A Democracy on the Cognitive Frontier
When President Lai Ching-te opened a 29-country GCTF workshop in Taipei on June 23, the speech was precise about the threat and deliberately vague about the remedy. Authoritarian regimes were weaponising emerging technologies, illicit financial flows, cyberattacks, and information manipulation across borders — tools Lai described as having pushed threats "beyond traditional military domains." Taiwan had established a new interagency mechanism targeting transnational repression. And the government was reviewing three statutes — the Anti-Infiltration Act, the National Security Act, and the Cyber Security Management Act — for cognitive-warfare gaps. What Lai did not announce was binding platform content regulation. That silence was the policy.
Two Tracks, One Strategy
Taiwan's disinformation response has settled into a deliberate bifurcation. On the security track, hard law is being tightened to address state-directed cognitive warfare: PRC-linked influence operations, diaspora intimidation, and foreign-directed electoral interference. On the platform track, the National Communications Commission is pursuing voluntary transparency guidelines after a spectacular public revolt buried its 2022 draft legislation. The two tracks serve different adversaries and carry different political risks; the challenge is whether together they cover the terrain between them.
The Security-Law Track: Patching Real Gaps
The Anti-Infiltration Act (AIA), enacted in January 2020, targets activities by "foreign hostile forces" — defined as entities advocating non-peaceful means against Taiwan or in active military conflict with it. It prohibits foreign-directed political donations, electoral interference, and foreign-commissioned lobbying, with prison terms up to five years and fines up to NT$10 million. The enforcement record is sobering: prosecutors have indicted 127 people since implementation and secured just five convictions, with sentences averaging three to six months. That is a 4 percent conviction rate from a law designed to deter sophisticated, well-resourced state operations.
Proposed amendments under deliberation since January 2026 would extend the AIA's reach to cover disinformation dissemination directly, bring prospective candidates (not yet formally registered) within scope, regulate internet service providers that host databases inside Taiwan, and — crucially — establish minimum sentences the current law entirely omits. Taiwan's Mainland Affairs Council pressed urgency on legislators in January 2026, citing China's intensifying "gray zone" harassment campaigns and the inadequacy of an enforcement record averaging one conviction per year.
The National Security Act and the Cyber Security Management Act are also under review. The former is built around espionage and classified information; the latter around critical infrastructure protection. Neither was designed for AI-generated synthetic media, coordinated inauthentic behaviour, or the information operations that state actors now run through commercially available social platforms. The government's mandate is explicit: identify shortcomings and propose amendments. What those amendments will contain — and whether they can pass a legislature divided on the scope of national security powers — remains open.
The Platform Track: Accountability Without Enforcement
While security law tightens, platform governance is moving in the opposite direction. The NCC unveiled non-binding transparency and complaint guidelines in January 2026, initially covering YouTube, Facebook, Line, TikTok, and Dcard — with Threads and X potentially added. Platforms are asked to provide complaint mechanisms in Traditional Chinese, disclose content-moderation criteria, recruit culturally aware customer service staff, and publish transparency reports. The NCC was explicit: these are "not laws," and non-compliance carries no penalty.
The soft-touch approach is a direct consequence of the 2022 Digital Intermediary Services Act disaster. When the NCC published its DISA draft in June 2022 — modeled loosely on the EU's Digital Services Act — the backlash was swift and cross-partisan. Smaller volunteer-run platforms like PTT argued the obligations were unworkable. Civil society groups warned the bill could hand government agencies a mechanism to flag content in an environment where the definition of "disinformation" is inherently contested. By September 8, 2022, the NCC had returned the draft to its task group. There is still no timeline for reintroduction.
The NCC's own survey data confirms the underlying demand is real: roughly 66 percent of respondents said platforms fail to provide adequate transparency, and 51.2 percent expressed dissatisfaction with complaint response mechanisms. The regulator's bet is that these numbers — combined with the implicit threat of eventual binding legislation — will push platforms toward voluntary compliance. Evaluation results are due by the end of 2026.
The Steelman for Harder Rules
The case for binding regulation deserves honest engagement before dismissing it. Non-binding guidelines do not compel platforms to change algorithmic amplification, publish consistent cross-platform transparency data, or respond to coordinated inauthentic behaviour at scale. Taiwan's adversarial information environment — Chinese state media, AI-generated deepfakes, transnational coordinated networks — will not be meaningfully disrupted by a request to provide a complaint form in Traditional Chinese. Countries operating under binding frameworks, from the EU's Digital Services Act to Australia's Online Safety Act, argue that voluntary regimes shift costs to users while sheltering platforms from accountability.
That argument is coherent and deserves weight. But Taiwan's 2022 experience illustrated a point the Brussels debate often elides: when a government empowered to designate regulated content operates in a contested geopolitical environment, the tools of platform governance and the tools of censorship converge uncomfortably. Taiwan's critics of DISA were not simply anti-regulation reflex — they were asking a specifically Taiwanese question about who gets to decide what is false.
The Gap Between Tracks
The central risk in Taiwan's bifurcated approach is the middle ground neither track covers cleanly: disinformation that originates from state actors but propagates through commercial platforms. The AIA can prosecute only where foreign direction is provable — an evidentiary standard few information operations meet. NCC guidelines cannot mandate removal of coordinated influence content or require algorithmic transparency. The proposed AIA amendments extending to disinformation dissemination may partially close this gap, but only if the evidentiary and sentencing failures producing a 4 percent conviction rate are addressed simultaneously. Announcing amendments and achieving convictions are different things.
Looking Forward
The June 23 GCTF workshop — with partners spanning the United States, United Kingdom, Japan, Australia, Canada, and 24 additional democracies — demonstrated Taiwan's commitment to multilateral resilience-building. The framework has hosted over 100 workshops attended by more than 10,000 experts across 134 countries since its 2015 founding. International coalitions build capacity and political legitimacy; they do not pass laws or secure convictions. Taiwan's next legislative session needs to move the AIA amendments and the enforcement apparatus — while the soft-guidelines track buys political space rather than serving as a substitute for platform accountability. The question is whether the lesson of 2022 produces a smarter law or indefinite paralysis.