Instrumental strategies and symbolic legitimacy: analyzing government information disclosure security policies in China

Ling Chen; Lianjian Deng

doi:10.1371/journal.pone.0327848

Abstract

This study explores how the Chinese government manages the trade-off between transparency and national security through the design of government information disclosure (GID) security policies. Based on a qualitative analysis of 259 policy documents issued at central, provincial, and prefectural levels between 2007 and 2024, we construct a two-dimensional framework that integrates policy instrument types (supply, environmental, demand) with policy content stages (readiness, implementation, impact). The findings reveal an overreliance on environmental-type instruments—especially during implementation—and underuse of demand-oriented tools that support public participation and accountability. Through the lens of Governmental Power Marketing (GPM), we interpret this instrument selection not only as a technical response but as a symbolic strategy to project institutional competence and legitimacy. This study contributes to digital governance literature by linking content analysis with political communication theory, offering both an analytical framework and comparative insights applicable to other regimes facing similar transparency-security dilemmas.

Citation: Chen L, Deng L (2025) Instrumental strategies and symbolic legitimacy: analyzing government information disclosure security policies in China. PLoS One 20(7): e0327848. https://doi.org/10.1371/journal.pone.0327848

Editor: Karthikeyan Thiyagarajan, Borlaug Institute for South Asia-CIMMYT, INDIA

Received: October 15, 2024; Accepted: June 23, 2025; Published: July 9, 2025

Copyright: © 2025 Chen, Deng. This is an open access article distributed under the terms of the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.

Data Availability: All relevant data are within the manuscrip.

Funding: As the project leader for the study funded by the "Ministry of Education, Humanities and Social Science projects (24YJC810001)," I confirm that the funders had no role in study design, data collection and analysis, decision to publish, or preparation of the manuscript.

Competing interests: The authors have declared that no competing interests exist.

Abbreviations: GID, Government information disclosure; GPM, Governmental power marketing

1. Introduction

In the era of digital governance, governments worldwide face a fundamental tension [1]: how to ensure transparency through government information disclosure (GID) while safeguarding national security. GID enhances administrative accountability, promotes citizen engagement, and builds public trust. Yet, if mismanaged, it risks exposing sensitive state secrets, violating personal privacy, and undermining institutional legitimacy. The challenge lies not merely in striking a technical balance between openness and protection but in shaping a governance narrative that maintains public confidence while exercising control. Scholars have primarily conceptualized this tension through two theoretical lenses: the contradiction thesis, which frames transparency and security as inherently conflicting goals [2], and the balance thesis, which sees them as dynamically negotiated based on political and institutional contexts [3,4]. While these perspectives are valuable, they often treat policy instruments as neutral administrative instruments, failing to consider how such instruments also function symbolically—shaping public narratives about state authority and competence.

To address this gap, we propose a dual-level analytical approach that integrates both functional and symbolic roles of policy instruments. Drawing on Rothwell and Zegveld’s [5] typology of policy instruments—supply-side, demand-side, and environmental—we examine how different types of instruments are deployed across various stages of policy implementation: readiness, implementation, and impact. At the same time, we apply the concept of Governmental Power Marketing (GPM) [6,7] to highlight how these instruments also serve communicative purposes. That is, beyond solving administrative problems, policies construct legitimacy and project state competence, especially in environments where participatory mechanisms are limited. China provides a compelling case for such inquiry. Since the enactment of the Regulations on Open Government Information in 2007, GID has become a formalized component of public administration. However, China’s digital governance trajectory has been accompanied by growing concerns over data breaches, surveillance, and opaque classification systems. China’s expansive data infrastructure and centralized governance model offer a rich empirical foundation to examine how a state-centric regime navigates the complex nexus between information security and openness—through both administrative mechanisms and symbolic framing. According to Verizon’s 2024 Data Breach Investigations Report, there were 30,458 security incidents and 10,626 confirmed breaches globally, affecting 94 countries. Government institutions accounted for a significant proportion of these breaches, highlighting the rising threat environment for state-level data governance [8]. These figures underscore the urgency for governments—particularly those managing massive public datasets like China—to design disclosure policies that are not only technically robust but also symbolically reassuring to the public.

While traditional models of policy governance emphasize compliance, control, and measurable outputs, this study introduces the GPM perspective to reveal how policy instruments also function discursively [9]. GPM complements existing frameworks—such as new public management, performance management, and socio-technical systems theory—by foregrounding the symbolic and communicative roles of instruments in shaping state legitimacy. This is particularly relevant in non-democratic contexts, where deliberative mechanisms are limited and legitimacy must be constructed through narrative and institutional branding.

Building on this theoretical departure, this study contributes to the field of digital governance and information policy in three key ways: (1) It introduces a two-dimensional analytical framework that combines policy instrument typology with implementation stages, allowing for systematic content analysis across 259 policy documents. (2) It expands the scope of GID research by incorporating the GPM framework, interpreting policy instruments not just as functional interventions but as discursive mechanisms for building legitimacy and projecting control. (3) It provides an empirically grounded mapping of China’s policy landscape, revealing strategic preferences and structural imbalances in the design and timing of GID security instruments. Based on this framing, we address the following research questions: (1) What types of policy instruments are employed in China’s GID security policies? (2) How are these instruments distributed across different stages of policy development (readiness, implementation, impact)? (3) What do these patterns reveal about the symbolic and strategic logics underlying the state’s approach to information governance? The remainder of this paper is structured as follows. Section 2 reviews existing literature on the relationship between information disclosure and security. Section 3 outlines the data sources and analytical methods. Section 4 presents empirical findings from NVivo-assisted coding of policy documents. Section 5 interprets the results through the dual lens of functional analysis and GPM theory. Section 6 concludes with implications for comparative policy research and future studies.

2. Literature review

Recent scholarship on government information disclosure (GID) and its associated security risks has expanded significantly, particularly in the context of digital governance. The existing literature can be grouped into three main strands: (1) theoretical perspectives on the relationship between openness and security; (2) identification and classification of GID-related risks; and (3) strategies for managing these risks through policy interventions.

2.1. Theoretical perspectives: openness and security as governance tension

The relationship between transparency and security is commonly framed through two dominant lenses. The contradiction thesis sees these goals as inherently conflicting: greater openness increases vulnerability to national security breaches, data misuse, and privacy violations [2,10,11]. Conversely, the balance thesis argues that transparency and secrecy are not binary opposites but must be continuously recalibrated based on institutional, political, and technological contexts [3,4]. While both perspectives help identify the inherent tension in GID practices, they largely treat policy instruments as neutral administrative mechanisms, failing to recognize how such instruments also operate discursively to construct legitimacy, authority, and state narrative. This is particularly important in non-democratic contexts, where policy discourse serves as a substitute for participatory legitimacy.

