Dynamic Tripartite Governance in data security: An evolutionary game model with cross-level government supervision

Shiyu Wang; Kai Zou; Yuxuan Zou; Zhiyi Jiang

doi:10.1371/journal.pone.0325473

Abstract

As digital governance transitions to a decentralized architecture, data security has become a key driver of institutional modernization. This study constructs a three-party evolutionary game framework, integrating the grassroots government (GRG), local government (LG), and third-party regulator (TPR), and empirically calibrates the parameters using financial records from municipal data projects. Using replicator dynamics and Lyapunov stability analysis, we identify three key mechanisms in cross-level governance: 1. While reward systems enhance GRG compliance, excessive rewards, due to resource misallocation, weaken LG’s regulatory rigor. 2. When the overall penalties systematically exceed opportunistic gains, rent-seeking behavior is effectively suppressed, reducing the incentives for collusion between GRG and TPR. 3. Increasing the rent-seeking costs of TPR and enhancing social accountability benefits promote GRG’s sustained commitment to data security supervision. Simulations conducted in MATLAB illustrate the nonlinear interactions between governance parameters and reveal that dynamic reward and punishment mechanisms can accelerate convergence towards a stable regulatory equilibrium. This study proposes optimizing China’s grassroots data governance framework through dynamically adjusted reward and penalty mechanisms and increased rent-seeking costs, providing practical guidance for enhancing regulatory effectiveness. Index Terms data security governance, evolutionary game theory, incentive mechanisms, grassroots regulation, rent-seeking.

Citation: Wang S, Zou K, Zou Y, Jiang Z (2025) Dynamic Tripartite Governance in data security: An evolutionary game model with cross-level government supervision. PLoS One 20(6): e0325473. https://doi.org/10.1371/journal.pone.0325473

Editor: Zhengmao Li, Aalto University, FINLAND

Received: February 23, 2025; Accepted: May 13, 2025; Published: June 3, 2025

Copyright: © 2025 Wang et al. This is an open access article distributed under the terms of the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.

Data Availability: All relevant data are within the manuscript and its Supporting Information files.

Funding: Priority projects of the Social Science Achievement Review Board of HuNan [No. XSP24ZDI032].

Competing interests: The authors have declared that no competing interests exist.

Introduction

The Digital China Initiative was officially introduced in the “14th Five-Year Plan for the Development of Digital Economy” by the State Council, and it has become a strategic driving force for China’s modernization development model [1]. Under this framework, data, as a core production factor, has fundamentally reshaped the economic value creation mechanism [2]. The construction of the digital ecosystem is accompanied by the generation of vast amounts of data, while data security issues have also emerged as an urgent challenge that needs to be addressed [3]. According to the Security Insider, AT&T, a U.S. telecommunications company, suffered a data breach that exposed 73 million customer records, including personal information such as names, phone numbers, and mailing addresses [4]. The Wall Street Journal reported that the Shanghai Municipal Public Security Bureau’s database had been hacked, leaking personal information of over 1 billion residents of mainland China [5]. Unrestricted data collection, data analysis, data misuse, and hacking attacks are gradually threatening individual privacy, corporate security, and social stability. As a key tool to address data security issues, data security governance directly impacts national security and public interests. By incorporating security regulatory mechanisms into organizational structures, it effectively enhances organizational security capabilities and promotes coordination between data security and risk management [6,7].

China’s data security governance started relatively late, and the government still faces many challenges in regulating data practices across various industries. Strengthening regulatory capabilities and effectiveness is a crucial measure to ensure data security. As public concern over data security intensifies, academia is continuously updating its research to address new challenges. Current research primarily focuses on the interactions between the government and various industries [8,9]. However, the behavior of GRG, as a key player in data governance, has not received sufficient attention or in-depth discussion. The political changes at the grassroots level in 20th-century China were centered around the decentralization of national power. As a grassroots organization, township governments are tasked with enhancing grassroots social management and services, shifting the focus of social governance downward to increase the public’s sense of access, well-being, and security [10]. The promotion of digital government has prompted GRG to accelerate its data security governance efforts. GRG data security governance involves multiple participants, whose interactions form a dynamic game. As the frontline implementers of data security governance, GRG is directly responsible for the collection, processing, and compliance oversight of data. LG is responsible for the broad management of the regulatory framework, resource allocation, and penalties for non-compliant behavior. TPR provides regulatory services, ensuring the effective implementation of data security governance measures and helping the government identify potential risks through audit reports.

Therefore, this study constructs a dynamic evolutionary game model of cross-level government to analyze the interactive relationships between GRG, LG, and TPR in data security regulation, filling the gap in research on grassroots government data regulation. The model also incorporates rent-seeking behavior to explore its potential impact on data security regulation. Through the analysis, the model reveals how increasing the costs of rent-seeking can improve governance effectiveness. This provides new insights for optimizing the existing regulatory framework, particularly in terms of coordinating cooperation between various levels of government and TPR, offering new perspectives and theoretical support for data security governance, with significant academic value and practical significance.

Background

The American National Standards Institute (ANSI) defines data governance as the process of managing data availability, security, and privacy within an enterprise, covering data lifecycle management [11]. The European Union, through modernized regulatory mechanisms, has set a broad territorial jurisdiction for data governance, enhancing its extraterritorial effectiveness [12]. Early research laid the foundation for data governance practices through comparative legal analysis and the construction of cross-national policy evaluation systems [13]. Subsequent studies introduced lifecycle theory, mapping security protocols for the stages of data collection, storage, and transmission in detail, while the pyramid of needs model further refined these frameworks by aligning technological safeguards with organizational priorities [14,15]. The open government data movement has driven scholars to deconstruct trade-offs in security risks, proposing evaluation matrices applicable to public platforms [16–18]. Factor analysis methods later identified key determinants of governance efficiency, such as encryption standards, access control, and audit frequency, providing actionable standards for institutional design [19,20]. In recent years, with the growing interest in adaptive regulation, research has shifted to focus on how to balance innovation and risk control in a dynamic regulatory environment. Europe’s data governance model has had a significant impact on China’s mixed approach to sovereignty protection and cross-border interoperability [21–26]. The EU’s General Data Protection Regulation (GDPR) promotes enforcement of cross-border data cases through a “one-stop” regulatory mechanism, ensuring shared authority between regulators, though it still faces challenges such as procedural opacity and inefficiency [27]. Therefore, evolutionary game theory has provided important theoretical support for multi-center governance, especially through risk regulation in public-private partnerships [28,29], hierarchical supervision under central-local execution strategies [30–34], and quality control mechanisms aligning incentives between producers and consumers in the data market [35–37]. Despite many studies recognizing the reward-punishment mechanism as a key lever in governance [38–41], their limitations fail to fully reveal the complexity of the governance process. Firstly, these studies often simplify government actors into a single entity, ignoring the diversity and conflicts of interest within the government [42–44]; secondly, static equilibrium assumptions cannot effectively explain the path-dependent nature of decentralized governance systems [45,46]; finally, they do not consider the potential rent-seeking behavior between game participants, which could lead to improper exchanges of benefits and exacerbate the risk of governance failure [47,48]. These limitations mean that in understanding and designing cross-level government supervision, the crucial role of grassroots governments in coordinating multiple interests and the challenges they face in implementation are often overlooked [49], especially in balancing interests between different levels in the face of rent-seeking behavior. The current literature on this type of cross-level governance is still insufficient, and how to effectively integrate relationships between levels and address data security issues remains an underexplored area.

Existing research provides theoretical frameworks for data security governance, but the role of GRG in multi-center governance within the three-party regulatory framework has not been deeply analyzed. Additionally, the literature on cross-level government supervision is sparse, failing to fully reveal the complex interactions between GRG, LG, and TPR. These research gaps leave us with insufficient understanding of the practical effects and potential issues of multi-party collaboration in data security governance. To address these issues, this paper proposes a game model that introduces rent-seeking behavior, combining the dynamic interactions between GRG, LG, and TPR, with the aim of filling this research gap, exploring the application of cross-level government supervision in data security governance, and offering new perspectives and solutions for improving the data security governance system.

Evolutionary game model

Problem statement.

