Democracies under attack by authoritarian regimes must confront an uncomfortable question: how can they defend themselves effectively without eroding the very freedoms they aim to protect? Taiwan, which faces a sustained campaign of Chinese information manipulation on social media, sits at the sharp end of this governance dilemma. Last year, the Taiwanese government banned RedNote (Xiaohongshu)—a Chinese social media platform with over three million users on the island—drawing immediate criticism from civil society and opposition voices alike. Among the criticisms: the ban’s rationale was narrowly framed, the tool was largely ineffective, and the measure was disproportionate. The episode exposed how Taiwan’s democratic institutions are caught between the imperative to act on Chinese information interference and the legal, political, and market forces constraining policy responses.
At the same time as the RedNote ban, the United States was brokering a historic deal to keep TikTok alive while addressing the security risks of Chinese ownership. Can democracies like Taiwan learn anything from the U.S. experience? The answer lies not in the ownership-driven model underpinning the TikTok legislation—which middle powers cannot replicate—but in the operational safeguards embedded in the subsequent deal. Making this path work will require coordinated action between middle and major democracies.
The Structural Risks of Chinese-Operated Platforms
Chinese foreign information manipulation and interference (FIMI) targeting Taiwan is not new, but it is rapidly evolving. Leaked internal documents have revealed that GoLaxy, a Chinese company with ties to the PRC’s military and intelligence apparatus, is actively developing an AI-powered FIMI system that can build detailed profiles of key figures, detect political trends and societal vulnerabilities in target countries through massive data analysis, generate tailored propaganda, and deploy and amplify it through thousands of realistic AI personas.
These operations can be carried out across all major social media platforms. But platforms operated by Chinese companies present a distinct, structural layer of risk. Consider RedNote. After Taiwan’s ban last year, the company migrated its overseas users to a version registered in Singapore. Yet RedNote’s privacy policy still permits user data to be processed in mainland China, and data is explicitly shared with its Shanghai-based operator. This means that overseas users’ data remains subject to PRC national security laws that grant the government sweeping access without meaningful independent judicial review. Additionally, China’s algorithm regulations require recommendation services to actively promote “positive energy” and prohibit content deemed a threat to national security—defined so expansively in President Xi Jinping’s comprehensive security framework that it extends to virtually every sphere of political and social life. In the short term, this creates a ready-made channel for propaganda amplification; over time, it risks shaping Taiwanese users’ worldviews in ways favorable to Beijing—for instance, normalizing the prospect of unification and eroding confidence in Taiwan’s own democratic system.
Taiwan’s Governance Trilemma
Taiwan’s vibrant civil society and fact-checking ecosystem have earned it a strong reputation for democratic resilience. But beyond this civic layer, the country faces a severe governance trilemma. Institutionally, the criminal penalties Taiwan primarily relies on (such as election laws targeting deepfake disinformation) cannot keep pace with viral manipulation, nor can they reach the upstream authoritarian regime that orchestrates it. Politically, Taiwan’s parties are deeply divided along national identity lines and China policy—a fault line visible in disputes ranging from U.S. arms procurement to cross-strait economic engagement. As a result, any legislation specifically targeting Chinese platforms faces structural opposition. And the island’s four decades of martial law—during which the authoritarian government exercised pervasive control over expression and the flow of information—have left a lasting reflex: any state action that touches content regulation triggers fears of democratic backsliding. This fear has concrete policy consequences. In 2022, the government proposed the Digital Intermediary Services Act, modeled on the European Union’s Digital Services Act, aimed at platform accountability. It was withdrawn within months after opposition parties equated its emergency content restriction provisions with state censorship.
Economically, Taiwan’s limited market size makes policymakers reluctant to impose regulations on transnational platforms without overwhelming public consensus. And China-focused regulation, as the political dynamics above make clear, lacks precisely that consensus. As a result, the only tool the government has reached for was the 2024 Fraud Crime Hazard Prevention Act, which empowers authorities to order the blocking of fraudulent websites, but was never designed to address FIMI.
