiwan is actively responding to this global trend. In addition to transforming its Corporate Governance Evaluation into an ESG Evaluation by 2026, adjustments are also being made at the policy level. Government agencies such as the Taiwan Intellectual Property Office (TIPO) have introduced resources like the "Green Trademark Analysis" and "Green Technology Patent Analysis" to support enterprises in integrating ESG strategies with IP management. Furthermore, the Science & Technology Law Institute (STLI) of the Institute for Information Industry has been promoting the Taiwan Intellectual Property Management System (TIPS), urging enterprises to connect IP management with ESG principles to enhance their sustainability practices. As IP management becomes a critical element in sustainable development and evaluation systems, enterprises are encouraged to actively engage with these policy tools to strengthen their ESG performance and global competitiveness.

Promotion of TIPS and 2025 Award Ceremony

The Industrial Development Administration (IDA) of the Ministry of Economic Affairs commissioned the Science & Technology Law Institute (STLI) of the Institute for Information Industry (III) to promote the Taiwan Intellectual Property Management System (TIPS). On February 20th, the 2025 TIPS Award Ceremony and Special Seminar on IP Management and ESG Integration was held at the Center for Public and Business Administration Education National Chengchi University, where Deputy Director-General Yu-Hsin Tsou awarded TIPS certification certificates to 91 enterprises that passed the verification in 2024, including Taiwan Semiconductor Manufacturing Company Limited (TSMC), United Microelectronics Corporation (UMC), Yulon Motor Co., Ltd., Vanguard International Semiconductor Corporation, Sino-American Silicon Products Inc., and Yuanta Futures Co., Ltd.—companies that have ranked in the top 5% for corporate governance for 11 consecutive terms—demonstrating that intellectual property management contributes to enhanced corporate governance performance.

Photo source: Photos from the 2025 TIPS Award Ceremony and Special Seminar on IP Management and ESG Integration, Innovation & Intellectual Property Center, Science & Technology Law Institute (STLI).

TIPS Certification Reaches Record High, Nearly 80% of Certified Companies Listed in the DJSI World Index and the DJSI Emerging Markets Index

Deputy Director General Tsou stated that the number of companies passing TIPS certification in 2024 has reached a new high of 140.

Companies certified under TIPS not only perform excellently in Corporate Governance Evaluation but also stand out in ESG-related performance rankings. In 2024, nearly 80% of the Taiwanese enterprises listed in the Dow Jones Sustainability World Index (DJSI World Index) and the Dow Jones Sustainability Emerging Markets Index (DJSI Emerging Markets Index) have obtained certification under the Taiwan Intellectual Property Management System (TIPS).

Adapting to International Trends: Aligning Corporate Governance with ESG

In response to the global emphasis on ESG and sustainable development, companies are encouraged to enhance sustainable operations through improved corporate governance. At this award ceremony, special seminars were given by Director Chen-Shan Chang of the Securities and Futures Bureau, Financial Supervisory Commission (FSC), Deputy Director Chun-Chieh Lai of the Bureau of Standards, Metrology and Inspection, Ministry of Economic Affairs (MOEA), and Director Cheng-Wei Liao of the Taiwan Intellectual Property Office (TIPO), Ministry of Economic Affairs (MOEA).

Securities and Futures Bureau: Guiding Companies to Explore and Implement a Dual-Track Strategy IP and ESG through ESG Evaluation

The Securities and Futures Bureau outlined its plan to transition the Corporate Governance Evaluation into the ESG Evaluation by 2026, highlighting the connection between corporate governance and sustainable development, as well as the policy rationale behind the shift. It also introduced the structure of the forthcoming ESG evaluation, including the principles of indicator design and their strategic underpinnings. The Bureau noted that companies currently participating in the governance evaluation are predominantly part of corporate groups, which often lead efforts to emphasize intellectual property (IP) management. Companies with stronger ESG performance are likewise more likely to view IP as a strategic asset. Based on these findings, the Bureau encouraged enterprises to strategically integrate IP management into their ESG frameworks to generate synergy through a dual-track approach, while also advocating for enhanced ESG-related information disclosure to strengthen sustainable operations, and recommending the acquisition of TIPS (Taiwan Intellectual Property Management System) certification to showcase ESG strengths.