The continued occurrence of data security issues highlights the urgent need for government agencies to strengthen data security governance. These issues not only damage the government’s credibility but also have a significant impact on the public’s daily life. TPR, as a neutral entity, effectively complements the hierarchical supervision framework while increasing the credibility of GRG’s governance. GRG plays an execution and supervision role in data governance, but due to limitations in funding, technology, and personnel, it often lacks sufficient capabilities. TPR, on the other hand, is tasked with data compliance checks, privacy protection, and security audits. The professionalism and independence of these agencies make them valuable partners for both the government and businesses. In this context, rent-seeking behavior that may emerge between GRG and TPR has gradually become an undeniable phenomenon [50,51]. When GRG faces a lack of resources in data governance, the governance costs often exceed the losses that would occur in the short term by not conducting governance. Therefore, some GRGs may choose to cooperate with third-party regulatory agencies to avoid high governance costs. This rent-seeking behavior typically manifests as GRG choosing not to conduct data security governance, instead obtaining partially incomplete or substandard governance reports through rent-seeking, thereby reducing governance costs in the short term. TPR, driven by economic interests, refrains from regulation and either accepts or actively engages in rent-seeking behavior in exchange for benefits from GRG. In the process of providing compliance certifications, TPR may lower standards, delay the issuance of reports, or weaken the regulatory intensity in other ways. This behavior not only undermines the quality of data security governance but may also create hidden risks for data breaches, misuse, and other threats. Furthermore, the regulatory pressure on LG may prompt them to relax data security requirements to save costs or avoid penalties. This lack of regulation exacerbates governance failure, affecting public trust and data security.

Therefore, unlike previous regulatory models, the game model introduces an analysis of rent-seeking behavior, revealing the interest game mechanism between GRG and TPR. By simulating the impact of rent-seeking behavior, this approach helps policymakers identify potential issues in governance and design more effective regulatory strategies, ensuring the transparency and effectiveness of data governance. This research holds significant theoretical value and practical implications for government public governance in the current digital transformation. Fig 1 illustrates the tripartite game behavior in data security supervision within GRG.

Download:

Fig 1. Game-behavior relationship of data security supervision in GRG.

https://doi.org/10.1371/journal.pone.0325473.g001

Model assumptions

In the context of GRG data security governance, we identify three bounded rational agents [52]: the grassroots government (GRG), the local government (LG), and third-party regulators (TPR). Each agent strategically adapts their choices based on others’ decisions within an evolutionary game framework. Key assumptions are grounded in prior studies on regulatory dynamics [53], incentive design [54], and multi-level governance [55].

Assumption 1: Let x∈ [0,1] represent the probability that GRG chooses to perform data security governance, and 1 − x represent the probability of choosing not to perform data security governance. Similarly, y∈ [0,1] and z∈ [0,1] represent the regulatory probabilities for TPR and LG, respectively.

Assumption 2: GRG performing data security governance generates a baseline profit while incurring governance costs . If data governance is not performed, data security incidents may occur, leading to compensation and other costs, with this cost being , where >. To avoid high governance costs, GRG may engage in rent-seeking with TPR to obtain a more comprehensive data security governance report, with the rent-seeking cost denoted as , and <(−). Furthermore, speculative behavior from not performing data security governance will incur speculative costs, including lowering standards, delaying governance, and other management fees, with the speculative cost denoted as Cp.

Assumption 3: TPR chooses to supervise and earns a reward . If TPR engages in rent-seeking with GRG and helps provide a more complete data governance report in exchange for benefits, TPR will bear the rent-seeking cost .

Assumption 4: If GRG does not perform data security governance, LG will impose a penalty , and if TPR chooses not to supervise, LG will impose a penalty . Conversely, if GRG performs data security governance, it will receive a reward , and if TPR chooses to supervise, it will receive an incentive .

Assumption 5: LG’s choice to supervise incurs a cost , and it gains a societal benefit . If LG chooses not to supervise, the cost of rectifying the data security incident will be . A failure in regulation that causes a decline in government credibility will result in a penalty from the superior department, where > to ensure incentive compatibility. When the cost is too high, LG may tolerate collusion between GRG and TPR to avoid bearing , reflecting the real-world trade-offs within a hierarchical system.

The parameter definitions are provided in Table 1, which details the meaning of each parameter and its role and impact in the model. Through Table 1, readers can clearly see the specific values of the parameters used in the model and how they influence the model’s operation and outcomes.

Download:

Table 1. Parameter Settings.

https://doi.org/10.1371/journal.pone.0325473.t001

Model construction.

According to the above assumptions, Table 2 shows the evolutionary game matrix of the tripartite subjects of the GRG, the TPR, and the LG.

Download:

Table 2. Evolutionary game matrix of GRG, TPR, and LG.

https://doi.org/10.1371/journal.pone.0325473.t002

Replication dynamic equation

Strategic stability analysis of GRG.

With an expected benefit of for a GRG that chooses to conduct data security governance, for one that chooses not to conduct data security governance, and an average expected benefit of , Therefore:

(1)

(2)

(3)

The replication dynamic equation for the strategy choice of the GRG is derived from equations (1), (2), and(3) as follows:

(4)

The first-order derivatives of x and the set are respectively:

(5)

(6)

According to the stability theorem of differential equations, the probability that the GRG will carry out data security governance in a steady state must be satisfied.

and . The solution is obtained from for , , and Since the first-order derivative of is less than 0, is a decreasing function on .

when , at which point and the GRG is unable to determine an evolutionary stabilisation strategy;

When , , then , is the Evolutionarily Stable Strategy (ESS) of the GRG; conversely, is the ESS.

The phase diagram of the evolution of GRG strategies is shown in Fig 2.

Download:

Fig 2. Phase diagram of the evolution of GRG strategies.

https://doi.org/10.1371/journal.pone.0325473.g002

From Fig 2, the volume of the probability of the GRG choosing not to carry out data security governance is , and the volume of the probability of choosing to carry out data security governance is , which is calculated:

(7)

(8)

Corollary 1 The probability that a GRG conducts data security governance is positively correlated with the raw benefits, breaches costs, supervisory costs, and rewards and penalties of the LG and negatively correlated with the cost savings of not conducting data security governance.

Proof: First-order partial derivatives are obtained for each element in

From the first-order partial derivatives, an increase in , , (+), and , as well as a decrease in (-), decreases . It increases , i.e., the probability that the GRG chooses to conduct data security governance increases.

Corollary 1 shows that the fundamental benefits of data security governance are crucial in deterring GRG from overlooking governance risks. LG can discourage neglect of data security governance among GRG through rewards and punishments and amplifying non-compliance costs. This can be done by enhancing influential tools such as expanding government open platforms, encouraging GRG to commit to data security governance.

Corollary 2 The probability that a GRG conducts data security governance as the game evolves increases with the likelihood that the regulator refuses to provide rent-seeking behaviour and that the LG chooses to supervise

Proof: From the stability analysis of GRG governance strategy, when at this time, then that is, the GRG does not conduct data security governance as an evolutionarily stable strategy. Therefore, as the probability of TPR and LG choosing to supervise increases, the probability of GRG choosing to conduct data security governance increases from 0 to 1.

Corollary 2 shows that the probability that a GRG will engage in data security governance as a stabilization strategy increases with the probability that a TPR and a LG will choose to supervise. The process of LG regulation not only improves the probability of data security governance by GRG but also develops the social attributes of TPR. They are utilising media opinion to monitor the situation of data security governance at the grassroots level of government and provide wider channels for GRG data security supervision.

Strategic stability analysis of stability analysis of TPR.

The expected return for a TPR who chooses to supervise is , and the expected return for a TPR who chooses not to supervise and provide rentseeking behaviour, etc., is . The average expected return is respectively

(9)

(10)

(11)

The replication dynamic equation for the TPR strategy choice is derived by solving the system of equations (9), (10), and (11) as follows:

(12)

The first-order derivatives of y and the set are, respectively:

(13)

(14)

According to the stability principle of differential equations, the probability that the TPR chooses to supervise in a steady state must be satisfied:

and <0. The solution is obtained from for , , and . Since the first-order derivative of is less than 0, is a decreasing function on .

When , , , and . At this point, the TPR is unable to determine a stabilization strategy;

When , and , then is the stable evolutionary strategy of the TPR; conversely, when , is the stable evolutionary strategy of the TPR.