The Limits of the Ownership-Driven Model
Against this backdrop, the U.S. approach to TikTok offers a natural point of comparison. The 2024 Protecting Americans from Foreign Adversary Controlled Applications Act required ByteDance to divest TikTok from Chinese control or face a ban—an ownership-driven approach under which any qualifying restructuring must preclude all operational ties with the former parent company. But this model faces two barriers in Taiwan. First, the bipartisan consensus that enabled passage in the U.S. Congress does not exist. Taiwan’s parties are too divided on China policy to rally behind such legislation. Second, the model rests on a precondition that does not apply in the Taiwanese context: ByteDance had a U.S. subsidiary, making divestiture at least structurally possible. By contrast, Taiwanese users access Chinese platforms like TikTok through Singapore-registered entities that serve multiple Asian markets. Taiwan simply lacks the leverage to demand that a Singapore-based company divest from its Chinese parent.
But the TikTok story does not end with the 2024 act. The Trump administration’s TikTok deal went beyond ownership restructuring and developed a set of concrete operational safeguards—and these elements hold vital lessons for middle powers like Taiwan. Under the deal, a majority American-owned joint venture now operates TikTok’s U.S. security infrastructure under defined safeguards: U.S. user data is stored in Oracle’s U.S. cloud environment with comprehensive privacy and cybersecurity protections; the content recommendation algorithm is retrained on U.S. user data; the joint venture holds decision-making authority over trust and safety policies and content moderation; and continuous accountability is ensured through transparency reporting and third-party certifications.
To be sure, the deal is far from perfect. Critics have rightly pointed out that ByteDance retains the intellectual property rights to TikTok’s recommendation algorithm. The U.S. entity operates it under license and retrains it on American user data, but the underlying model remains in China. Whether this arrangement truly severs the operational ties as required by the 2024 act, and whether retraining alone can strip out ideologically-embedded biases, are open questions. Transparency around the licensing terms and the platform’s ongoing operations also remains insufficient to verify that the safeguards are working as intended. And more fundamentally, comprehensive privacy legislation is needed to anchor any credible data governance framework. Yet despite these shortcomings, critics are not calling for a retreat from operational safeguards. They are calling for stronger ones.
Crucially, any operations-driven framework must be grounded in clear legal authority, due process, independent judicial review, and proportionality. Without these safeguards, measures designed to defend open societies risk becoming instruments of unchecked state power. And that is precisely the direction that Taiwan and other democratic middle powers lacking the conditions for ownership restructuring should explore.
From Ownership to Operation: A Path for Democratic Middle Powers
An operations-driven approach will not fully neutralize all of the risks that authoritarian digital infrastructure poses to open societies, but expecting a silver bullet would be the wrong starting point. In an era of digital sovereignty competition, authoritarian regimes are unlikely to relinquish control over the data, algorithms, and platforms they command. The risks can only be managed, not eliminated. The key to proportionate regulation is a stronger evidence base. Governments must be able to demonstrate, with rigor, what the risks are and why specific measures are justified.
With that foundation, democratic middle powers like Taiwan should condition market access for transnational platforms such as RedNote on compliance with baseline requirements—including data protection and cross-border transfer safeguards, algorithm safety and transparency, and obligations to detect and mitigate coordinated manipulative behavior on their platforms. For platforms subject to authoritarian legal frameworks that create demonstrated structural risks, enhanced obligations are warranted. This approach echoes the European Union’s evolving FIMI framework, which shifts regulatory focus from the truthfulness of content to the detection of manipulative behavioral patterns. And because no single middle power commands sufficient market leverage alone, major democracies should coordinate these standards to prevent forum shopping.
The need for such coordination is concrete. For example, my own research has found that many Chinese digital services register in jurisdictions such as Singapore and the United States, while their privacy policies retain provisions channeling user data back to China—through server storage in mainland China, intra-group sharing with Chinese parent entities, and legal clauses enabling government access. Without aligned standards across democracies, jurisdictions with weaker regulatory frameworks risk becoming gaps through which authoritarian practices operate unchecked. The United States itself is navigating this challenge: critics of the TikTok deal have called not for abandoning operational safeguards, but for strengthening them, and middle powers developing their own regulatory responses can contribute comparative insights to that effort. Multilateral mechanisms already provide a foundation: the Global Cross-Border Privacy Rules Forum, of which both Taiwan and the United States are founding members, offers a ready-made platform for coordinating the kind of cross-border data governance standards this challenge demands.
Governing the digital information environment against authoritarian influence is a tightrope walk between democratic defense and erosion. Taiwan’s experience with the RedNote ban illustrates the costs of a mismatch between governance tools and structural risks. The U.S. TikTok saga shows that even the world’s most powerful democracies are still searching for the right approach. Yet the operational safeguards emerging from that search offer democracies a compass to navigate the uncertainty that openness inevitably brings.
