Research and Practice of Composite Data Flow Security Governance by Ant Group

During the 2023 China Digital Economy Innovation Development Conference co‑hosted by the Ministry of Industry and Information Technology and the Guangdong Provincial Government, Ant Group’s Song Zheng delivered a keynote titled “Research and Practice of Composite Governance for Data Flow Security,” sharing the company’s exploration and application of a composite data security governance system for data flow protection.

The presentation emphasized that data has become a core production factor in the fast‑moving digital economy, requiring enterprises to build new‑era data security governance frameworks that balance protection with value creation. Ant Group’s model stresses systematic design, practical implementation, and coordinated planning across strategy, management, and technology, incorporating native design, traceability, internal authentication, and integrated governance that links security with business and management functions.

Ant Group has embedded this composite governance system into its data flow practices, establishing an ecosystem‑wide data security co‑governance model. Measures include responsible access management, situational awareness, water‑level reinforcement, security rating incentives, and joint emergency response, while offering affordable security capabilities—such as vulnerability scanning, personnel authentication, and leakage prevention—to small and medium‑sized partners.

For cross‑border data scenarios, Ant Group has built underlying security technologies covering dynamic asset identification, data link tracing, outbound traffic analysis, and privacy‑preserving computation. These are supported by risk‑based strategy operations and a security operations platform that ensures continuous, compliant control of data flows, adhering to regulations like the “Data Outbound Security Assessment Measures.”