From , it follows that the coordinates of the two points on the phase diagram plane at the intersections of the x-axis and z-axis are and .

A phase diagram of the strategy evolution of TPR is shown in Fig 3.

Download:

Fig 3. Phase diagram of the evolution of TPR’s strategies.

https://doi.org/10.1371/journal.pone.0325473.g003

From Fig 3, the probability that a third-party organization chooses to supervise is and the volume is . The probability that it chooses not to supervise and provides rent-seeking behaviour for the LG is , and the volume is . calculated:

(15)

(16)

Corollary 3 The probability that a TPR chooses to supervise is negatively correlated with its benefits and positively correlated with the costs of behaviors such as rewarding LG for supervising, penalizing them for choosing not to supervise, and providing rent-seeking behavior to GRG.

Proof: The first-order partial derivatives of each element separately for yield: , , , . Therefore, when the rent-seeking costs for the GRG to obtain TPR decrease, and when the government increases the rewards and penalties for third-party institutions, as well as when TPR raises the rent-seeking costs, the probability of the third-party regulatory institutions choosing to regulate will increase.

Corollary 3 shows that when TPR benefit significantly from overseeing GRG and engaging in rent-seeking behaviors, LG must intensify their monitoring of these regulators. At the same time, efforts should be made to enhance the professional training of TPR staff and strengthen public participation in supervision, among other measures, in order to increase the costs of rent-seeking behavior provided by TPR. This will help promote fair and impartial regulation of local government data security governance by TPR.

Corollary 4 The probability that a TPR chooses to supervise increases with the probability that a LG and a GRG choose to conduct data security.

Proof: When and , is an evolutionarily stable strategy, and conversely when and , is an evolutionarily stable strategy. Therefore, it can be seen that when the probability of the GRG choosing data security governance and the LG choosing to supervise increases, the probability of the TPR choosing to supervise also increases from 0 to 1.

Corollary 4 shows that TPR’s strategic choices vary with the grassroots and LG’s supervisory strategies. The choice of r supervision by LG and the increased investment in data security governance by GRG all contribute to the increased probability of a TPR choosing to supervise as a stabilization strategy. Therefore, to ensure that data security governance is carried out orderly, LG should put forward strict supervisory requirements for TPR, provide specific incentives and support to GRG that conduct data security governance, and cultivate GRG’s awareness of data governance.

Strategic stability analysis of LG.

With a return of for LG choosing to supervise, an expected return of for not supervising and an average expected return of , there is:

(17)

(18)

(19)

The replication dynamic equation for the LG strategy choice is derived by solving the system of equations (17), (18), and (19) as follows:

(20)

The first-order derivatives of z and the set are respectively:

(21)

(22)

According to the stability principle of differential equations, the probability that the LG chooses to supervise is steady must be satisfied: and . Since >0, i.e., is an increasing function concerning .

When, , , at this point the LG cannot determine a stabilization strategy;

When , , , is the stabilizing evolutionary strategy of the LG; Conversely, is a stable evolutionary strategy for LG when .

A phase diagram of the evolution of LG strategies is shown in Fig 4.

Download:

Fig 4. Phase diagram of LG strategy evolution.

https://doi.org/10.1371/journal.pone.0325473.g004

From Fig 4, the probability that the LG chooses to supervise is , with volume , and it chooses not to supervise is , with volume . Calculated:

(22)

(23)

Corollary 5 The probability that a LG chooses to supervise increases with an increase in LG fines to the GRG and administrative penalties from higher levels and decreases with an increase in LG incentives to the GRG and TPR.

Proof: The first-order partial derivatives of each element of are obtained as <<, and we obtain: ((+-)-(++)>0), , , , . Therefore, when (+-)-(++)>0, an increase in increases , i.e., the probability that the LG chooses to supervise increases. From the above partial derivatives, it is clear that an increase in the amount of LG penalties and a decrease in the amount of incentives increases the probability that the LG chooses to supervise.

Corollary 5 shows that LG’s probability of supervising is related to the incentives and disincentives mechanisms for GRG and TPR. LG set penalties and incentives about their benefits and costs, i.e., if LG increase the amount of penalties, the benefits will increase; if the amount of incentives is reduced, the costs will be reduced. Higher administrative penalties increase the probability that LG will choose to supervise. In addition, the greater the probability of LG choosing to supervise, the greater the probability of TPR supervising the GRG, thus prompting the GRG to accelerate data security governance.

Corollary 6 During the game’s evolution, the LG’s probability of supervising decreases as either the GRG opts to conduct data security governance, the TPR decides to supervise, or both.

Proof: When , i.e. , LG choose supervision as a stabilization strategy. As GRG choose data security governance and TPR choose regulation, the probability of LG choosing supervision decreases to 0. Thus the probability of LG supervision decreases as the probability of GRG choosing to conduct data security governance and TPR choosing to supervise increases.

Corollary 6 shows that the probability that a LG chooses to supervise is influenced by the TPR as well as the selection strategy of the GRG. When the probability of GRG choosing data security governance and TPR choosing to supervise increases, the probability of LG choosing to supervise decreases, making them prone to situations such as untimely supervision.

Stability analysis

After analyzing the strategic stability of the GRG, the TPR, and the LG, we have reached the equilibrium point of their replicated dynamic equations. In other words, over time, the strategic choices of these critical players will converge to a state of equilibrium. However, while the final result of the above analysis indicates the equilibrium point where the equations converge, the stability of this final equilibrium point has yet to be determined. According to the evolutionary game theory, further analysis of the three-party game subjects is still necessary.

The replication dynamic equations for the three subjects, the GRG, the TPR, and the LG, are:

(24)

(25)

(26)

The Jacobian matrix for this dynamic equation can be expressed as:

The Nash equilibrium can be obtained by making , , and in the game system, i.e., , , , , , , , , ), , , , , .

In an asymmetric game, if the equilibrium E of the evolutionary game is an asymptotically stable state, it must be a strict Nash equilibrium. A strict Nash equilibrium, by definition, is a pure strategy equilibrium, and the equilibrium E is a pure strategy equilibrium [56]. Therefore, it is sufficient to discard - and focus on analyzing the asymptotic stability of the pure strategy equilibrium points -. According to Lyapunov’s first theorem, the necessary condition for an equilibrium point to be locally asymptotically stable is that the real part of all eigenvalues of its corresponding Jacobian matrix must be negative [57]. In this paper, the stability of all pure strategy equilibrium points is determined through the eigenvalues of their Jacobian matrices, as shown in Table 3. When the real parts of all eigenvalues are negative (as in and ), the corresponding equilibrium is judged to be asymptotically stable (ESS). If there are eigenvalues with zero or positive real parts, the equilibrium point is unstable. Therefore, the results of the stability analysis are presented in Table 3.

Download:

Table 3. Equilibrium point stability analysis.

https://doi.org/10.1371/journal.pone.0325473.t003

Corollary 7 When and , there exist two stable points and .

Proof: When and , it can be seen from Table 2 that the and eigenvalues are both negative, and at this time, there are two asymptotic stabilization points of the system.

Corollary 7 shows that When LG rewards and penalties for GRG and TPR are small, or when the cost of data governance for GRG is significant. At the same time, the cost of regulation for TPR is high, the choice of strategy stabilizes at strategy 1(GRG choose not to conduct data security governance, TPR choose not to supervise, and LG choose to supervise) and strategy 2(GRG choose to conduct data security governance, TPR choose to supervise, and LG choose not to supervise). To avoid the emergence of Strategy 1, LG should increase the penalties and incentives for TPR and GRG to fulfill the supervisory role of LG.

Corollary 8 A stabilization point exists when 0 and .

Proof: When and , according to the equilibrium point stability analysis, condition j is not satisfied, is an unstable point, and there is only one stable point as .

Corollary 8 shows that to effectively prevent the emergence of a strategy combination where , , in the evolutionary game model, the sum of rewards and penalties from the LG must exceed the difference between the cost of implementing data security governance and the cost of non-governance by the GRG, specifically, it must be higher than the cost of violations. This ensures the appearance of a mixed-strategy equilibrium point, provided that all other critical factors remain constant. Furthermore, when the net penalty (the difference between punishment and reward) exceeds the cost of regulation, it incentivizes GRG to adopt a data security governance strategy.

Simulation experiments

Setting initial values.