Bureau of Standards: Effectively Utilizing Management Standards to Accelerate the Implementation of ESG Sustainability Management in Enterprises

The Bureau of Standards advised that, in the course of implementing ESG (Environmental, Social, and Governance) through management systems such as ISO, companies should exercise due diligence in verifying whether the engaged training or certification bodies have been accredited by competent authorities or credible independent third-party organizations, so as to ensure the credibility and substantive effectiveness of their ESG performance and to prevent potential challenges to its legitimacy.

Intellectual Property Office: Understanding the Key Points of IP and ESG Integration through Global Policy Trends, including Green Patents and Green Trademarks

The Intellectual Property Office actively highlighted how international policy frameworks are increasingly integrating intellectual property with environmental (E) and social (S) aspects. For example:

■ In April 2024, the World Intellectual Property Organization (WIPO) published Mapping Innovation: Patents and the Sustainable Development Goals, which found that 13 out of the 17 Sustainable Development Goals (SDGs) are associated with relevant patent technologies.

■ The United States Patent and Trademark Office (USPTO) has promoted the "Patents for Humanity Award" since 2013 and launched the "Trademarks for Humanity Award" in 2024to recognize innovators who leverage patents and trademarks to tackle challenges related to energy, the environment, and climate change.

■ Japan’s Patent Office (JPO) released a Green Transformation Technology Classification List in June 2022 to guide green innovation.

In recent years, the Taiwanese Intellectual Property Office (TIPO) has responded to international trends by increasingly emphasizing green patents and green trademarks in its policies, and has provided tools such as the "Taiwan Green Trademark Analysis" and "Green Technology Patent Analysis." During seminars, it has shared practical cases from well-known companies like Apple and TSMC, demonstrating how green patents and trademarks can be integrated into ESG strategies. As a result, the TIPO encourages companies to leverage both domestic and international resources to strategically align intellectual property with ESG objectives, using green patent and trademark portfolios to protect ESG-driven innovation and build sustainable brands.

Science & Technology Law Institute: Exploring New Approaches to Trade Secret Protection and Capital Market Integration through the Concept of IP ETFs

Finally, Deputy Director Tsung-Hsuan Tsou of the Science & Technology Law Institute at the Institute for Information Industry stated that, in response to the 2026 transition from Corporate Governance Evaluation to ESG Evaluation, and given that trade secret protection and supply chain management have become critical for companies facing global competition and pursuing sustainable development, the Institute will continue to guide enterprises in accordance with the TIPS intellectual property management framework to strengthen trade secret protection and supply chain management and to align with international trends; furthermore, it will promote the integration of intellectual property with capital markets, for example, by developing Intellectual Property Exchange-Traded Funds (IP ETFs) to provide enterprises with new perspectives on value creation and investment decision-making.

On March 27, 2025, the Executive Yuan released and submitted a draft partial amendment of the Personal Data Protection Act to the Legislative Yuan. The amendment aims to comprehensively enhance personal data protection by constructing the foundation for an independent supervisory agency.

Taiwan’s Personal Data Protection Act- legislative progress

Taiwan’s Personal Data Protection Act (PDPA) has been amended three times since its release in 1995. In May 2023, the latest amendment to the PDPA introduced Article 1-1, designating the Personal Information Protection Committee as the competent authority under the Act. This legislative development was made in light of the Taiwan Constitutional Court Judgment 111-Hsien-Pan-13 (2022) (Case on the National Health Insurance Research Database) , which held that, to ensure the protection of personal information and the constitutional right to privacy under Article 22, the establishment of an independent data protection mechanism is required.

In accordance with Taiwan Constitutional Court Judgment 111-Hsien-Pan-13 (2022), the Personal Data Protection Commission (PDPC) must be established by August 2025. To facilitate this, the Preparatory Office of the Personal Data Protection Commission was established in December 2023. This office is mainly responsible for drafting and establishing the regulations and organizational framework required to establish the independent authority, including drafting the Organization Act of the PDPC and the amendments to the PDPA.

To develop the regulatory framework for an independent authority, the Preparatory Office of the Personal Data Protection Commission has planned a two-stage amendment process. The first phase seeks to establish the legal foundation of the PDPC, while the second phase will address other substantive issues of personal data protection. For the first stage, the Preparatory Office of the Personal Data Protection Commission drafted the Organization Act of the Personal Information Protection Committee in accordance with Article 1-1 of the PDPA and revised partial provisions of PDPA to reflect the function and duties of the PDPC.

The Draft of Partial Amendment to the Personal Data Protection Act

The key points of the amendment of PDPA are to empower the commission with essential regulatory functions, to strengthen the regulatory oversight and management of personal data within public sectors, and to set up a transition period to transfer regulatory authority over the private sectors.

