Trade secrets are emerging as powerful shields in industries where patents may fall short. Excel V. Dyquiangco unpacks their growing value, the rising risks of cyber and AI-driven theft, and how advanced cybersecurity, global cooperation and evolving legal frameworks are reshaping protection. 

 

Trade secrets are valuable and adaptable solutions for protecting core assets and sustaining market competitiveness. While traditional IP such as patents is essential, trade secrets offer distinct advantages: they avoid the innovation-disclosure paradox by remaining confidential, protect a broader range of information – including client lists and internal processes – and have no time or geographical limits. 

While this flexibility does not inherently make trade secrets superior to other forms of intellectual property, it does emphasize their growing importance, especially in a future dominated by artificial intelligence, proprietary algorithms and curated datasets. From the processes behind sustainable technology to the logic governing digital assets in the metaverse, trade secrets can be considered a dynamic tool for safeguarding the intangible innovations that define the future economy. 

“In many ways, trade secret law can be broader or more flexible than traditional intellectual property like patents,” said Grace Shao, managing partner at Baker McKenzie in Taipei. “Unlike patents, trade secret protection can be obtained without any application or registration – it arises automatically if the trade secret owner takes appropriate steps to ensure the information is secret and so long as it provides a competitive benefit. Trade secret protection can also theoretically last if the information is kept a secret. Trade secret law also protects items which would not be proper subjects for consideration for patent protection. More importantly, trade secrets do not require public disclosure, making them particularly valuable for safeguarding competitive advantages in industries reliant on confidential processes, formulas and data.” 

She noted that due to the novelty and complexity of AI innovations, traditional intellectual property protection, including copyrights and patents, has become ineffective. Under these circumstances, she said, trade secrets offer an effective substitute or alternative tool for safeguarding AI technologies.  

“Trade secrets provide a way for safeguarding AI discoveries or inventions without any restrictions that are otherwise imposed by copyrights and patents,” she said. “Whether patents can be effectively enforced against infringers in a time-efficient manner is also crucial for business. The reality – since the U.S. Supreme Court’s decision in eBay – is that patent owners simply cannot expect to obtain injunctive relief anymore. Patent validity can also risk being challenged in an infringement case. Therefore, I see the trend that patents in the United States, Taiwan and many jurisdictions are becoming weaker and simply not desirable for certain innovators or businesses.” 

“So, it is easy to understand why so many innovators and innovative companies are increasingly exploring trade secrets as an alternative – particularly where you know that you can’t obtain a patent, or the patent you might obtain just is not worth the effort and expense,” she added. 

In Taiwan, protection of trade secrets has strategic importance, and the laws have been amended to grant stronger protection. Taiwan Semiconductor Manufacturing Company (TSMC) adopted a trade secrets recordation system to record valuable trade secrets innovations as critical assets, in addition to patents and other IP rights. 

Chris Jordan, managing principal at Davies Collison Cave in Melbourne, has a different view. He is not sure it is the case that trade secrets have evolved to become a more critical asset than traditional forms of IP, such as patents.  

“Trade secrets are certainly important, particularly with courts in many jurisdictions seemingly reluctant to provide patent protection to certain types of software inventions. Having said that, many new forms of technology lean very heavily on trade secrets laws – and in some cases copyright protection – to protect their underlying IP,” he said. “Traditional intellectual property protection can also be costly for some businesses, especially in an innovation-driven economy where the speed and expectations of innovation have increased, and so trade secrets present a cost-effective alternative to protect some IP rights, particularly for startups or where businesses are highly innovative.” 

An attack on trade secrets 

The growing reliance on trade secrets, as described by Jordan, has naturally led to a corresponding increase in the efforts to steal them. Because these assets are not protected by a government-issued grant but by the owner’s ability to maintain secrecy, they are uniquely susceptible to threats from both internal and external factors, especially in the acceleration of digital transformation and proliferation of global collaboration, which has made cyber intrusion the predominant modern attack vector for trade secret misappropriation.  

“These intrusions typically manifest through various technical means such as automated ‘crawler’ systems harvesting user data, wiretapping malware intercepting transmitted data and sensitive communications, and malicious software executing unauthorized operations on target systems,” said Xia Zheng, founder of AFD China Intellectual Property in Beijing. “Conventional judicial protection frameworks operate within clearly defined physical boundaries where jurisdiction, applicable laws and enforcement mechanisms align with territorial borders. However, cyber intrusions fundamentally disrupt this boundary, as the borderless nature of data flows enables the generation, storage, processing and utilization of information to transcend geographical constraints.”  

She added that this reality poses multifaceted challenges to conventional judicial protection, including: 

• Jurisdictional conflicts. Cyber intrusions operate without geographical constraints. Perpetrators can launch attacks from any location or route through network nodes across multiple jurisdictions, targeting trade secret data stored anywhere on the globe. Consequently, the locations where the cyber intrusion was initiated, where damages occurred, where perpetrators reside, and where the compromised trade secrets are stored may each fall under separate jurisdictions, giving rise to complex jurisdictional conflicts. 

• Challenges in cross-border Investigation and evidence collection. Evidence in cyber intrusion cases primarily consists of electronic data, which may be frequently dispersed across servers in multiple countries. Investigations and evidence collection thus require international judicial cooperation – a process typically burdened by procedural complexity and prolonged timelines. In addition, different countries have different rules for reviewing and accepting evidence, which may result in evidence obtained outside the jurisdiction not being recognized. 