Currently, there is a lack of comprehensive statistical data on the regulatory aspect of GRG data security governance. To ensure the validity and authenticity of the simulation data, we have set some parameters based on existing relevant data. These initial data primarily come from national standards, government websites, and other sources. The remaining parameters are set based on references from related literature, industry experts, and corporate data.

Upon reviewing the 2023 Statistical Yearbook of Xiangtan City, Hunan Province, particularly the fiscal expenditures section [58], we found that local governments allocated 46.03 million yuan for public safety expenditures. Since public safety expenditures cover a broad range, including data security governance as one of the components, we set the cost of GRG for data security governance, to 45. According to IBM’s “2023 Data Breach Cost Report” [59], the average cost of a data breach in 2023 reached 69.4 million yuan, which includes breach costs across more than 50 industries. Therefore, we set the cost for GRG not performing data security governance, to 15.

On June 16, 2023, a technology company in Zhejiang developed and operated an information management system for a local government department in Zhejiang, but failed to implement data security services, resulting in significant data leakage. The Wenzhou Public Security Bureau in Zhejiang imposed a fine of 1 million yuan on the company [60]. Based on this, we set the penalty value from LG to TPR, to 8. According to Article 45 of the “Data Security Law of the People’s Republic of China,” organizations that conduct data processing activities and fail to fulfill their data security protection obligations, resulting in significant data leakage or other serious consequences, are fined between 500,000 yuan and 2 million yuan. For violations of national core data management regulations that threaten national sovereignty, security, and development interests, relevant competent authorities impose fines ranging from 2 million yuan to 10 million yuan [61]. Therefore, we set the penalty from LG to GRG, to 15, and the penalty from the superior department to LG, to 40. On December 18, 2023, the Xicheng District of Beijing released the “Measures to Accelerate the High-Quality Development of the Data Element Market in Xicheng District (Draft for Comment)” [62], proposing rewards for those leading or participating in formulating data element-related standards for the country, Beijing, or specific industries. The rewards would be 1 million yuan, 400,000 yuan, and 200,000 yuan respectively for each item. Based on this, we set the reward from LG to GRG, to 7, and the reward from LG to TPR, to 4.

Other parameter values were set based on the previously described assumptions and stability conditions, as well as references from related literature [3,63,44]. The initial values of the parameters in Array 1 are shown in Table 4. These values are designed to satisfy the conditions and, and to analyze the impact of changing values on the evolutionary game process.

Download:

Table 4. Initial Parameter Settings.

https://doi.org/10.1371/journal.pone.0325473.t004

Results

a. The effect of GRG raw benefits and TPR costs on the evolutionary game process

is assigned values of 40, 70, and 100 to obtain three sets of control data, with the simulation results shown in Fig 5. is assigned values of 20, 30, and 40 to obtain three sets of control data, with the simulation results shown in Fig 6.

Download:

Fig 5. The impact of GRG’s original profit.

https://doi.org/10.1371/journal.pone.0325473.g005

Download:

Fig 6. The impact of rent-seeking costs.

b. The effect of LG fines and incentives for TPR on the evolutionary game process.

https://doi.org/10.1371/journal.pone.0325473.g006

Fig 5 illustrates the evolution of GRG strategy choices as the original revenue () changes. When increases from 40 to 100, the trend for GRG to choose data security governance accelerates. This result confirms Corollary 1, indicating that has a positive influence on GRG’s strategy choice.

Fig 6 shows the evolution of GRG strategy choices as rent-seeking costs () change. When increases from 20 to 40, the trend for GRG to choose data security governance accelerates, validating the effectiveness of Corollary 1 and demonstrating that an increase in positively affects GRG’s strategy choice.

is assigned values of 8, 18, and 28 to obtain three sets of control data, with the simulation results shown in Fig 7. is assigned values of 4, 10, and 16 to obtain three sets of control data, with the simulation results shown in Fig 8.

Download:

Fig 7. Effect of LG on the amount.

https://doi.org/10.1371/journal.pone.0325473.g007

Download:

Fig 8. Effect of LG on the amount of fines imposed on TPR of incentives for TPR.

c. The effect of LG incentives for GRG and administrative penalties at higher levels on the evolutionary game process.

https://doi.org/10.1371/journal.pone.0325473.g008

Fig 7 shows the evolution of LG strategy choices as the punishment level from TPR () changes. When increases from 8 to 28, the process for LG to choose regulation accelerates, in line with Corollary 5, indicating that an increase in positively guides LG towards choosing regulation. At the same time, the increase in raises the probability that TPR will choose not to supervise, avoiding rent-seeking behavior with GRG, consistent with the results of Corollary 3.

Fig 8 shows the evolution of LG strategy choices as the reward level from TPR () changes. When increases from 4 to 16, the process for LG to choose regulation accelerates. This simulation supports Corollary 5, indicating that an increase in encourages LG to choose non-regulation.

is assigned values of 0, 7, and 14 to obtain three sets of control data, with the simulation results shown in Fig 9. is assigned values of 20, 40, and 60 to obtain three sets of control data, with the simulation results shown in Fig 10.

Download:

Fig 9. Effect of LG on the amount of incentives for GRG.

https://doi.org/10.1371/journal.pone.0325473.g009

Download:

Fig 10. Effect of higher authorities on LG penalties.

https://doi.org/10.1371/journal.pone.0325473.g010

Fig 9 illustrates the evolution of LG strategy choices as the reward and punishment levels from GRG () change. When increases from 0 to 14, the process for LG to choose non-regulation accelerates. This result validates Corollary 5, showing that an increase in reduces the probability of LG choosing regulation.

Fig 10 demonstrates the simulation evolution of LG strategy choices as the upper-level punishment () changes. When increases from 20 to 60, the trend for LG to choose regulation accelerates. This result confirms Corollary 5, indicating that an increase in raises the probability of LG choosing regulation.

Discussion

Array 2 is set as follows: , , , , , , , , , , , . The parameter settings satisfy the conditions and . The arrays 1 and 2 will be evolved for 50 times. The results are shown in Figs 11 and 12.

Download:

Fig 11. The result of evolving array 1 for 50 times.

https://doi.org/10.1371/journal.pone.0325473.g011

Download:

Fig 12. The result of evolving array 2 for 50 times.

https://doi.org/10.1371/journal.pone.0325473.g012

As shown in Fig 11, after 50 evolutionary analyses, the final strategy stabilizes at (1,1,0), which corresponds to “data security governance, supervision, no supervision,” in line with Corollary 8. According to Fig 12, when Array 2 satisfies ①, the final strategy stabilizes at both (0,0,1) and (1,1,0) after 50 evolutionary analyses. This indicates that the three stakeholders—GRG, TPR, and LG—form two strategy combinations: (no data security governance, no supervision, supervision) and (data security governance, supervision, no supervision). Evolutionary analysis suggests that LG should establish a reward and punishment mechanism based on the interaction between the choices of GRG and TPR, ensuring that the sum of fines and rewards exceeds the benefits derived from choosing not to supervise and engaging in rent-seeking behavior. This is critical to prevent TPR from opting out of supervision and engaging in rent-seeking behavior with GRG, which could threaten data security at the grassroots level. Therefore, the simulation analysis corroborates the inferred selection strategies of the involved parties and provides practical guidance for GRG’s data security supervision strategy.

Conclusions

With the introduction of the reward and punishment mechanism, this study incorporates rent-seeking behavior into the construction of a three-party evolutionary game model to analyze the interactions between GRG, TPR, and LG in data security governance. Through theoretical analysis and model simulation, this study summarizes three core principles of cross-level governance: First, the reward mechanism should match the regulatory costs; excessive incentives may weaken the effectiveness of regulation. Second, the punishment measures should be sufficient to outweigh potential profit incentives, effectively curbing rent-seeking behavior. Finally, increasing the cost of rent-seeking is an effective method to prevent GRG from neglecting data security governance and TPR from failing to perform its regulatory duties, thus helping improve the overall compliance of the regulatory system.

