Global Cross-Border Privacy Rules (Global CBPR) Forum
The Global Cross-Border Privacy Rules (Global CBPR) Forum is an international privacy certification system that succeeded the APEC CBPR System effective 21 April 2022. FOUNDING MEMBERS: United States + Canada + Japan + Republic of Korea + Philippines + Singapore + Taiwan (Chinese Taipei). UNITED KINGDOM acceded 2024 + first non-original-APEC member; additional jurisdictions in discussions including Mexico + Australia + New Zealand + Bahrain + Dubai DIFC + Argentina + Brazil + others. STRUCTURE: (a) GLOBAL CBPR SYSTEM - for CONTROLLERS / personal-information-handling companies / organizations that determine the purposes + means of personal data processing; based on the 9 APEC Privacy Principles (Notice + Collection Limitation + Uses + Choice + Integrity + Security Safeguards + Access + Correction + Accountability + Preventing Harm); 50 program requirements + intake + remediation processes; certified by Accountability Agents; (b) GLOBAL PRP (Privacy Recognition for Processors) - for DATA PROCESSORS / cloud service providers / SaaS / data processors; based on the 50 program requirements adapted for processor role; designed to facilitate Controllers + Processors agreements; (c) GLOBAL FORUM ASSEMBLY - intergovernmental governance; (d) GLOBAL FORUM STEERING COMMITTEE - operational oversight; (e) ACCREDITED ACCOUNTABILITY AGENTS (AAs) - third-party certifiers including TrustArc + Schellman + BBB National Programs + JIPDEC (Japan Information Processing Development Center) + others; AAs operate within their accredited jurisdictions. CERTIFICATION PROCESS: (1) organization completes self-assessment against Program Requirements; (2) engages Accountability Agent for review; (3) AA submits assessment for compliance evaluation + ongoing monitoring + dispute resolution + breach notification; (4) annual recertification + continuous monitoring. KEY BENEFITS: facilitates cross-border data transfers between member jurisdictions; demonstrates accountability; reduces compliance burden vs separate per-jurisdiction certifications; signals privacy commitment to customers + business partners. 2024-2025 STATUS: UK accession 2024 + first non-APEC member; ongoing GDPR-CBPR bridge-mechanism discussions with European Commission (no formal recognition yet); ASEAN model contract clauses coordination; PEP (Privacy Enhancing Technologies) + AI integration guidance pipeline; ongoing UK + Canada + Japan + Korea + Singapore + Philippines + Taiwan + US implementation; multiple new jurisdictions in accession discussions. RECOGNITION: CBPR + PRP certifications are increasingly recognized in US state DP laws (Connecticut + Virginia + Colorado + others recognize as adequacy mechanism) + California CCPA + sectoral privacy frameworks. SPONSORS + STAKEHOLDERS: US Department of Commerce + Federal Trade Commission + USTR; participating jurisdictions national DPAs; industry: Google + Microsoft + Apple + Meta + Amazon + Salesforce + AT&T + Workday + Adobe + IBM + Cisco + ServiceNow + Oracle + many others.
Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.
Framework Domains (7)
Global CBPR Forum: 2024-2025 Pipeline, UK Accession, New Jurisdictions, AI and PEP Integration
| Code | Title |
|---|---|
| CBPR-2024-2025-UK-NewJurisdictions-AI-PEP | Global CBPR Forum: 2024-2025 Update Pipeline - UK 2024, AI Integration, PEP, ASEAN MCC |
| CBPR-Implementation-Roadmap-Roles-Org | Global CBPR Forum: Implementation Roadmap, Organizational Roles and Certification Management |
| CBPR-IndustryAdoption-MajorCertifiedOrgs-Sectoral | Global CBPR Forum: Industry Adoption, Major Certified Organizations and Sectoral Application |
| CBPR-Status-AnnualMeeting-Working-Groups-Future | Global CBPR Forum: Status, Annual Meeting, Working Groups and Future Roadmap |
Global CBPR Forum: 9 APEC Privacy Principles (Notice + Collection + Uses + Choice + Integrity + Security + Access + Accountability + Preventing Harm)
| Code | Title |
|---|---|
| CBPR-9-APEC-Privacy-Principles | Global CBPR Forum: 9 APEC Privacy Principles (Notice + Collection + Uses + Choice + Integrity + Security + Access + Accountability + Preventing Harm) |
Global CBPR Forum: Accountability Agents, Program Requirements, Certification Process
| Code | Title |
|---|---|
| CBPR-AccountabilityAgents-CertificationProcess | Global CBPR Forum: Accountability Agents (TrustArc, Schellman, BBB, JIPDEC) and Certification Process |
Global CBPR Forum: Coordination with GDPR + UK + Japan APPI + Korea PIPA + Singapore PDPA + US State Laws
| Code | Title |
|---|---|
| CBPR-Coord-GDPR-UK-Japan-Korea-Singapore-Philippines-StateLaws | Global CBPR Forum: Coordination with GDPR + UK GDPR + Japan APPI + Korea PIPA + Singapore PDPA + Philippines DPA + US State Laws |
| CBPR-Crosswalk-GDPR-StateLaws-ISO27701-NIST | Global CBPR Forum: Crosswalk to GDPR, US State Laws, ISO/IEC 27701 and NIST Privacy Framework |
Global CBPR Forum: Cross-Border Transfer Recognition, Dispute Resolution, Enforcement
| Code | Title |
|---|---|
| CBPR-DisputeResolution-Enforcement-CrossBorderRecognition | Global CBPR Forum: Dispute Resolution, Enforcement and Cross-Border Recognition |
| CBPR-Implementation-MultiState-AdequacyMechanism | Global CBPR Forum: US Multi-State Adequacy Mechanism, State-by-State Recognition |
Global CBPR Forum: Global PRP (Privacy Recognition for Processors) + Controller-Processor Linkage
| Code | Title |
|---|---|
| CBPR-Global-PRP-Privacy-Recognition-Processors | Global CBPR Forum: Global PRP (Privacy Recognition for Processors) Controller-Processor Linkage |
Global CBPR Forum: Governance, Membership and Relationship to APEC CBPR Predecessor
| Code | Title |
|---|---|
| CBPR-Forum-Governance-Membership | Global CBPR Forum Governance, Membership and Relationship to APEC CBPR |
Your Compliance Coverage
If you comply with Global Cross-Border Privacy Rules (Global CBPR) Forum, you already cover:
Privacy Act 1988 (Australia)
17%
2 controls mapped
Compare →Bahrain PDPL
17%
2 controls mapped
Compare →Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (UAE PDPL)
17%
2 controls mapped
Compare →+ 98 more: Family Educational Rights and Privacy Act (FERPA) (17%), GLI-33 - Gaming Laboratories International Event Wagering Systems (17%)
See all 101 mapped frameworks ↓Maps to 101 other frameworks
Frequently Asked Questions
What is Global Cross-Border Privacy Rules (Global CBPR) Forum?
