Michael So Shares AI Publication at Hong Kong Legislative Council with Councilors Lau Chi-pang and Chan Hok-fung
AiX Society Founding Chairman Michael So recently had the honour of presenting his latest AI
Originally published in Chinese on HK01 on 2025-11-21 08:00 | By Michael C.S. So | AiX Society
Hong Kong has long been a city that favors imports — not just goods, but software. Microsoft, Google, Adobe, Salesforce… these names dominate the screens of government agencies, corporate offices, and schools. For many, “world-class” has been synonymous with “Made in America.” Yet this default choice is being quietly rewritten by the currents of geopolitics, data regulation, and regional economic integration.
In 2026, China will fully implement a new round of data security and cross-border data regulations. Data flows within the Greater Bay Area will be subject to more refined standard contracts and filing mechanisms. Meanwhile, global tech supply chains are being redrawn by sanctions and export controls. Hong Kong finds itself caught between two systems: on one side, the cloud and SaaS ecosystem centered on the US and Europe; on the other, an increasingly mature domestic Chinese software ecosystem. The question is no longer “which one works better,” but rather — which is safer, more sustainable, and compatible with Hong Kong’s future.
Hong Kong’s information infrastructure was largely built during the globalization wave of the past two decades — an era that believed in a “borderless cloud.” From accounting to education, from customer service to design, systems were almost entirely controlled by overseas vendors.
But the cloud was never borderless — the borders were simply hidden within code and contracts.
The US CLOUD Act allows the government to compel companies to hand over data stored on overseas servers. The EU’s General Data Protection Regulation (GDPR) imposes strict restrictions on cross-border data flows. China, through its Data Security Law and Personal Information Protection Law, has drawn red lines around “important data.” Caught in the middle, Hong Kong’s former stance of “compatible with both sides” is becoming increasingly untenable.
Imagine a Hong Kong financial firm that built its core systems on a US cloud provider. If tensions between Washington and Beijing escalate again tomorrow, could export control provisions cause the company to suddenly lose service? Or might the vendor restrict technical support to certain regions to comply with its own country’s policies? These are not far-fetched scenarios. The US actions against Huawei, ZTE, and ByteDance are cautionary tales.
Software is the infrastructure of the modern economy, and when infrastructure is overly dependent on a single camp, it’s like handing the switch to someone else. Hong Kong once built its prosperity on electricity and ports; now it must think about the sovereignty of its information supply chain.
The rise of mainland software was once dismissed by Hong Kong users as “not international enough.” But that laughter is starting to sound awkward. Companies like Alibaba, Tencent, Huawei, and ByteDance have long established complete cloud ecosystems, while countless small and medium developers produce enterprise-grade solutions — from collaboration platforms to AI analytics to government-level security systems.
These software products share several characteristics: first, they comply with Chinese regulations; second, they are competitive in cost and maintenance; and third, they have a deeper understanding of Chinese-language environments and local use cases.
More importantly, these systems can often run within China without relying on cross-border servers. For businesses that need to serve both Hong Kong and Shenzhen or Guangzhou, this “geographic compatibility” is a practical advantage, not a political gesture.
The Greater Bay Area’s cross-border data flow mechanisms are taking shape. Under the Standard Contract for Cross-Border Flow of Personal Information in the Guangdong-Hong Kong-Macao Greater Bay Area, introduced in 2024, Hong Kong-invested enterprises can legally exchange personal data through a filing system. If the system itself is provided by a Chinese vendor, compliance costs drop significantly. In other words, choosing Chinese-made software is not just a security decision — it’s also a choice of efficiency and compliance.
Any mature economy must be wary of the flip side of technology dependency. While Chinese software can mitigate geopolitical risk, if it ultimately leads to “another form of single dependency,” the risk is merely transferred, not eliminated.
Some Chinese companies have insufficient code transparency, limited open standards, and overly rapid update cycles, which can create new security and maintenance pressures.
If Hong Kong wants to remain agile between two digital empires, the wisest strategy is “hybrid coexistence” — adopting multi-source supply chains to diversify risk while maintaining international interoperability.
True wisdom lies not in exclusion, but in compatibility.
For many businesses, switching to Chinese-made software means retraining employees, modifying processes, and even replacing servers. The short-term costs are undeniably significant. However, in the long run, this is insurance for digital sovereignty.
When systems, data, and maintenance teams can be partially kept locally or within the Greater Bay Area, a company’s bargaining power and risk management capabilities both improve.
Moreover, this transition brings an unexpected side effect — it could become a catalyst for Hong Kong’s technology industry.
Currently, Hong Kong’s innovation and technology ecosystem leans toward the application layer, lacking a local software supply chain. If market demand shifts toward “China-compatible” solutions, it will stimulate local startups to develop in areas such as security testing, integration services, and cross-border data governance — turning “innovation and technology” from a slogan into reality.
The Hong Kong government plays a particularly critical role in this transformation. If public institutions continue to default to overseas brands as the preferred choice in procurement, the market will struggle to break its inertia. Conversely, if tender requirements include provisions such as “Greater Bay Area compatibility” or “local R&D ratio,” it would send a clear signal encouraging hybrid supply chain models.
At the same time, the government must help businesses navigate compliance challenges — for example, by establishing cross-border data approval and consultation mechanisms, promoting mutual recognition between Hong Kong’s version of ISO 27001 and mainland security certifications, and supporting local universities in offering courses on “data sovereignty and cyber law.” After all, a city’s data governance capability is the new firewall for its status as an international financial center.
On the surface, this is a choice between software brands. In reality, it is a choice of institutional trust.
Hong Kong businesses using US cloud services implicitly trust the American legal system; those adopting Chinese-made software must trust China’s data governance.
For Hong Kong to find balance between the two, it cannot rely on diplomatic rhetoric — it must rely on engineering and institutional design: a technological “middle way.”
Rationally speaking, future Hong Kong businesses cannot depend on just one side. A more feasible landscape is: use local or mainland solutions for critical operations to ensure compliance and security; continue leveraging international platforms for non-sensitive operations to maintain efficiency and global connectivity. Like urban transportation, you can’t rely solely on the MTR or only on taxis — a hybrid system is what keeps things moving.
As a new round of national data regulations takes effect in 2026, Hong Kong businesses will face a real-world test. Any operation involving mainland customer data or cross-border cloud services must re-examine its data flows. By then, debating “whether to switch software” may already be too late.
Business leaders who still view this as “just an IT department issue” will miss the strategic window. Because in this era, information systems are the company’s nervous system, and data sovereignty is corporate sovereignty.
Hong Kong has long been known for its agility and neutrality, but true competitiveness has never come from merely surviving in the cracks — it comes from creating new models.
In this software pivot, Hong Kong is fully capable of leveraging its unique strengths to build a “bilingual system” — one that understands both international open standards and China’s security and regulatory landscape. Such a Hong Kong would be not just an intermediary, but an innovator.
As Silicon Valley’s cloud drifts further away, the algorithms from the other side of the Pearl River Delta are catching up fast.
The choice is no longer about whose interface looks better, but whose system better fits the geopolitical and regulatory reality of the future.
For Hong Kong, this is not merely a technology upgrade — it is an institutional recomposition.
AiX Society Founding Chairman Michael So recently had the honour of presenting his latest AI
Introduction You’ve decided to implement WuKong in your organization. Congratulations—you’ve taken the first step toward
## Introduction In today’s rapidly evolving business landscape, digital transformation is no longer optional—it’s existential.
HKOEA Consultancy
Licence No. 59684
© 2026 Artificial Intellegence Application Research Society. All rights reserved
by Originals Group – Hong Kong, Malaysia, GBA