1. Empower the commission with essential regulatory functions

Due to the lack of a unified agency for receiving incident reports and the efficiency issues caused by the current decentralized legal enforcement, the amendment of PDPA designates the PDPC as the competent authority to receive the incident reports. Centralizing incident reporting under the PDPC facilitates a clearer understanding of the nature and status of related incidents. It also helps regulatory authorities to investigate and handle problems quickly.

The rules for reporting data breach incidents are set out in Article 12 of the amended PDPA. According to Article 12 of the amended PDPA, both public sector and private sector entities are required to take appropriate actions and retain the records when a data breach occurs. In addition, public sector entities must report the incident to the PDPC and other relevant government agencies, while private sector entities are required to notify the incident to the PDPC, which will then inform its competent authority.

In terms of personal data security maintenance, the amended PDPA states that the competent authority is responsible for formulating regulations concerning security maintenance, governance mechanisms, protective measures, and other relevant matters . Accordingly, PDPC, as the competent authority, will draft the Regulations Governing Security Maintenance and Administration to provide the legal basis for the conducting audits, inspections, and administrative sanctions.

2. Strengthen the regulatory oversight and management of personal data within the public sector

The amendment of PDPA designates the PDPC as the independent authority responsible for overseeing the overall personal data protection affairs, including supervision of public sectors. The PDPC is empowered to supervise the public sector entities regarding their compliance with personal data protection regulations. Therefore, the role of the Data Protection Officer (DPO) is introduced in Taiwan for the first time. Article 18 of the amended PDPA states that every public sector entity must appoint a DPO to promote and oversee matters related to personal data protection. This approach reinforces personal data protection from both internal and external perspectives.

In considering restructuring and resource allocation associated with introducing this new role, the DPO requirement in PDPA currently applies to the public sector entities. However, both the public and private sectors are required to designate specialists to be responsible for managing personal data protection and security affairs.

3. Set up a transition period to transfer regulatory authority over the private sectors

Under the current regulation framework, the supervision of personal data protection in the private sector is decentralized and supervised by different competent authorities. To address this gap, the amendment of PDPA clarifies that the PDPC will serve as the supervisory authority for these entities in the future. In terms of the private sector entities already under the supervision of specific competent authorities, supervisory arrangements will initially remain unchanged. However, to achieve regulatory consistency, the amendment introduced a six-year transitional period during which supervisory responsibility will be transferred to the PDPC. During this transition, the PDPC will collaborate with relevant agencies every 2 years to assess the implementation of the new framework of PDPC and the situation of supervision across the private sector.

The draft Organization Act of the Personal Data Protection Committee has also been released

To complete the legal basis of PDPC, the draft Organization Act of the Personal Data Protection Committee (hereinafter referred to as the draft of the Organization Act) is released with the PDPA amendment. The draft of the Organization Act aims to formalize the PDPC as the independent central supervisory body. Additionally, it also clarifies the division of responsibilities among agencies on personal data-related matters. Once enacted, the PDPC will serve as Taiwan’s independent authority.

According to the draft of the Organization Act, the PDPC is designed as a collegial system with 5-7 committee members, serving a term of 4 years, and members may be reappointed upon completion of their term . As a central third-level agency, the committee members will exercise their powers independently. The draft of the Organization Act states that the PDPC is responsible for making the legislation and policies of personal data protection, the oversight of personal data protection, promoting and researching personal data-related technology, protecting cross-border transfer of personal data and the talent acquisition of personal data protection.

The draft of the Organization Act establishes the legal foundation for the PDPC, outlining its organization structure and core responsibilities. Additionally, it grants the PDPC the authority to supervise and enforce compliance with personal data protection regulations.

Benefits of the legal reform of the Personal Data Protection Act and the next step

The draft partial amendment to the Personal Data Protection Act, along with the draft Organization Act of the Personal Information Protection Committee, have been submitted to the Legislative Yuan for legislative review.

This marks the first time that Taiwan has established an independent authority responsible for personal data protection. The PDPA amendment not only formalizes the legal status and authority of the Commission but also enhances the legitimacy and credibility of personal data collection and use. However, amendments to other substantial aspects of data protection will be introduced in the next phase. The Preparatory Office of the Personal Data Protection Commission has already initiated work on the second phase, which will focus on substantial personal data protection issues in the context of the digital era.