2.2. Security risks in GID: macro and micro dimensions

A second body of research has focused on mapping risks arising from government data disclosure. At the macro level, scholars highlight how foreign entities may exploit open data for intelligence gathering and geopolitical leverage [12,13]. At the micro level, risks such as identity theft, unauthorized surveillance, and algorithmic profiling are well documented [14,15]. These studies emphasize that risks emerge across the data lifecycle, from data generation to sharing and reuse. This strand of literature has laid a strong empirical foundation, but it remains largely descriptive and lacks integration with instrument-based policy analysis frameworks. Few studies examine how specific instruments are applied to mitigate particular risks or how their deployment reflects institutional intent.

2.3. Governance strategies: legal, institutional, and technological instruments

The third stream addresses governance responses to GID risks. Scholars propose legal measures (e.g., data classification laws, compliance protocols), institutional reforms (e.g., data stewardship roles, oversight bodies), and technological safeguards (e.g., encryption, access control systems) [16–18]. Other studies emphasize the importance of personnel strategies, such as training programs and ethical audits, to reduce internal threats. However, these studies often present instruments in isolation, without accounting for their temporal deployment across the policy lifecycle (e.g., whether applied in the readiness, implementation, or impact stage). Moreover, few have addressed how instruments function not only to regulate practice but also to project state legitimacy in contexts where information control is politically sensitive.

Despite the depth of prior work, two critical gaps remain. First, there is no systematic account of how policy instruments are distributed across stages of GID governance—readiness, implementation, and impact—and how different types of instruments (supply, environmental, demand) are strategically emphasized. Second, there is insufficient attention to the symbolic function of policy instruments: how they contribute to state narratives of control, stability, and competence, especially in regimes with limited participatory mechanisms. This study addresses these gaps through a two-dimensional analytical framework that maps policy instruments by type and stage, and interprets their use through the lens of GPM. By combining empirical coding with theoretical insight, we aim to reveal not only how GID security is structured but also how it is performed through administrative discourse.

3. Research design and method

This section outlines the research design used to analyze GID security policies in China. It covers the data sources, sampling strategy, coding procedures, and the construction of our two-dimensional analytical framework based on grounded theory and qualitative content analysis.

3.1. Data sources and sample criteria

Our dataset consists of 259 Chinese policy documents issued between April 2007 and May 2024. This time span begins with the enforcement of the Regulations on Open Government Information (2007), marking the formalization of GID practices in China, and extends to recent digital governance regulations. Documents were collected from the authoritative PKULaw database using a combination of keywords (e.g., “government information,” “data sharing,” “confidentiality,” “security”). The following inclusion criteria were applied: (1) Issuing authority: documents must be issued by central government agencies, provincial governments, or key municipal authorities; (2) Topical relevance: documents must include provisions explicitly addressing GID or government-held data with reference to security, confidentiality, or data protection; (3) Document type: only legally binding or quasi-normative documents were selected, such as laws, regulations, measures, guidelines, and notifications. These criteria ensured a purposeful yet exhaustive sample, including policies from multiple levels of government and sectors. A full list of selected documents is available in the supplementary material. Table 1 presents a representative subset to illustrate variation in level, format, and issuing body. While the sample of 259 documents provides comprehensive coverage over a 17-year period, future studies may expand the dataset to include additional regulatory levels or grey literature sources. A larger sample may enhance comparative depth but is unlikely to alter the central patterns observed, given the thematic saturation reached in the current corpus.

Download:

Table 1. Excerpted sample of GID security policies (2007–2024).

https://doi.org/10.1371/journal.pone.0327848.t001

From Table 1, which presents a representative subset of policy documents, it is evident that the Chinese government has not issued a specific policy solely focused on the security of information disclosure. Instead, relevant provisions are dispersed across a broad array of regulations on open data, digital government, big data strategies, and administrative information management. To address this fragmentation and sharpen the analytical focus, we systematically extracted and coded only those textual components explicitly related to information security from each policy document. This ensures analytical consistency and allows us to concentrate on the instrumental logic behind GID-related security governance, offering insights relevant to both China and broader international comparisons.

3.2. Coding process and analytical framework

We adopted a grounded theory–informed content analysis approach, which is well-suited for exploratory policy research in under-theorized domains such as GID security [19–21]. All documents were analyzed using NVivo qualitative software. The coding process followed a three-stage structure: (1) Open coding: relevant textual segments were labeled based on emergent themes related to information protection, risk control, classification, stakeholder involvement, etc. (2)Axial coding: these codes were then grouped into higher-order categories representing: a. policy instrument types: supply, environmental, demand [5]; b. policy content stages: readiness, implementation, impact [22]. (3) Selective coding: key thematic clusters were refined to interpret how instruments are used strategically—both functionally and symbolically—across the policy cycle. This process yielded a two-dimensional framework that allows mapping the deployment of policy instruments over time and across functional categories (see Fig 1).

Download:

Fig 1. Technical pathway of the study.

https://doi.org/10.1371/journal.pone.0327848.g001

This diagram illustrates the sequential analytical stages: Open Coding (initial concept generation), Axial Coding (dimension clustering and cross-linking into X-Y dimensions), and Selective Coding (thematic synthesis with GPM framing for symbolic interpretation)..

3.3. Inter-coder reliability and coding validity

To ensure the reliability and consistency of the coding process, two independent researchers were trained in advance and followed a shared codebook. The codebook contained operational definitions for each instrument type and policy stage, along with sample phrases and policy excerpts (see Table 2). A 20% sample of the dataset was double-coded, and inter-coder reliability was assessed using Cohen’s Kappa coefficient—a robust statistical measure for categorical agreement. The resulting Kappa score of 0.90 indicates excellent consistency, far exceeding the threshold for acceptable reliability. In addition, repeated coding of the same data at different time points confirmed coding stability and reduced subjectivity. Coding was conducted over four iterative rounds to ensure thematic saturation, with discrepancies resolved through discussion and refinement of definitions. These procedures confirm the clarity and replicability of the analytical framework.