Global Cross-Border Privacy Rules (Global CBPR) Forum is a compliance framework from International (Global CBPR Forum) with 7 domains and 12 controls. The Global Cross-Border Privacy Rules (Global CBPR) Forum is an international privacy certification system that succeeded the APEC CBPR System effective 21 April 2022. FOUNDING MEMBERS: United States + Canada + Japan + Republic of Korea + Philippines + Singapore + Taiwan (Chinese Taipei). UNITED KINGDOM acceded 2024 + first non-original-APEC member; additional jurisdictions in discussions including Mexico + Australia + New Zealand + Bahrain + Dubai DIFC + Argentina + Brazil + others. STRUCTURE: (a) GLOBAL CBPR SYSTEM - for CONTROLLERS / personal-information-handling companies / organizations that determine the purposes + means of personal data processing; based on the 9 APEC Privacy Principles (Notice + Collection Limitation + Uses + Choice + Integrity + Security Safeguards + Access + Correction + Accountability + Preventing Harm); 50 program requirements + intake + remediation processes; certified by Accountability Agents; (b) GLOBAL PRP (Privacy Recognition for Processors) - for DATA PROCESSORS / cloud service providers / SaaS / data processors; based on the 50 program requirements adapted for processor role; designed to facilitate Controllers + Processors agreements; (c) GLOBAL FORUM ASSEMBLY - intergovernmental governance; (d) GLOBAL FORUM STEERING COMMITTEE - operational oversight; (e) ACCREDITED ACCOUNTABILITY AGENTS (AAs) - third-party certifiers including TrustArc + Schellman + BBB National Programs + JIPDEC (Japan Information Processing Development Center) + others; AAs operate within their accredited jurisdictions. CERTIFICATION PROCESS: (1) organization completes self-assessment against Program Requirements; (2) engages Accountability Agent for review; (3) AA submits assessment for compliance evaluation + ongoing monitoring + dispute resolution + breach notification; (4) annual recertification + continuous monitoring. KEY BENEFITS: facilitates cross-border data transfers between member jurisdictions; demonstrates accountability; reduces compliance burden vs separate per-jurisdiction certifications; signals privacy commitment to customers + business partners. 2024-2025 STATUS: UK accession 2024 + first non-APEC member; ongoing GDPR-CBPR bridge-mechanism discussions with European Commission (no formal recognition yet); ASEAN model contract clauses coordination; PEP (Privacy Enhancing Technologies) + AI integration guidance pipeline; ongoing UK + Canada + Japan + Korea + Singapore + Philippines + Taiwan + US implementation; multiple new jurisdictions in accession discussions. RECOGNITION: CBPR + PRP certifications are increasingly recognized in US state DP laws (Connecticut + Virginia + Colorado + others recognize as adequacy mechanism) + California CCPA + sectoral privacy frameworks. SPONSORS + STAKEHOLDERS: US Department of Commerce + Federal Trade Commission + USTR; participating jurisdictions national DPAs; industry: Google + Microsoft + Apple + Meta + Amazon + Salesforce + AT&T + Workday + Adobe + IBM + Cisco + ServiceNow + Oracle + many others. It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.
How many controls does Global Cross-Border Privacy Rules (Global CBPR) Forum have?
Global Cross-Border Privacy Rules (Global CBPR) Forum has 12 controls organised across 7 domains. The largest domains are Global CBPR Forum: 2024-2025 Pipeline, UK Accession, New Jurisdictions, AI and PEP Integration (4 controls), Global CBPR Forum: Coordination with GDPR + UK + Japan APPI + Korea PIPA + Singapore PDPA + US State Laws (2 controls), Global CBPR Forum: Cross-Border Transfer Recognition, Dispute Resolution, Enforcement (2 controls). Each control defines specific requirements that organisations must implement to achieve compliance.
What frameworks does Global Cross-Border Privacy Rules (Global CBPR) Forum map to?
Global Cross-Border Privacy Rules (Global CBPR) Forum maps to 101 other compliance frameworks. The top mapping partners are Privacy Act 1988 (Australia) (17% coverage), Bahrain PDPL (17% coverage), Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (UAE PDPL) (17% coverage). Use our comparison tool to explore control-level mappings between frameworks.
How do I get started with Global Cross-Border Privacy Rules (Global CBPR) Forum compliance?
Start your Global Cross-Border Privacy Rules (Global CBPR) Forum compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about Global Cross-Border Privacy Rules (Global CBPR) Forum requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 12 controls and track your progress.
Start Your Compliance Journey
Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 701 frameworks.
Get Started Free →Free forever — no credit card required