Hong Kong and mainland China have separate AI and data regimes — the PDPO and HK regulators versus PIPL and the CAC. What the difference means for a business operating across the boundary.
dgm is an independent osFoundry integration partner — not affiliated with osFoundry’s maker (OS LLC), and dgm has no completed client integrations yet.
Hong Kong and mainland China have separate legal systems and separate AI and data regimes. If you operate across the boundary, conflating them is a real risk — so it is worth being precise.
Hong Kong’s regime
Hong Kong governs personal data through the PDPO (Cap. 486), enforced by the PCPD, and AI through advisory frameworks (the PCPD’s June 2024 Model Framework, the DPO’s April 2025 generative-AI guideline) plus sector circulars from the HKMA and SFC. There is no standalone binding AI Act.
Mainland China’s regime
Mainland China has the Personal Information Protection Law (PIPL) and binding generative-AI rules administered by the Cyberspace Administration of China (CAC) — a different and generally stricter framework, including data-export controls. These mainland rules do not govern data processing within Hong Kong.
What it means across the boundary
Treat the two regimes separately. Data processed in Hong Kong falls under the PDPO; data pulled from the mainland is subject to PIPL on that leg, where the Greater Bay Area Standard Contract is the relevant facilitation route for in-scope transfers. Never apply CAC rules to a purely Hong Kong workload, or assume Hong Kong’s lighter regime covers mainland processing.
Where dgm fits
dgm is an independent integration partner that helps Hong Kong businesses adopt osFoundry — scoping a first use case, handling the build, and connecting AI to the systems you already run. dgm is independent of osFoundry’s maker (OS LLC) and has no completed client integrations yet, so everything described here is a service offered, not a past result. If you want to scope a practical first project, dgm can help you map it out.