Download:

Table 2. Example coding of policy documents by instrument type and policy stage.

https://doi.org/10.1371/journal.pone.0327848.t002

Discrepancies were resolved through discussion and refinement of code definitions. This research design is appropriate for several reasons. (1) The grounded theory orientation allows for inductive insight generation while avoiding premature theoretical imposition. (2) The two-dimensional coding framework enables us to track both structural patterns (what types of instruments are used) and temporal logic (when instruments are deployed). (3) The integration of both administrative functions and symbolic narratives provides a more holistic understanding of policy intent, particularly in non-participatory governance contexts. This methodology not only facilitates descriptive mapping but also supports interpretive insights into how GID security policies function as both regulatory mechanisms and legitimacy-building devices.

4. Content analysis of GID security policies

Ensuring the security of Government Information Disclosure (GID) requires a thorough understanding of the policy ecosystem that governs its implementation. This section offers an in-depth analysis of the structure, release patterns, thematic focus, and instrumental design of 259 GID security policies in China. Drawing on grounded theory and supported by NVivo-based qualitative coding, we examine how these policies operationalize key dimensions of readiness, implementation, and impact.

4.1. Overview of GID security policy development

4.1.1. Policy release timing.

Fig 2 illustrates the frequency of policy issuance over time, showing three notable peaks that align with key national policy developments. Notable peaks occurred in 2008, 2021, and 2022. The 2008 surge followed the State Council’s implementation of the Open Government Information Regulations (2007), while the later peaks correspond to the enactment of the Data Security Law (2021) and the emergence of national digital governance strategies. These waves reflect institutional responses to regulatory milestones and broader socio-technological shifts.

Download:

Fig 2. Distribution chart of policy text releases since 2007.

https://doi.org/10.1371/journal.pone.0327848.g002

The chart shows three peaks corresponding to national regulatory milestones: the implementation of the Open Government Information Regulations (2007), the Data Security Law (2021), and the rise of digital governance strategies (2022).

4.1.2. Policy types and legal authority.

As shown in Fig 3, the majority of documents are top-down notifications (52.6%), followed by laws (16.6%) and regulations (13.1%). Notifications serve as executive directives, often containing specific assignments and compliance deadlines. For instance, the 2010 State Council Notification on Confidentiality Review illustrates hierarchical enforcement but lacks corresponding enforcement mechanisms. By contrast, local regulations—such as Guiyang’s Government Data Sharing Ordinance—define procedural safeguards, including emergency protocols and classification mechanisms.

Download:

Fig 3. Distribution of policy document types (n = 259).

https://doi.org/10.1371/journal.pone.0327848.g003

Notifications make up the majority of documents, followed by laws and regulations. This distribution reflects a preference for top-down directives over institutionalized legal mechanisms.

4.1.3. Thematic emphases and lexical priorities.

To identify the thematic orientation of GID security policies, we employed NVivo’s word frequency and co-occurrence analysis. The five most frequently occurring terms—”security,” “government information,” “confidentiality,” “state,” and “management”—suggest that policy discourse is dominated by concerns related to institutional protection and national risk containment. For instance, the Data Security Law (2021) contains over 40 mentions of “security” but refers to “openness” fewer than five times, highlighting a prioritization of regulatory control over public transparency. Fig 4 presents the matrix tree of term co-occurrence, which visualizes these lexical patterns and demonstrates how frequently security-related concepts cluster in GID security texts. These insights informed the subsequent axial and selective coding phases, allowing us to group policy content into broader thematic categories reflecting governance intent, enforcement orientation, and the degree of institutional openness.

Download:

Fig 4. Matrix tree diagram of high-frequency terms in GID security policies.

https://doi.org/10.1371/journal.pone.0327848.g004

The diagram visualizes co-occurring lexical clusters, showing that terms related to “security” and “confidentiality” dominate the discourse. These term groupings reveal the institutional logic underlying national risk containment and inform the thematic coding structure used in this study.

4.2. Coding and thematic structure of policy content

4.2.1. Text coding and analytical approach.

This study adopts grounded theory as its core analytical framework, suitable for exploring under-theorized domains such as GID security. Grounded theory supports inductive category development through close engagement with empirical material [21], enabling the emergence of patterns without imposing pre-existing theoretical lenses. The coding proceeded through three stages: open coding (labeling key textual elements), axial coding (clustering sub-nodes into two overarching dimensions—policy instrument types and content stages; see Table 3), and selective coding (identifying core themes such as legitimacy and institutional control). Two trained researchers independently applied the coding scheme, and high inter-coder reliability was achieved (Cohen’s Kappa = 0.90; see Section 3.3), confirming the consistency and replicability of the framework.

Download:

Table 3. Representative policy texts and coding dimensions.

https://doi.org/10.1371/journal.pone.0327848.t003

4.2.2. X dimension: policy instrument types.

We adopted Rothwell and Zegveld’s [5] tripartite classification of policy instruments—supply-type, environmental-type, and demand-type—due to its adaptability across sectors and clarity in delineating governmental action. This framework captures not only tangible support (supply) but also regulatory context (environmental) and stakeholder interaction (demand). A total of 1,749 coding references were analyzed (see Table 4). Environmental-type instruments accounted for the largest share (44.5%), including security standards, classified systems, and legislative mandates. These instruments reflect the government’s emphasis on legal authority and institutional order. Supply-type instruments (36.1%) focused on personnel training, infrastructure, and technical systems, highlighting internal capacity building. Demand-type instruments (19.3%)—such as stakeholder engagement and international cooperation—were comparatively rare, revealing limited emphasis on participatory governance. This distribution underscores a top-down model of policy implementation, where government agencies emphasize structural controls and capacity enhancement over public involvement or external accountability mechanisms.

Download:

Table 4. Total proportion of policy instrument category reference points.

https://doi.org/10.1371/journal.pone.0327848.t004

4.2.3. Y dimension: policy content stages.

The Y dimension categorizes policy content by its functional stage: readiness, implementation, and impact. This framework draws from international models, such as the Open Data Maturity Model [22], to assess the developmental logic of public information policies. Implementation-related content dominated (62.6%), with heavy emphasis on legal mandates, technical standards, and classification protocols (see Table 5). These highlight China’s regulatory orientation and preference for standardized execution. Readiness content (25.1%) focused on foundational support, including talent cultivation and risk assessment. Impact-related content was minimal (12.2%), mainly involving social participation and cross-level coordination. This stage-based analysis shows that while structural readiness and operational deployment are well supported, long-term outcome monitoring and participatory mechanisms remain underdeveloped.