• Challenges in enforcing foreign injunctions or judgments. Due to the differences in laws of different countries regarding the scope of protection of trade secrets, determination of damages and the amount of compensation, it may lead to the refusal to enforce another country’s court orders or rulings. 

Like Zheng, Shao said that the most significant new attack vectors include cyber espionage and cyberattacks, including malware deployment and phishing attacks, allowing hackers to infiltrate systems and steal sensitive information and trade secrets. “Vulnerabilities in global supply chains may potentially provide entry points for attackers targeting trade secrets,” she said.  

According to a 2017 report by Baker McKenzie, “The Board Ultimatum: Protect and Preserve,” theft by ex-employees and third-party suppliers is the biggest source of anxiety among two-thirds of company executives. “In practice, most trade secret thefts are by ex-employees who can leak the proprietary information or trade secrets by uploading to the cloud and transmitting overseas. The digitalization environment significantly increases the risk of misappropriation of trade secrets,” Shao said. 

“The borderless nature of data flow, facilitated by cloud computing and international collaboration, challenges traditional jurisdictional boundaries, making it difficult to enforce protection laws and prosecute offenders,” she explained. “First of all, determining which country has jurisdiction in cases involving cross-border data theft can be complex, hindering investigations and prosecutions. Some countries may implement data localization policies, requiring data to be stored within their borders, which can further complicate international investigations and enforcement efforts. The level of legal protection for trade secrets in different jurisdictions may be inconsistent, and it is also difficult to enforce court judgments in another jurisdiction without proper international judicial assistance.” 

“In my view, existing legal frameworks may not adequately address the complexities of digital trade secret theft, particularly in cases involving multiple jurisdictions. Addressing these challenges requires robust cybersecurity measures, international cooperation and information sharing between law enforcement agencies, and updates to legal frameworks to account for the evolving digital landscape. Ideally, there could be harmonized enforcement standards or an international convention to overcome such jurisdictional challenges,” Shao said.  

Trade secrets and AI in the next decade 

So, what is expected of trade secrets in the coming years? According to Jie He, counsel at AFD China Intellectual Property in Beijing, the rapid advancement of artificial intelligence will transform trade secrets from traditional “physical and static” information, such as product formulas and customer lists, to “digital and dynamic” assets like user data and algorithmic models.  

“AI has given rise to new forms of trade secrets, including AI model architectures, training datasets, annotation rules and AI-generated intellectual property,” she said. “However, the intelligent and open nature of AI technology not only enriches the forms and enhances the value of trade secrets, it also introduces broader leakage risks.”  

She added that these risks primarily manifest in the following ways: 

• Enhanced and stealthier data theft methods. AI technologies can more accurately simulate normal user behaviour, pinpoint the storage locations of a company’s high-value data, and identify vulnerabilities in confidentiality measures, enabling more precise and stealthier attacks. However, businesses can similarly leverage AI’s advantages to strengthen their defensive and countermeasure capabilities, gaining the upper hand in the security battle. For instance, data-driven models can be used to predict potential future attacks, allowing proactive allocation of defensive resources. When an attack occurs, adaptive response systems can be used to dynamically address the threat in real time. 

• Unintentional and fragmented data leaks. Employees may inadvertently upload sensitive information to open platforms while using AI tools in their daily work, making it difficult for businesses to promptly detect such unintentional, fragmented leaks. To mitigate these risks, enterprises can implement measures such as stricter gateway controls, data classification and desensitization, real-time data monitoring and post-event tracking of data usage, as well as regular reminders and training drills to reduce the frequency of such incidents. 

• Ineffectiveness of conventional protection methods. The rapid evolution of AI has led to the continuous upgrading of technical means for cyber intrusions, making it difficult for the traditional security measures of many businesses, especially small- and medium-sized enterprises, to cope with sophisticated AI-driven attacks. Businesses can reduce risks to an acceptable level with limited resources by taking low-cost and high-return measures such as zero-trust architectures with continuous verification, targeted defences for core assets most vulnerable to AI attacks, improved internal security policies and participation in industry-wide collaborative defence and threat intelligence sharing. 

“Businesses must go beyond standard NDAs and cybersecurity measures,” said He. “They need to proactively adapt and enhance their trade secret protection framework across technology, management and legal aspects, keeping pace with tech trends, including adopting advanced technical defences, regular employee training and security drills, strengthening third-party oversight, conducting periodic compliance reviews and building industry threat-sharing networks.” 

Jordan agreed, adding that it is probably time for businesses to engage with governments to look at introducing more robust international trade secrets laws with enhanced minimum standards relating to the definition of and protection of trade secrets.  

“These laws should also be more robust when it comes to the development of interim measures to protect trade secrets. Given the time it takes to develop international agreements, that process should start now. In the meantime, companies should make sure that they have robust systems in place to identify and protect trade secrets (and other IP) and should take care about the disclosure and storage of trade secrets across their business making sure that this only occurs in jurisdictions which have robust trade secret protection laws and effective judicial measure to protect trade secrets. It may seem tempting to save money by disclosing trade secrets as part of a production process in a low-cost jurisdiction, but when the trade secret is stolen or misused and there is little recourse, the damage done may significantly outweigh the savings,” he said.