The Global Cross-Border Privacy Rules (CBPR) Forum has officially launched the Global CBPR and Privacy Recognition for Processors (PRP) certifications, marking a significant milestone for the Forum. These certifications provide a simple and transparent means for organizations to ensure the protection of personal information that moves across jurisdictions, fostering trust in cross-border data flows.
The Global CBPR and PRP Systems will launch on June 2, 2025, with about 100 certified companies covering over 2000 entities on board and certified.
Organizations seeking certification must undergo assessments by approved Accountability Agents (AAs). These third-party entities verify compliance with the Global CBPR and PRP Program Requirements, ensuring that certified organizations adhere to consistent baseline data protection and privacy requirements.
With the launch of these certifications, the Global CBPR Forum has demonstrated its commitment to helping bridge different regulatory approaches to data protection and privacy, offering organizations a robust system based on trust and accountability to navigate the complexities of cross-border data flows.
The Chair of the Global CBPR Forum, Ms. Shannon Coe, emphasized the importance of these certifications in today’s digital economy. She states, “The launch of the Global CBPR and Global PRP Systems empowers companies worldwide to uphold the highest standards of data privacy, fosters trust, enables trade and drives innovation in a connected future. We encourage companies operating in the global market to consider becoming certified and jurisdictions to join the Forum to make this tool available to companies in their jurisdictions.”
Noël Luke, Chief Assurance Officer at TrustArc, a recognized Accountability Agent, expressed enthusiasm about this collaboration, stating, “We’re thrilled to collaborate with the Global CBPR Forum on this critical evolution in global data privacy standards. At TrustArc, we’ve long championed accountability-based frameworks, and the launch of the Global CBPR and PRP certification represents a major milestone in providing organizations and consumers alike with confidence in how personal data is protected and managed worldwide.”
Certified companies have welcomed the launch of the Global CBPR and PRP certifications, highlighting its potential in helping businesses boost privacy protections and operate securely across borders.
Ajay Dua, IBM’s Vice President & Assistant General Counsel, Asia Pacific & China, emphasized the impact of the certification: “The Cross-Border Privacy Rules (CBPR) enables a framework of interoperable data protection rules across the region and the world with a potential to drive significant business value. As the first company to be certified by the Asia Pacific Economic Cooperation (APEC) CBPR System in 2013, IBM holds itself accountable and has earned the trust of those who provide us with their personal data. Our privacy practices are outlined in our Privacy Statement. We will continue to follow core principles, grounded in commitments to trust and transparency.”
Echoing this sentiment, Ms Loretta Yuen, Head of Group Legal & Compliance, OCBC, underscored: “Robust safeguards and a uniform framework for personal data across borders are crucial for secure and efficient data flows. The Global Cross-Border Privacy Rules certification programme is a significant step forward, enabling businesses to demonstrate their commitment to data privacy and build trust with customers. As an APEC CBPR certified company, OCBC has strong measures in place to safeguard customer data. We’re working towards global CBPR certification and expect to be one of the first in Singapore to attain it. We encourage other companies to follow suit, as a large network of certified companies will unlock the full potential of the global CBPR and facilitate secure and seamless data transfers.”
The Global CBPR Forum recently held its spring workshop in Singapore last May 26 to 28, 2025. During the workshop, they announced the work program for 2025-2026, which includes updating the Program Requirements for the Global CBPR and PRP certifications. The updates will introduce additional requirements on sensitive personal information, children’s personal information, and breach notification. By the end of 2025, a process and timeline to implement the updates will be developed in consultation with Accountability Agents, certified organizations, and other stakeholders to enable companies to demonstrate compliance with the updated requirements.
The Global CBPR Forum was established in 2022 to support the free flow of data and effective data protection and privacy globally. The 2022 Global CBPR Declaration and the Global CBPR Framework provide the Forum’s principles and objectives. Members of the Global CBPR Forum are Australia; Canada; Japan; Republic of Korea; Mexico; Philippines; Singapore; Chinese Taipei; United States. The Forum welcomed the UK as its first Associate in 2023, and 2024, Bermuda, Dubai International Financial Center, and Mauritius. Thailand and Nigeria have also declared their intent to join the Forum this year.
The Forum will now accept membership applications from interested jurisdictions, with endorsement of the template Letter of Intent for Membership application. Jurisdictions looking to join can find details about the application process and learn more about the Global CBPR and PRP certifications on the Global CBPR Forum’s website.