Download:

Table 5. Content Dimension Analysis by Reference Point and Policy Focus.

https://doi.org/10.1371/journal.pone.0327848.t005

4.2.4. X-Y interaction: instrument deployment by policy stage.

To further analyze the relationship between policy instrument types and the different stages of GID security content, we construct a cross-dimensional analytical model combining the X dimension (policy instrument types) and Y dimension (content stages), based on Tables 6 and 7. Fig 5 below illustrates this cross-dimensional framework, which visualizes how specific instruments cluster within different stages of policy development and implementation. The matrix reveals a distinct asymmetry: supply-type instruments are primarily concentrated in the readiness stage, environmental instruments overwhelmingly dominate the implementation stage, while demand-type instruments appear almost exclusively in the impact stage. This distribution highlights a sequential logic in which capacity-building precedes regulatory enforcement, and participatory mechanisms are deferred until outcome evaluation. Such a pattern reflects a governance approach that privileges control and preparation over stakeholder engagement, especially during the earlier phases of policy execution. Table 6 provides detailed counts of instrument-stage intersections, while Table 7 presents percentage distributions within each stage. Together, they demonstrate that although demand-type instruments account for only 19.3% overall, they constitute 67.7% of all tools used in the impact stage. Conversely, environmental tools represent 88% of the implementation-stage instruments. These figures underscore a critical temporal mismatch: participatory logic is activated too late in the policy process to meaningfully influence design or implementation, thus limiting adaptability and civic accountability.

Download:

Table 6. X.Y dimension analysis table.

https://doi.org/10.1371/journal.pone.0327848.t006

Download:

Table 7. Content dimension instrument scale distribution table.

https://doi.org/10.1371/journal.pone.0327848.t007

Download:

Fig 5. Two-dimensional framework of policy instruments and content stages.

https://doi.org/10.1371/journal.pone.0327848.g005

The framework maps policy instruments across readiness, implementation, and impact stages, highlighting how supply-type and environmental-type tools dominate early and middle phases. This configuration reflects a governance strategy focused on internal control and regulatory compliance over participatory engagement or long-term outcomes.

The X dimension represents three major categories of policy instruments: supply-type, environmental-type, and demand-type, following the classification of Rothwell and Zegveld. The Y dimension is constructed according to the GID security content stages—readiness, implementation, and impact—informed by frameworks such as the World Wide Web Foundation’s open data maturity model.

(1) Readiness stage. In the readiness stage, supply-type instruments dominate, accounting for 56.6% of all instruments. These include talent training programs, infrastructure construction, and public awareness initiatives. Environmental instruments (39.2%) such as preliminary regulatory frameworks and risk assessments play a secondary role. Demand-type instruments appear infrequently (4.2%), which suggests limited attention to user feedback, public demand, or participatory co-design in early-stage policy formation. This reveals a clear priority: building internal capacity through top-down control before implementation. While such an approach ensures technical preparedness, the lack of demand-side engagement may hinder the formation of broad-based consensus or civil society readiness, especially for policies that require active public cooperation or behavioral change.
(2) Implementation stage. The implementation stage exhibits a clear dominance of environmental-type instruments, which constitute 88.0% of all instruments at this stage. Laws, security standards, and classification mechanisms are extensively applied, reflecting the government’s preference for rule-based and hierarchical enforcement mechanisms. Supply-type instruments account for only 8.6%, while demand-type instruments are marginal (3.4%). This pattern underscores a regulatory governance model, where implementation relies more on external mandates than internal resource development or public mobilization. While environmental instruments ensure consistency and legal certainty, the minimal use of demand-type instruments limits dynamic feedback loops and potential for adaptive governance, especially in complex and rapidly evolving digital environments.
(3) Impact stage. In contrast, the impact stage is characterized by the predominant use of demand-type instruments (67.7%), including social participation, cross-level cooperation, and international exchange. Supply instruments (12.4%) and environmental instruments (19.9%) are used less frequently. This inversion reflects a shift from directive to participatory governance. However, the sharp stage-specific divergence—where participatory instruments are mostly applied post-facto rather than during readiness or implementation—raises concerns about the temporal disconnect between input and feedback mechanisms. Moreover, the relatively low proportion of “objectives” and “government operations” coding nodes suggests that the real-world systemic impact of these participatory measures remains limited.

Overall, the X–Y dimension cross-analysis reveals a structural asymmetry in the current GID security governance model in China: preference for environmental and supply-based instruments in early stages, and a deferred reliance on demand-side instruments in the impact stage. To strengthen systemic resilience, it is essential to introduce more participatory and feedback-oriented instruments during readiness and implementation stages, fostering a more inclusive and adaptive security governance framework.

4.2.5. Integrative synthesis: strategic emphasis across dimensions.

To synthesize the cross-tabulated findings, Fig 6 offers a conceptual visualization of how policy instruments align with different governance logics across the three policy stages. Rather than presenting new data, this figure integrates the empirical patterns from Tables 6 and 7 into an interpretive model that reveals deeper asymmetries in China’s GID policy architecture. Fig 6 illustrates that the distribution of policy instruments across the readiness, implementation, and impact stages is both structurally asymmetrical and functionally differentiated—driven respectively by rationales of capacity-building, hierarchical control, and symbolic legitimacy.

Download:

Fig 6. Three main factors influencing GID security policies.

https://doi.org/10.1371/journal.pone.0327848.g006

This conceptual model integrates findings from Tables 6 and 7, showing how policy instruments reflect distinct governance logics at each policy stage: capacity-building in readiness, hierarchical control in implementation, and symbolic legitimacy in impact. The diagram reveals structural and functional asymmetries across the policy cycle.

During the readiness stage, supply-type instruments such as infrastructure development, personnel training, and technical standards serve as foundational enablers. These instruments reflect the state’s effort to ensure capacity-building before advancing disclosure reforms. However, demand-driven instruments—such as public awareness campaigns or civil society engagement—are notably underused, representing a missed opportunity for early-stage societal buy-in.

In the implementation stage, environmental instruments—particularly laws, security standards, and mandatory classifications—dominate. This pattern reflects China’s reliance on hierarchical control mechanisms. While efficient, this top-down model lacks horizontal coordination, reducing flexibility.

The impact stage displays a sharp inversion. Here, demand-side instruments such as social participation and cross-level cooperation take precedence. This suggests the state’s delayed recognition of legitimacy and stakeholder inclusion. Nevertheless, the infrequent use of supply-oriented incentives—such as funding or technological reinforcement—undermines the sustainability of such participatory initiatives.