By incorporating real-world cases, this study explores how dynamic reward and punishment mechanisms can be effectively integrated into the existing regulatory system to enhance regulatory effectiveness. For example, some LGs have implemented dynamic reward and punishment mechanisms in specific areas, such as carbon emissions [64] and drug safety [34]. In the carbon emissions field, LGs have used dynamic adjustments to reward mechanisms to encourage companies to reduce emissions, while adjusting penalty measures based on companies’ compliance, thus reducing environmental pollution and lowering regulatory costs. Additionally, in the field of drug safety, the government has increased the intensity of rewards and punishments for TPR to ensure drug quality and public health, preventing the entry of low-quality drugs into the market. Drawing from these practical experiences, this study proposes applying dynamic reward and punishment mechanisms to data security governance. LG can adjust rewards and punishments based on the compliance behavior of GRG and TPR, ensuring that all parties maintain a state beneficial to societal and public interests. Furthermore, by increasing the rent-seeking costs for GRG and TPR, the transparency and effectiveness of data governance can be enhanced, reducing regulatory gaps and lowering the risk of governance failure.

Although this study provides a new perspective on cross-level cooperation in data security governance, there are still some limitations. First, the assumptions in the model may deviate from the complexity of real-world environments, and future research could further validate the model’s adaptability using actual data. Second, this study mainly focuses on the digital governance context in China, and future research could consider cross-country comparative studies to explore the impact of different governance structures on data security. Finally, with the development of emerging technologies, future research could explore how to adjust regulatory frameworks to address the challenges posed by technological changes.

This work was supported by the Priority projects of the Social Science Achievement Review Board of HuNan: “A Study on the Governance Capacity of Rural Grassroots Governments in Hunan under the Perspective of ‘Digital Countryside’” [No. XSP24ZDI032].

Supporting information

S1 File. This study uses MATLAB for simulation, and the following is the code used in this research. Through these codes, we can carry out the specific simulation process and conduct a detailed analysis of the topic under study. I hope this will assist your research, and I look forward to further communication and collaboration.

https://doi.org/10.1371/journal.pone.0325473.s001

(PDF)

Acknowledgments

The authors would like to express our sincere gratitude to the editor and anonymous reviewers for their valuable comments and constructive suggestions, which have significantly contributed to enhancing the quality of this research.