This synthesis confirms a structural imbalance: China’s GID security regime relies heavily on environmental instruments during critical execution stages but underuses demand-driven logic during agenda-setting and feedback loops. Such imbalance may impede dynamic adaptation, particularly in times of security crisis or technological disruption.

This observed imbalance calls for further scrutiny of the analytical robustness behind these conclusions. These findings demonstrate that the distribution of policy instruments across the readiness, implementation, and impact stages is both structurally asymmetrical and functionally differentiated—driven respectively by rationales of capacity-building, hierarchical control, and symbolic legitimacy. Importantly, this analysis is grounded in a rigorously validated coding process. As noted in Section 3.3, the classification scheme was developed through iterative refinement, and its reliability was confirmed by a high inter-coder agreement score (Cohen’s Kappa = 0.90). Repeated coding rounds and temporal stability checks further reinforce the analytical robustness of our framework.

5. Discussion

5.1. Theoretical enrichment: GPM and symbolic legitimacy

To go beyond a descriptive coding of instruments, this section applies the theoretical lens of GPM to interpret not only what instruments are used but how they are deployed symbolically to reinforce state legitimacy in China’s information disclosure security governance. Originally developed by Kotler and Lee [6] in the field of public sector communication and adapted by Peattie et al [7] for social marketing in governance, GPM recognizes that modern governments must actively shape public narratives, especially when dealing with high-risk, high-complexity domains like data governance [9]. In this context, environmental-type instruments (e.g., laws, classified systems, standards) do more than enforce policy—they project competence, control, and institutional strength.

In our study, this symbolic function is evident in the keyword frequency results (see Fig 3). Terms like “security” “state” “management”, and “confidentiality” are among the most frequently coded. Their recurrence not only reveals lexical emphasis, but also frames an official narrative in which the state is portrayed as the sole legitimate guardian of data security. Through this framing, GID policy instruments become instruments of reassurance, signaling order and safety to citizens in the face of technological complexity. Such symbolic projection aligns with broader observations that data-driven governance tools are increasingly used to signal state responsiveness and modernity, rather than to foster genuine participatory mechanisms [23]. This symbolic function reflects the essence of GPM’s concept of state brand positioning: the Chinese government brands itself as a technocratic protector capable of balancing openness with control. This is particularly important in a regime where participatory mechanisms are limited—legitimacy must be communicated through visual and textual cues, not deliberative processes. We argue that GPM theory helps explain why China’s GID security policies are dominated by environmental instruments: not just because of their regulatory utility, but because they play a role in narrative production. These policies also tell a story: one of state authority and institutional reliability. As such, the instruments are not neutral—they are embedded in a broader project of symbolic governance. This theoretical framing is used solely for analytical purposes and should not be read as an endorsement or justification of any particular governance practice.

This perspective bridges technical policy analysis with political communication theory by showing that environmental instruments serve not only regulatory functions but also ideological roles. They act as “double agents” in the governance process—tools of both control and narrative construction. In contrast to performance-based or technocratic governance models, GPM highlights the semiotic dimension of policymaking, where instruments serve not just as regulatory levers but as narrative tools for framing the state’s role and authority. While GPM provides a unique lens emphasizing symbolic communication, it also departs from mainstream governance paradigms. Unlike New Public Management (NPM), which prioritizes efficiency, decentralization, and market mechanisms, or digital state models that emphasize infrastructure and technical capacity, GPM focuses on state image and message control. It also contrasts with open data ecosystem frameworks that encourage civic co-creation and cross-sector innovation. Instead, GPM conceptualizes policy instruments as vehicles for narrative positioning—especially in regimes where legitimacy is projected through control rather than negotiated through public participation. This contrast underscores the interpretive value of GPM in analyzing how authoritarian governments construct institutional legitimacy.

5.2. Strategic instrument biases and governance blind spots

Our two-dimensional analysis reveals not only patterns of usage but also structural biases in China’s GID security policy architecture. These biases reflect long-standing tendencies in Chinese governance: a preference for ex ante control through standardization, and a relative neglect of instruments that support feedback, responsiveness, and pluralistic oversight.

First, readiness-stage instruments are dominated by supply-type instruments (e.g., infrastructure, training), while implementation relies overwhelmingly on environmental-type instruments (e.g., laws, classifications). Yet, demand-side instruments (e.g., social participation, cross-level cooperation, international benchmarking) are scarcely used across all stages. This reveals a policy system designed to control disclosure environments but not to interact with policy users [1,24]. For example, while nearly all provinces have published formal guidelines or regulations, very few provide mechanisms for citizens or organizations to report data risks, appeal disclosure decisions, or participate in oversight. As Bannister and Connolly [25] argue, e-government reforms often promise openness but deliver symbolic compliance, offering visibility without meaningful accountability. The “public education and awareness” node in the readiness stage was among the lowest coded in our NVivo results (only 1.24%, see Table 6), suggesting that civil society is conceptualized as a passive beneficiary, not an active partner. This finding is consistent with broader international studies, which suggest that government decisions to open or restrict data are often shaped more by institutional and political calculations than by normative commitments to transparency [26].

Second, in implementation, the heavily coded “classification and graded systems” node reflects a risk-averse logic: the government seeks to prevent breaches by organizing data into pre-assigned categories of sensitivity. However, this approach—while helpful—can also reproduce opacity, particularly when such classifications are not accompanied by transparent criteria or review mechanisms. It leaves implementers considerable discretion and opens the door to bureaucratic over-cautiousness, undermining the goal of transparency [27]. This structural imbalance also reflects a blind spot in governance capacity. Supply- and environment-oriented instruments are good for setup and control, but poor at long-term adaptation, particularly in dynamic digital ecosystems. Lacking audits and feedback loops, the system struggles to adapt dynamically. This reflects a missing alignment among the technological infrastructure, institutional coordination, and civic capacity—three foundational pillars of smart governance systems as conceptualized by Nam and Pardo [28].

Finally, many of the most ambitious GID policies exist only at the “guideline” or “plan” level, without local operationalization or enforcement. This highlights a form of policy simulation—where rules exist symbolically but not practically. Such gaps mirror broader challenges in Chinese policy implementation, where central mandates often face local resistance or selective enforcement [29]. By incorporating more interactive, bottom-up instruments, policymakers could improve responsiveness and move toward evidence-informed adaptability.

In sum, China’s GID security policies are characterized by a vertical logic of control rather than a circular logic of feedback. Rectifying this requires rebalancing the policy instrument structure toward greater engagement and accountability.

5.3. International relevance: regime differences and comparative implications

While our study focuses on China, the findings offer insights with broader relevance for comparative governance research [30–32]. The balance between national security and public transparency is a common challenge across regimes. According to the Campbell Public Affairs Institute [33], open government reforms must safeguard state interests while fostering legitimacy—a tension that is particularly salient in centralized systems like China, where narratives of control and competence often substitute for participatory accountability. Even within China, readiness for open data varies significantly. Zhao and Fan [34] show that local governments differ in technical and institutional capacity, which complicates policy enforcement and national standardization. This internal diversity reinforces the importance of context-sensitive policy design and highlights the utility of our analytical framework for cross-regime comparisons.

In liberal democracies, GID security is typically pursued through mechanisms like Freedom of Information Acts (FOIAs), independent data commissioners, public audits, and ex post review systems. These systems emphasize transparency as a default, constrained only by specific exemptions for security or privacy. In such settings, demand-oriented instruments—such as stakeholder consultations, external audits, and public appeals—are integral to the design. By contrast, in authoritarian or state-led regimes, the default position is often reversed: information is restricted unless cleared for release. In these contexts, environmental instruments—especially laws, security standards, and pre-clearance protocols—are favored. China’s strong emphasis on classification and standards, as our study shows, is consistent with this logic. This contrast is not merely procedural but ideological. In democratic settings, legitimacy is co-produced through negotiation and responsiveness [12,35]; in authoritarian systems, legitimacy is projected through competence, order, and control narratives. Thus, our framework—combining content dimension (readiness, implementation, impact) with instrument type—can be applied to map how different regimes construct legitimacy through GID policy instruments.

Future research could apply our two-dimensional matrix across countries to analyze instrument clustering in various governance settings. For example: (1) How do instruments shift during crises (e.g., COVID-19 data transparency)? (2) How do international frameworks (e.g., GDPR, UN open data standards) influence local instrument selection? (3) Are there “hybrid regimes” that blend both participatory and symbolic instruments? Our study thus opens space for cross-national learning, showing how even in centralized regimes like China, instrument choice reflects deeper state narratives, and how future reforms may require rebalancing instrumental portfolios to enhance resilience, trust, and adaptability. Beyond China, our two-dimensional framework offers a diagnostic tool for identifying asymmetries in information governance across regime types. Future applications could compare how digital states like Estonia or hybrid regimes like Singapore balance security imperatives with public participation through varying configurations of policy instruments. We acknowledge that such cross-regime comparisons are heuristic and necessarily simplify intricate political realities. Future work should further contextualize these patterns within country-specific dynamics.

6. Conclusions and future research

This study explored how the Chinese government addresses the tension between transparency and national security in the field of government information disclosure (GID). By analyzing 259 policies using a two-dimensional framework—policy instruments (supply, environmental, demand) and policy stages (readiness, implementation, impact)—we identified clear patterns and limitations in current practices. The main findings are: (1) An overreliance on environmental instruments, especially during the implementation stage, which underscores a regulatory and preventive mindset; (2) A lack of demand-side instruments, revealing limited engagement with feedback loops, user participation, or international exchange; (3) An underdeveloped emphasis on the impact dimension, particularly regarding performance evaluation, cross-sector coordination, and public accountability. To address these issues, we propose: (1) Strengthening legal clarity through targeted legislation focused specifically on GID security; (2) Enhancing supply-side capacity, including training personnel and improving digital infrastructure; (3) Expanding the use of demand-side instruments, such as participatory governance platforms and cross-border data governance protocols; (4) Integrating symbolic interpretation of instruments using the GPM framework to better understand how governments communicate competence and legitimacy.

Our framework can be adapted to study other governance systems. For example, democratic states may prefer more post hoc evaluative instruments, while authoritarian systems may rely on ex ante regulatory controls. The typology we developed allows researchers to: Map instrument distributions across regime types; Investigate how symbolic narratives are embedded in legal texts; Analyze the effectiveness of these instruments in preventing security breaches or enhancing legitimacy. Additionally, comparative studies between China and other G20 countries could provide new insights into how different political structures shape the risk–transparency trade-off in the digital age. Policymakers in other centralized or semi-authoritarian regimes may benefit from adopting a dual-focus framework that anticipates participatory tools not only at the impact stage, but as part of early agenda setting. Furthermore, the symbolic reading of environmental tools offers new strategies for managing public expectations in risk-prone digital contexts.

In sum, this study offers both theoretical and practical value. It not only categorizes China’s GID security strategies but also contributes a novel lens for interpreting the political function of policy instruments. We hope this work will encourage more integrated, interdisciplinary research at the nexus of public policy, communication studies, and security governance.

Highlights

A two-dimensional analytical framework is proposed, integrating policy instruments (supply, environmental, demand) with content stages (readiness, implementation, impact).
The study systematically codes 259 central and local GID security policies (2007–2024) using grounded theory and NVivo.
Environmental-type instruments (e.g., laws, standards) dominate, especially in the implementation phase.
Demand-side instruments enabling participation and feedback are underused across all policy stages.
The study introduces the GPM framework to interpret how policy tools function symbolically to reinforce institutional legitimacy.