References

1. The State Council of the People’s Republic of China. The 14th Five-Year Plan for Digital Economy Development [Policy Document No. 2021-78]. 2021. http://www.gov.cn/zhengce/content/2021-12/12/content_5659699.htm
- View Article
- Google Scholar
2. General Office of the CPC Central Committee & General Office of the State Council. Overall Layout Plan for Digital China Construction [Policy Document No. 2023-12]. 2023. http://www.gov.cn/zhengce/2023-02/27/content_5743484.htm
- View Article
- Google Scholar
3. Tian Z, Jiang C, Yue G. Analysis of digital security governance under the objectives of digital ecology: A three‐party evolutionary game approach. Complexity. 2024;2024.1:8849477.
- View Article
- Google Scholar
4. Security Reference. Review of Major Global Data Breaches in the First Half of 2024 [EB/OL]. (2024-07-03. ). https://www.secrss.com/articles/67725?utm_source=chatgpt.com
- View Article
- Google Scholar
5. The Wall Street Journal. Shanghai Police Database Was Exposed Online for Over a Year, Setting the Stage for Theft[EB/OL]. (2025-04-05. ). https://cn.wsj.com/articles/上海警方数据库曾在网上暴露一年多-为失窃埋下伏笔-11657176307?utm_source=chatgpt.com
- View Article
- Google Scholar
6. Schinagl S, Shahim A, Khapova S. Paradoxical tensions in the implementation of digital security governance: toward an ambidextrous approach to governing digital security. Comput Secur. 2022;122:102903.
- View Article
- Google Scholar
7. Data Security Market Research Report. https://www.djyanbao.com/report/detail?id=3326959&from=search_list.Datasecuritymarketresearchreport
- View Article
- Google Scholar
8. Wen Z, Wang F, Hu F. Government regulation and corporate profit-seeking in evolutionary game theory: An analysis based on the data security regulation mechanism. Sci Technol Manag Res. 2024;44(24):169–79.
- View Article
- Google Scholar
9. Zhao X, Li J, Li T. Research on personal information security regulation of mobile applications based on three-party evolutionary game theory. Inf Sci. 2025:1–17. Retrieved from http://kns.cnki.net/kcms/detail/22.1264.G2.20241015.1520.002.html
- View Article
- Google Scholar
10. Guo Y, He H. The hierarchical relationship of grassroots government systems in China: from imbalance to collaboration. Comparative Econ Soc Syst. 2021;(02):90–100.
- View Article
- Google Scholar
11. National Institute of Standards and Technology.NIST.SP.1500-1r1 big data interoperability: Framework: Volume 1,Definitions[S]. NIST. 2018.
12. Lopes D. Gdpr - main international implications. Eur J Priv Law Technol. 2020.
- View Article
- Google Scholar
13. Martin S, Foulonneau M, Turki S. Open data: barriers, risks, and opportunities. In: Proceedings of the European Conference on e-Government. Varese: ACPI. 2013. 301–9.
14. Ma H, Xu T. Research on the construction of the evaluation system for China’s government data security policies. Lib Theory Pract. 2018;2018(01):1–4.
- View Article
- Google Scholar
15. Shameli-Sendi A. An efficient security data-driven approach for implementing risk assessment. J Inf Secur Appl. 2020;54:102593.
- View Article
- Google Scholar
16. Mei A, Chen Z. Concerns about data security in government data openness and their mitigation measures. J Intell. 2023;42(05):76–85.
- View Article
- Google Scholar
17. Dai J. Research on process-based risk identification and prevention strategies for government data openness. J Intell. 2019;38(06):145–51.
- View Article
- Google Scholar
18. Wanyan D, Song T. Security risk assessment of local government data openness platforms in China. Lib Tribune. 2022;42(2):119–28.
- View Article
- Google Scholar
19. Chen M, He Q. Identification of key influencing factors of privacy risks in open government data. Lib Inf Serv. 2023;67(08):40–9.
- View Article
- Google Scholar
20. Gao F, Xu S. Analysis of influencing factors of data security construction in local government data openness - based on csQCA linkage effect analysis of 21 local government cases. Lib Inf Serv. 2023;67(09):90–9.
- View Article
- Google Scholar
21. Chen Z. Supervisory sandbox: a new solution for governance of data elements. Lib Tribune. 2023:1–10.
- View Article
- Google Scholar
22. Zheng L. Construction of sandbox regulation for autonomous driving data security. Forum on Sci Technol China. 2023;(5)154–62.
- View Article
- Google Scholar
23. Zhang T, et al. National data security governance in the UK: system, institutions, and implications. J Inf Resour Manag. 2022;12(06):44–57.
- View Article
- Google Scholar
24. Xu G, Huang L. Understanding regulatory sandboxes: theoretical discussions, implementation principles, and application strategies. Theory Reform. 2024;(4):149–62.
- View Article
- Google Scholar
25. Huang Y. Research on the supervisory model of cross-border flow of non-personal data in the European Union. J Intell. 41(12):111–8.
- View Article
- Google Scholar
26. Xu Y, Wang X. Research on Security Governance of Cross-border Data Flow under the Overall National Security Concept [J/OL]. Library and Information Science: 1-11 [2023-12-06].
- View Article
- Google Scholar
27. Chen T. One-stop regulation in the EU data governance: operational mechanisms, implementation challenges, and implications. Acad Explor. 2024;01:51–63.
- View Article
- Google Scholar
28. Wei M, Zhao Y, Xia Y. The evolution of P2P lending risks: A game theoretic approach based on platforms and regulators. Manag Rev. 2021;33(03):54–65.
- View Article
- Google Scholar
29. Zhang M, et al. Risk-averse behavior and incentive policies: a new perspective on spatial–temporal traceability supervision in construction logistics supply chains. Comput Ind Eng. 2024:110256.
- View Article
- Google Scholar
30. Chang Y-C. The tripartite evolutionary game of enterprises’ green production strategy with government supervision and people participation. J Environ Manage. 2024;370:122627. pmid:39332290
- View Article
- PubMed/NCBI
- Google Scholar
31. Wang F, Yin X, Yu L. Research on dual-channel recycling strategy for information-sensitive WEEE under government regulation. Syst Eng Theory Pract. 2024;44(08):2592–604.
- View Article
- Google Scholar
32. Lei L, Guo Z. Evolutionary game analysis of social media user privacy protection based on government regulation. Digit Libr Forum. 2024;20(08):39–50.
- View Article
- Google Scholar
33. Chen X, Li F, Chen Y. Evolutionary game theory research on intelligent supervision of pharmaceuticals from the perspective of multi-subject collaboration. China Soft Sci. 2023(07):168–77.
- View Article
- Google Scholar
34. Zhu L, et al. Evolutionary game and simulation analysis of tripartite drug safety quality supervision under government reward and punishment mechanism. Chin J Manag Sci. 2021;29(11):55–67.
- View Article
- Google Scholar
35. Wang X, Liang C, Chen J. Research on outsourcing decisions of elderly care institutions under government quality supervision. China Manag Sci. 2024:1–19.
- View Article
- Google Scholar
36. Zhang Z, Wang X, Su Q. Quality supervision strategies for healthcare products considering quality ethics under the background of public health emergencies. J Syst Manag. 2024:1–31. http://kns.cnki.net/kcms/detail/31.1977.N.20240425.1158.002.html
- View Article
- Google Scholar
37. Li Q, Xiong C, Yao J. A study of the evolutionary game of carbon offset involving tourism stakeholders under incentive and constraint mechanisms. Sci Rep. 2024;14(1):14935. pmid:38942938
- View Article
- PubMed/NCBI
- Google Scholar
38. Cheng Z, Cong P, Ma L. Research on the evolution of consumer participation in express packaging recycling under different government incentive and penalty measures. Oper Res Manag. 2024;33(03):218–25.
- View Article
- Google Scholar
39. Wang H, Yan X, Zhao D. Research on automotive manufacturers’ production decisions considering consumers’ low-carbon preferences under government incentive and penalty mechanisms. Syst Eng Theory Pract. 2023;43(09):2669–84.
- View Article
- Google Scholar
40. Wang W, Qi J, Zhang M. Impact of government incentive and penalty mechanisms on WEEE recycling under tri-party evolutionary game. China Manag Sci. 2024:1–13.
- View Article
- Google Scholar
41. Zhang L, et al. Game analysis of enterprises’ replacement of emergency supplies and government’s monitoring. Syst Eng Theory Pract. 2018;38(10):2611–9.
- View Article
- Google Scholar
42. Zou K, et al. Evolutionary game analysis of information security supervision strategy in smart cities. Mod Inf. 2021;41(03):3–14.
- View Article
- Google Scholar
43. Li D, Mei X. Evolutionary game analysis of data sharing among large and medium-sized enterprises in the perspective of platform empowerment. Sci Rep. 2024;14(1):11447. pmid:38769117
- View Article
- PubMed/NCBI
- Google Scholar
44. Zhu L. Evolutionary game analysis of government data quality management in the digital economy era. Oper Res Manag Sci. 2022;31(09):21–7.
- View Article
- Google Scholar
45. Guo Y, Zou K, Liu C, Sun Y. Study on the evolutionary game of information security supervision in smart cities under different reward and punishment mechanisms. Discrete Dyn Nat Soc. 2022.1:8122630.
- View Article
- Google Scholar
46. Han P, et al. Research on the evolutionary game of blockchain-based government data sharing from the perspective of reward and punishment. J Manag Eng. 2024;38(04):122–32.
- View Article
- Google Scholar
47. Pan Q, Hua S, Shen Y. Tripartite stakeholder evolutionary game analysis on corruption under bounded rationality. Stat Decis. 2018;34(14):36–40.
- View Article
- Google Scholar
48. Eng Q, Shi X, Xu W. Power rent-seeking: governance in safety supervision system of projects based on evolutionary game model among the subjects. Chin J Manag Sci. 2015;23(S1):9–14.
- View Article
- Google Scholar
49. Blumenfeld M, Lin C-Y, Jack A, Abdurrahman UT, Gerstein T, Barkan CPL. Towards measuring national railways’ safety through a benchmarking framework of transparency and published data. Safety Science. 2023;164:106188.
- View Article
- Google Scholar
50. Yue Y, Liao J. Rent-seeking problems of agricultural industrial investment fund based on the symmetric evolutionary game. Syst Eng. 2012;30(4):45–9.
- View Article
- Google Scholar
51. Feng Q, Shi X, Xu W. Power rent-seeking governance in safety supervision system of projects based on evolutionary game model. Chin J Manag Sci. 2015;23(S1):9–14.
- View Article
- Google Scholar
52. Simon HA. A Behavioral Model of Rational Choice. The Quarterly Journal of Economics. 1955;69(1):99.
- View Article
- Google Scholar
53. Chen X, Liu M. Evolutionary game analysis of incentive mechanisms for cybersecurity compliance. Soc Sci Comput Rev. 2020;38(5):789–807.
- View Article
- Google Scholar
54. Zhou K, Wang Q, Tang J. Evolutionary game analysis of environmental pollution control under the government regulation. Sci Rep. 2022;12(1):474. pmid:35013497
- View Article
- PubMed/NCBI
- Google Scholar
55. Li W, Wang Y. Central-local dynamics in digital governance: evidence from China’s smart city initiatives. Public Adm Rev. 2022;82(4):563–78.
- View Article
- Google Scholar
56. Ritzberger K, Weibull J. Evolutionary selection in normal-form games. Econometrica. 1995;63(6):1371–99.
- View Article
- Google Scholar
57. Research Group of Guangxi Provincial Finance Department. Research on fiscal investment evaluation supporting the construction of Guangxi digital government. Rev Econ Res. 2019;20:87–99.
- View Article
- Google Scholar
58. Hunan Provincial Government. Hunan Provincial Statistical Yearbook [EB/OL]. (2024-02-07. ). http://xttj.xiangtan.gov.cn/13228/13195/13198/index.htm
- View Article
- Google Scholar
59. IBM. 2024 Data Breach Cost Report [EB/OL]. (2024-08-05. ). https://www.ibm.com/cn-zh/reports/data-breach?utm_source=chatgpt.com.2024databreachcostreport
- View Article
- Google Scholar
60. Security Reference. Report on Administrative Law Enforcement Since the Implementation of China’s Data Security Law[EB/OL]. (2023-06-17. ). https://www.secrss.com/articles/55729
- View Article
- Google Scholar
61. The Central People’s Government of the People’s Republic of China. Data Security Law of the People’s Republic of China[EB/OL]. (2021-06-11. ). https://www.gov.cn/xinwen/2021-06/11/content_5616919.htm
- View Article
- Google Scholar
62. Beijing Municipal People’s Government. Announcement on the Public Solicitation of Opinions on the “Measures for Accelerating the High-Quality Development of the Data Elements Market in Xicheng District, Beijing (Draft for Comments)” [EB/OL]. (2023-12-18. ). https://www.beijing.gov.cn/hudong/gfxwjzj/qjzjxx/202312/t202312183502957.html
- View Article
- Google Scholar
63. Zhu L, Sun S. Tripartite evolution game and simulation analysis of food quality and safety supervision under consumer feedback mechanism. J Chongqing Univ (Soc Sci Ed). 2019;25(3):94–107.
- View Article
- Google Scholar
64. Chen H, Feng Q, Cao J. Rent-seeking mechanism for safety supervision in the Chinese coal industry based on a tripartite game model. Energy Policy. 2014;72:140–5.
- View Article
- Google Scholar

[ref1] 1. The State Council of the People’s Republic of China. The 14th Five-Year Plan for Digital Economy Development [Policy Document No. 2021-78]. 2021. http://www.gov.cn/zhengce/content/2021-12/12/content_5659699.htm
View Article
Google Scholar

[2] View Article

[3] Google Scholar

[ref2] 2. General Office of the CPC Central Committee & General Office of the State Council. Overall Layout Plan for Digital China Construction [Policy Document No. 2023-12]. 2023. http://www.gov.cn/zhengce/2023-02/27/content_5743484.htm
View Article
Google Scholar

[5] View Article

[6] Google Scholar

[ref3] 3. Tian Z, Jiang C, Yue G. Analysis of digital security governance under the objectives of digital ecology: A three‐party evolutionary game approach. Complexity. 2024;2024.1:8849477.
View Article
Google Scholar