References

1. Karr AF. Citizen Access to Government Statistical Information. In: Chen H, et al. Digital Government. Integrated Series In Information Systems. Vol 17. Boston (MA): Springer; 2008.
2. Judson L. Eliminating public disclosures of government information from the reach of the espionage act. Texas Law Review. 2008;86(4):889–927.
- View Article
- Google Scholar
3. Aftergood S. National security secrecy: how the limits change. Social Sciences: An International Quarterly. 2010;77(3):839–52.
- View Article
- Google Scholar
4. Ukeje N, Gutierrez J, Petrova K. Information security and privacy challenges of cloud computing for government adoption: a systematic review. International Journal of Information Security. 2024;23:1459–75.
- View Article
- Google Scholar
5. Rothwell R, Zegveld W. An assessment of government innovation policies. Review of Policy Research. 1984;3(3–4):436–44.
- View Article
- Google Scholar
6. Kotler P, Lee N. Marketing in the public sector: A roadmap for improved performance. Upper Saddle River (NJ): Wharton School Publishing; 2006.
7. Peattie S, Peattie K, Thomas R. Social marketing as transformational marketing in public services: The case of Project Bernie. Public Management Review. 2012;14(7):987–1010.
- View Article
- Google Scholar
8. Verizon. 2024 Data Breach Investigations Report. 2024. Available from: https://www.verizon.com/business/resources/reports/dbir/.
- View Article
- Google Scholar
9. Bates J. The strategic importance of information policy for the contemporary neoliberal state: The case of Open Government Data in the United Kingdom. Government Information Quarterly. 2014;31(3):388–95.
- View Article
- Google Scholar
10. Meijer R, Conradie P, Choenni S. Reconciling contradictions of open data regarding transparency, privacy, security and trust. Journal of Theoretical and Applied Electronic Commerce Research. 2014;9(3):32–44.
- View Article
- Google Scholar
11. Ghosh A, Chakraborty D, Law A. Artificial intelligence in Internet of things. CAAI Transactions on Intelligence Technology. 2018;3(4):208–18.
- View Article
- Google Scholar
12. Kassen M. A promising phenomenon of open data: A case study of the Chicago open data project. Government Information Quarterly. 2013;30(4):508–13.
- View Article
- Google Scholar
13. Khan F, Kim H, Mathiassen L, Moore R. Data breach management: An integrated risk model. Information & Management. 2021;58(1):103392.
- View Article
- Google Scholar
14. Dawes SS. Stewardship and usefulness: Policy principles for information-based transparency. Government Information Quarterly. 2010;27(4):377–83.
- View Article
- Google Scholar
15. Li Y, Yang R, Lu YK. A privacy risk identification framework of open government data: A mixed-method study in China. Government Information Quarterly. 2024;41(1):546–72.
- View Article
- Google Scholar
16. et al. National security, individual privacy and public access to government-held information: the need for changing perspectives in a global environment. Information & Communications Technology Law. 2009;18(1):13–8.
- View Article
- Google Scholar
17. Zuiderwijk A, Janssen M. Open data policies, their implementation and impact: A framework for comparison. Government Information Quarterly. 2014;31(1):17–29.
- View Article
- Google Scholar
18. Abdugaffarovich AA, Abbasovich VA, Bakhtiyarovich NN. E-Government, Open Data, and Security: Overcoming Information Security Issues with Open Data. Computer Science and Information Technology. 2015;3(4):133–7.
- View Article
- Google Scholar
19. Krippendorff K. Content analysis: An introduction to its methodology. Thousand Oaks, CA: Sage Publications; 2019.
20. Hulst M, Visser E. Abductive analysis in qualitative research. Public Administration Review. 2024;84(5):1–14.
- View Article
- Google Scholar
21. Strauss A, Corbin J. Basics of Qualitative Research: Techniques and Procedures for Developing Grounded Theory. 2nd edition. Thousand Oaks (CA): Sage Publications; 1998. p. 201–43.
22. World Wide Web Foundation. Open Data Barometer-Leaders Edition. 2018. Available from: https://opendatabarometer.org/leadersedition/report/#opendata
- View Article
- Google Scholar
23. Margetts H, Dorobantu C. Rethink government with AI. Nature. 2019;568(7751):163–5. pmid:30967667
- View Article
- PubMed/NCBI
- Google Scholar
24. Ingrams A, Piotrowski S, Berliner D. Learning from our mistakes: Public management reform and the hope of open government. Perspectives on Public Management and Governance. 2020;3(4):257–72.
- View Article
- Google Scholar
25. Bannister F, Connolly R. The trouble with transparency: A critical review of openness in e-government. Policy & Internet. 2011;3:1–30.
- View Article
- Google Scholar
26. Yang TM. To open or not to open? Determinants of open government data. Journal of Information Science. 2015;41(5):596–612.
- View Article
- Google Scholar
27. Moynihan DP. Ambiguity in policy lessons: the agencification experience. Public Administration. 2006;84:1029–50.
- View Article
- Google Scholar
28. Nam T, Pardo TA, Conceptualizing smart city with dimensions of technology, people, and institutions. Proceedings of the 12th Annual International Digital Government Research Conference: Digital Government Innovation in Challenging Times (dg.o’11). 2011. p. 282–91. Association for Computing Machinery. https://doi.org/10.1145/2037556.2037602
29. Yu XY. Central–local conflicts in China’s environmental policy implementation: The case of the sloping land conversion program. Natural Hazards. 2016;84:77–96.
- View Article
- Google Scholar
30. Song N, Xu L, Chen X, Xu H, Jiang S. Research on the improvement path of grassroots social governance innovation performance in China--Qualitative comparative analysis based on 35 cases. PLoS One. 2024;19(2):e0297587. pmid:38381725
- View Article
- PubMed/NCBI
- Google Scholar
31. Li L, Li Z, Ding H, Gao M. How can digitalization be used to develop community resilience in public health emergencies?: A qualitative comparative analysis from China. PLoS One. 2024;19(12):e0315713. pmid:39715248
- View Article
- PubMed/NCBI
- Google Scholar
32. Elliott IC, Puppim de Oliveira JA, Wu AM. Public administration and development in (historical) perspective. Public Administration and Development. 2024. p. 1–17.
- View Article
- Google Scholar
33. Campbell Public Affairs Institute, National Security and Open Government. Striking the Right Balance. Syracuse (NY): Campbell Public Affairs Institute; 2003. p. 149–67.
34. Zhao YP, Fan B. Exploring open government data capacity of government agency: Based on the resource-based theory. Government Information Quarterly. 2018;35(1):1–12.
- View Article
- Google Scholar
35. Jetzek T, Avital M, Bjorn-Andersen N. Data-driven innovation through open government data. Journal of Theoretical and Applied Electronic Commerce Research. 2014;9(2):100–20.
- View Article
- Google Scholar

[ref1] 1. Karr AF. Citizen Access to Government Statistical Information. In: Chen H, et al. Digital Government. Integrated Series In Information Systems. Vol 17. Boston (MA): Springer; 2008.

[ref2] 2. Judson L. Eliminating public disclosures of government information from the reach of the espionage act. Texas Law Review. 2008;86(4):889–927.
View Article
Google Scholar

[3] View Article

[4] Google Scholar

[ref3] 3. Aftergood S. National security secrecy: how the limits change. Social Sciences: An International Quarterly. 2010;77(3):839–52.
View Article
Google Scholar

[6] View Article

[7] Google Scholar

[ref4] 4. Ukeje N, Gutierrez J, Petrova K. Information security and privacy challenges of cloud computing for government adoption: a systematic review. International Journal of Information Security. 2024;23:1459–75.
View Article
Google Scholar

[9] View Article

[10] Google Scholar

[ref5] 5. Rothwell R, Zegveld W. An assessment of government innovation policies. Review of Policy Research. 1984;3(3–4):436–44.
View Article
Google Scholar

[12] View Article

[13] Google Scholar

[ref6] 6. Kotler P, Lee N. Marketing in the public sector: A roadmap for improved performance. Upper Saddle River (NJ): Wharton School Publishing; 2006.