[8] View Article

[9] Google Scholar

[ref4] 4. Security Reference. Review of Major Global Data Breaches in the First Half of 2024 [EB/OL]. (2024-07-03. ). https://www.secrss.com/articles/67725?utm_source=chatgpt.com
View Article
Google Scholar

[11] View Article

[12] Google Scholar

[ref5] 5. The Wall Street Journal. Shanghai Police Database Was Exposed Online for Over a Year, Setting the Stage for Theft[EB/OL]. (2025-04-05. ). https://cn.wsj.com/articles/上海警方数据库曾在网上暴露一年多-为失窃埋下伏笔-11657176307?utm_source=chatgpt.com
View Article
Google Scholar

[14] View Article

[15] Google Scholar

[ref6] 6. Schinagl S, Shahim A, Khapova S. Paradoxical tensions in the implementation of digital security governance: toward an ambidextrous approach to governing digital security. Comput Secur. 2022;122:102903.
View Article
Google Scholar

[17] View Article

[18] Google Scholar

[ref7] 7. Data Security Market Research Report. https://www.djyanbao.com/report/detail?id=3326959&from=search_list.Datasecuritymarketresearchreport
View Article
Google Scholar

[20] View Article

[21] Google Scholar

[ref8] 8. Wen Z, Wang F, Hu F. Government regulation and corporate profit-seeking in evolutionary game theory: An analysis based on the data security regulation mechanism. Sci Technol Manag Res. 2024;44(24):169–79.
View Article
Google Scholar

[23] View Article

[24] Google Scholar

[ref9] 9. Zhao X, Li J, Li T. Research on personal information security regulation of mobile applications based on three-party evolutionary game theory. Inf Sci. 2025:1–17. Retrieved from http://kns.cnki.net/kcms/detail/22.1264.G2.20241015.1520.002.html
View Article
Google Scholar

[26] View Article

[27] Google Scholar

[ref10] 10. Guo Y, He H. The hierarchical relationship of grassroots government systems in China: from imbalance to collaboration. Comparative Econ Soc Syst. 2021;(02):90–100.
View Article
Google Scholar

[29] View Article

[30] Google Scholar

[ref11] 11. National Institute of Standards and Technology.NIST.SP.1500-1r1 big data interoperability: Framework: Volume 1,Definitions[S]. NIST. 2018.

[ref12] 12. Lopes D. Gdpr - main international implications. Eur J Priv Law Technol. 2020.
View Article
Google Scholar

[33] View Article

[34] Google Scholar

[ref13] 13. Martin S, Foulonneau M, Turki S. Open data: barriers, risks, and opportunities. In: Proceedings of the European Conference on e-Government. Varese: ACPI. 2013. 301–9.

[ref14] 14. Ma H, Xu T. Research on the construction of the evaluation system for China’s government data security policies. Lib Theory Pract. 2018;2018(01):1–4.
View Article
Google Scholar

[37] View Article

[38] Google Scholar

[ref15] 15. Shameli-Sendi A. An efficient security data-driven approach for implementing risk assessment. J Inf Secur Appl. 2020;54:102593.
View Article
Google Scholar

[40] View Article

[41] Google Scholar

[ref16] 16. Mei A, Chen Z. Concerns about data security in government data openness and their mitigation measures. J Intell. 2023;42(05):76–85.
View Article
Google Scholar

[43] View Article

[44] Google Scholar

[ref17] 17. Dai J. Research on process-based risk identification and prevention strategies for government data openness. J Intell. 2019;38(06):145–51.
View Article
Google Scholar

[46] View Article

[47] Google Scholar

[ref18] 18. Wanyan D, Song T. Security risk assessment of local government data openness platforms in China. Lib Tribune. 2022;42(2):119–28.
View Article
Google Scholar

[49] View Article

[50] Google Scholar

[ref19] 19. Chen M, He Q. Identification of key influencing factors of privacy risks in open government data. Lib Inf Serv. 2023;67(08):40–9.
View Article
Google Scholar

[52] View Article

[53] Google Scholar

[ref20] 20. Gao F, Xu S. Analysis of influencing factors of data security construction in local government data openness - based on csQCA linkage effect analysis of 21 local government cases. Lib Inf Serv. 2023;67(09):90–9.
View Article
Google Scholar

[55] View Article

[56] Google Scholar

[ref21] 21. Chen Z. Supervisory sandbox: a new solution for governance of data elements. Lib Tribune. 2023:1–10.
View Article
Google Scholar

[58] View Article

[59] Google Scholar

[ref22] 22. Zheng L. Construction of sandbox regulation for autonomous driving data security. Forum on Sci Technol China. 2023;(5)154–62.
View Article
Google Scholar

[61] View Article

[62] Google Scholar

[ref23] 23. Zhang T, et al. National data security governance in the UK: system, institutions, and implications. J Inf Resour Manag. 2022;12(06):44–57.
View Article
Google Scholar

[64] View Article

[65] Google Scholar

[ref24] 24. Xu G, Huang L. Understanding regulatory sandboxes: theoretical discussions, implementation principles, and application strategies. Theory Reform. 2024;(4):149–62.
View Article
Google Scholar

[67] View Article

[68] Google Scholar

[ref25] 25. Huang Y. Research on the supervisory model of cross-border flow of non-personal data in the European Union. J Intell. 41(12):111–8.
View Article
Google Scholar

[70] View Article

[71] Google Scholar

[ref26] 26. Xu Y, Wang X. Research on Security Governance of Cross-border Data Flow under the Overall National Security Concept [J/OL]. Library and Information Science: 1-11 [2023-12-06].
View Article
Google Scholar

[73] View Article

[74] Google Scholar

[ref27] 27. Chen T. One-stop regulation in the EU data governance: operational mechanisms, implementation challenges, and implications. Acad Explor. 2024;01:51–63.
View Article
Google Scholar

[76] View Article

[77] Google Scholar

[ref28] 28. Wei M, Zhao Y, Xia Y. The evolution of P2P lending risks: A game theoretic approach based on platforms and regulators. Manag Rev. 2021;33(03):54–65.
View Article
Google Scholar

[79] View Article

[80] Google Scholar

[ref29] 29. Zhang M, et al. Risk-averse behavior and incentive policies: a new perspective on spatial–temporal traceability supervision in construction logistics supply chains. Comput Ind Eng. 2024:110256.
View Article
Google Scholar

[82] View Article

[83] Google Scholar

[ref30] 30. Chang Y-C. The tripartite evolutionary game of enterprises’ green production strategy with government supervision and people participation. J Environ Manage. 2024;370:122627. pmid:39332290
View Article
PubMed/NCBI
Google Scholar

[85] View Article

[86] PubMed/NCBI

[87] Google Scholar

[ref31] 31. Wang F, Yin X, Yu L. Research on dual-channel recycling strategy for information-sensitive WEEE under government regulation. Syst Eng Theory Pract. 2024;44(08):2592–604.
View Article
Google Scholar

[89] View Article

[90] Google Scholar

[ref32] 32. Lei L, Guo Z. Evolutionary game analysis of social media user privacy protection based on government regulation. Digit Libr Forum. 2024;20(08):39–50.
View Article
Google Scholar

[92] View Article

[93] Google Scholar

[ref33] 33. Chen X, Li F, Chen Y. Evolutionary game theory research on intelligent supervision of pharmaceuticals from the perspective of multi-subject collaboration. China Soft Sci. 2023(07):168–77.
View Article
Google Scholar

[95] View Article

[96] Google Scholar

[ref34] 34. Zhu L, et al. Evolutionary game and simulation analysis of tripartite drug safety quality supervision under government reward and punishment mechanism. Chin J Manag Sci. 2021;29(11):55–67.
View Article
Google Scholar

[98] View Article

[99] Google Scholar

[ref35] 35. Wang X, Liang C, Chen J. Research on outsourcing decisions of elderly care institutions under government quality supervision. China Manag Sci. 2024:1–19.
View Article
Google Scholar

[101] View Article

[102] Google Scholar

[ref36] 36. Zhang Z, Wang X, Su Q. Quality supervision strategies for healthcare products considering quality ethics under the background of public health emergencies. J Syst Manag. 2024:1–31. http://kns.cnki.net/kcms/detail/31.1977.N.20240425.1158.002.html
View Article
Google Scholar

[104] View Article

[105] Google Scholar

[ref37] 37. Li Q, Xiong C, Yao J. A study of the evolutionary game of carbon offset involving tourism stakeholders under incentive and constraint mechanisms. Sci Rep. 2024;14(1):14935. pmid:38942938
View Article
PubMed/NCBI
Google Scholar

[107] View Article

[108] PubMed/NCBI

[109] Google Scholar

[ref38] 38. Cheng Z, Cong P, Ma L. Research on the evolution of consumer participation in express packaging recycling under different government incentive and penalty measures. Oper Res Manag. 2024;33(03):218–25.
View Article
Google Scholar

[111] View Article

[112] Google Scholar

[ref39] 39. Wang H, Yan X, Zhao D. Research on automotive manufacturers’ production decisions considering consumers’ low-carbon preferences under government incentive and penalty mechanisms. Syst Eng Theory Pract. 2023;43(09):2669–84.
View Article
Google Scholar

[114] View Article

[115] Google Scholar

[ref40] 40. Wang W, Qi J, Zhang M. Impact of government incentive and penalty mechanisms on WEEE recycling under tri-party evolutionary game. China Manag Sci. 2024:1–13.
View Article
Google Scholar

[117] View Article

[118] Google Scholar

[ref41] 41. Zhang L, et al. Game analysis of enterprises’ replacement of emergency supplies and government’s monitoring. Syst Eng Theory Pract. 2018;38(10):2611–9.
View Article
Google Scholar

[120] View Article

[121] Google Scholar

[ref42] 42. Zou K, et al. Evolutionary game analysis of information security supervision strategy in smart cities. Mod Inf. 2021;41(03):3–14.
View Article
Google Scholar

[123] View Article

[124] Google Scholar

[ref43] 43. Li D, Mei X. Evolutionary game analysis of data sharing among large and medium-sized enterprises in the perspective of platform empowerment. Sci Rep. 2024;14(1):11447. pmid:38769117
View Article
PubMed/NCBI
Google Scholar

[126] View Article

[127] PubMed/NCBI

[128] Google Scholar

[ref44] 44. Zhu L. Evolutionary game analysis of government data quality management in the digital economy era. Oper Res Manag Sci. 2022;31(09):21–7.
View Article
Google Scholar

[130] View Article

[131] Google Scholar

[ref45] 45. Guo Y, Zou K, Liu C, Sun Y. Study on the evolutionary game of information security supervision in smart cities under different reward and punishment mechanisms. Discrete Dyn Nat Soc. 2022.1:8122630.
View Article
Google Scholar

[133] View Article

[134] Google Scholar

[ref46] 46. Han P, et al. Research on the evolutionary game of blockchain-based government data sharing from the perspective of reward and punishment. J Manag Eng. 2024;38(04):122–32.
View Article
Google Scholar

[136] View Article

[137] Google Scholar

[ref47] 47. Pan Q, Hua S, Shen Y. Tripartite stakeholder evolutionary game analysis on corruption under bounded rationality. Stat Decis. 2018;34(14):36–40.
View Article
Google Scholar

[139] View Article

[140] Google Scholar

[ref48] 48. Eng Q, Shi X, Xu W. Power rent-seeking: governance in safety supervision system of projects based on evolutionary game model among the subjects. Chin J Manag Sci. 2015;23(S1):9–14.
View Article
Google Scholar

[142] View Article

[143] Google Scholar

[ref49] 49. Blumenfeld M, Lin C-Y, Jack A, Abdurrahman UT, Gerstein T, Barkan CPL. Towards measuring national railways’ safety through a benchmarking framework of transparency and published data. Safety Science. 2023;164:106188.
View Article
Google Scholar

[145] View Article

[146] Google Scholar

[ref50] 50. Yue Y, Liao J. Rent-seeking problems of agricultural industrial investment fund based on the symmetric evolutionary game. Syst Eng. 2012;30(4):45–9.
View Article
Google Scholar

[148] View Article

[149] Google Scholar

[ref51] 51. Feng Q, Shi X, Xu W. Power rent-seeking governance in safety supervision system of projects based on evolutionary game model. Chin J Manag Sci. 2015;23(S1):9–14.
View Article
Google Scholar

[151] View Article

[152] Google Scholar

[ref52] 52. Simon HA. A Behavioral Model of Rational Choice. The Quarterly Journal of Economics. 1955;69(1):99.
View Article
Google Scholar

[154] View Article

[155] Google Scholar

[ref53] 53. Chen X, Liu M. Evolutionary game analysis of incentive mechanisms for cybersecurity compliance. Soc Sci Comput Rev. 2020;38(5):789–807.
View Article
Google Scholar

[157] View Article

[158] Google Scholar

[ref54] 54. Zhou K, Wang Q, Tang J. Evolutionary game analysis of environmental pollution control under the government regulation. Sci Rep. 2022;12(1):474. pmid:35013497
View Article
PubMed/NCBI
Google Scholar

[160] View Article

[161] PubMed/NCBI

[162] Google Scholar

[ref55] 55. Li W, Wang Y. Central-local dynamics in digital governance: evidence from China’s smart city initiatives. Public Adm Rev. 2022;82(4):563–78.
View Article
Google Scholar

[164] View Article

[165] Google Scholar

[ref56] 56. Ritzberger K, Weibull J. Evolutionary selection in normal-form games. Econometrica. 1995;63(6):1371–99.
View Article
Google Scholar

[167] View Article

[168] Google Scholar

[ref57] 57. Research Group of Guangxi Provincial Finance Department. Research on fiscal investment evaluation supporting the construction of Guangxi digital government. Rev Econ Res. 2019;20:87–99.
View Article
Google Scholar

[170] View Article

[171] Google Scholar

[ref58] 58. Hunan Provincial Government. Hunan Provincial Statistical Yearbook [EB/OL]. (2024-02-07. ). http://xttj.xiangtan.gov.cn/13228/13195/13198/index.htm
View Article
Google Scholar

[173] View Article

[174] Google Scholar

[ref59] 59. IBM. 2024 Data Breach Cost Report [EB/OL]. (2024-08-05. ). https://www.ibm.com/cn-zh/reports/data-breach?utm_source=chatgpt.com.2024databreachcostreport
View Article
Google Scholar

[176] View Article

[177] Google Scholar

[ref60] 60. Security Reference. Report on Administrative Law Enforcement Since the Implementation of China’s Data Security Law[EB/OL]. (2023-06-17. ). https://www.secrss.com/articles/55729
View Article
Google Scholar

[179] View Article

[180] Google Scholar

[ref61] 61. The Central People’s Government of the People’s Republic of China. Data Security Law of the People’s Republic of China[EB/OL]. (2021-06-11. ). https://www.gov.cn/xinwen/2021-06/11/content_5616919.htm
View Article
Google Scholar

[182] View Article

[183] Google Scholar

[ref62] 62. Beijing Municipal People’s Government. Announcement on the Public Solicitation of Opinions on the “Measures for Accelerating the High-Quality Development of the Data Elements Market in Xicheng District, Beijing (Draft for Comments)” [EB/OL]. (2023-12-18. ). https://www.beijing.gov.cn/hudong/gfxwjzj/qjzjxx/202312/t202312183502957.html
View Article
Google Scholar

[185] View Article

[186] Google Scholar

[ref63] 63. Zhu L, Sun S. Tripartite evolution game and simulation analysis of food quality and safety supervision under consumer feedback mechanism. J Chongqing Univ (Soc Sci Ed). 2019;25(3):94–107.
View Article
Google Scholar

[188] View Article

[189] Google Scholar

[ref64] 64. Chen H, Feng Q, Cao J. Rent-seeking mechanism for safety supervision in the Chinese coal industry based on a tripartite game model. Energy Policy. 2014;72:140–5.
View Article
Google Scholar

[191] View Article

[192] Google Scholar

Figures

Abstract

Introduction

Background

Evolutionary game model

Problem statement.

Model assumptions

Model construction.

Replication dynamic equation

Strategic stability analysis of GRG.

Strategic stability analysis of stability analysis of TPR.

Strategic stability analysis of LG.

Stability analysis

Simulation experiments

Setting initial values.

Results

a. The effect of GRG raw benefits and TPR costs on the evolutionary game process

Discussion

Conclusions

Supporting information

Acknowledgments

References