[ref7] 7. Peattie S, Peattie K, Thomas R. Social marketing as transformational marketing in public services: The case of Project Bernie. Public Management Review. 2012;14(7):987–1010.
View Article
Google Scholar

[16] View Article

[17] Google Scholar

[ref8] 8. Verizon. 2024 Data Breach Investigations Report. 2024. Available from: https://www.verizon.com/business/resources/reports/dbir/.
View Article
Google Scholar

[19] View Article

[20] Google Scholar

[ref9] 9. Bates J. The strategic importance of information policy for the contemporary neoliberal state: The case of Open Government Data in the United Kingdom. Government Information Quarterly. 2014;31(3):388–95.
View Article
Google Scholar

[22] View Article

[23] Google Scholar

[ref10] 10. Meijer R, Conradie P, Choenni S. Reconciling contradictions of open data regarding transparency, privacy, security and trust. Journal of Theoretical and Applied Electronic Commerce Research. 2014;9(3):32–44.
View Article
Google Scholar

[25] View Article

[26] Google Scholar

[ref11] 11. Ghosh A, Chakraborty D, Law A. Artificial intelligence in Internet of things. CAAI Transactions on Intelligence Technology. 2018;3(4):208–18.
View Article
Google Scholar

[28] View Article

[29] Google Scholar

[ref12] 12. Kassen M. A promising phenomenon of open data: A case study of the Chicago open data project. Government Information Quarterly. 2013;30(4):508–13.
View Article
Google Scholar

[31] View Article

[32] Google Scholar

[ref13] 13. Khan F, Kim H, Mathiassen L, Moore R. Data breach management: An integrated risk model. Information & Management. 2021;58(1):103392.
View Article
Google Scholar

[34] View Article

[35] Google Scholar

[ref14] 14. Dawes SS. Stewardship and usefulness: Policy principles for information-based transparency. Government Information Quarterly. 2010;27(4):377–83.
View Article
Google Scholar

[37] View Article

[38] Google Scholar

[ref15] 15. Li Y, Yang R, Lu YK. A privacy risk identification framework of open government data: A mixed-method study in China. Government Information Quarterly. 2024;41(1):546–72.
View Article
Google Scholar

[40] View Article

[41] Google Scholar

[ref16] 16. et al. National security, individual privacy and public access to government-held information: the need for changing perspectives in a global environment. Information & Communications Technology Law. 2009;18(1):13–8.
View Article
Google Scholar

[43] View Article

[44] Google Scholar

[ref17] 17. Zuiderwijk A, Janssen M. Open data policies, their implementation and impact: A framework for comparison. Government Information Quarterly. 2014;31(1):17–29.
View Article
Google Scholar

[46] View Article

[47] Google Scholar

[ref18] 18. Abdugaffarovich AA, Abbasovich VA, Bakhtiyarovich NN. E-Government, Open Data, and Security: Overcoming Information Security Issues with Open Data. Computer Science and Information Technology. 2015;3(4):133–7.
View Article
Google Scholar

[49] View Article

[50] Google Scholar

[ref19] 19. Krippendorff K. Content analysis: An introduction to its methodology. Thousand Oaks, CA: Sage Publications; 2019.

[ref20] 20. Hulst M, Visser E. Abductive analysis in qualitative research. Public Administration Review. 2024;84(5):1–14.
View Article
Google Scholar

[53] View Article

[54] Google Scholar

[ref21] 21. Strauss A, Corbin J. Basics of Qualitative Research: Techniques and Procedures for Developing Grounded Theory. 2nd edition. Thousand Oaks (CA): Sage Publications; 1998. p. 201–43.

[ref22] 22. World Wide Web Foundation. Open Data Barometer-Leaders Edition. 2018. Available from: https://opendatabarometer.org/leadersedition/report/#opendata
View Article
Google Scholar

[57] View Article

[58] Google Scholar

[ref23] 23. Margetts H, Dorobantu C. Rethink government with AI. Nature. 2019;568(7751):163–5. pmid:30967667
View Article
PubMed/NCBI
Google Scholar

[60] View Article

[61] PubMed/NCBI

[62] Google Scholar

[ref24] 24. Ingrams A, Piotrowski S, Berliner D. Learning from our mistakes: Public management reform and the hope of open government. Perspectives on Public Management and Governance. 2020;3(4):257–72.
View Article
Google Scholar

[64] View Article

[65] Google Scholar

[ref25] 25. Bannister F, Connolly R. The trouble with transparency: A critical review of openness in e-government. Policy & Internet. 2011;3:1–30.
View Article
Google Scholar

[67] View Article

[68] Google Scholar

[ref26] 26. Yang TM. To open or not to open? Determinants of open government data. Journal of Information Science. 2015;41(5):596–612.
View Article
Google Scholar

[70] View Article

[71] Google Scholar

[ref27] 27. Moynihan DP. Ambiguity in policy lessons: the agencification experience. Public Administration. 2006;84:1029–50.
View Article
Google Scholar

[73] View Article

[74] Google Scholar

[ref28] 28. Nam T, Pardo TA, Conceptualizing smart city with dimensions of technology, people, and institutions. Proceedings of the 12th Annual International Digital Government Research Conference: Digital Government Innovation in Challenging Times (dg.o’11). 2011. p. 282–91. Association for Computing Machinery. https://doi.org/10.1145/2037556.2037602

[ref29] 29. Yu XY. Central–local conflicts in China’s environmental policy implementation: The case of the sloping land conversion program. Natural Hazards. 2016;84:77–96.
View Article
Google Scholar

[77] View Article

[78] Google Scholar

[ref30] 30. Song N, Xu L, Chen X, Xu H, Jiang S. Research on the improvement path of grassroots social governance innovation performance in China--Qualitative comparative analysis based on 35 cases. PLoS One. 2024;19(2):e0297587. pmid:38381725
View Article
PubMed/NCBI
Google Scholar

[80] View Article

[81] PubMed/NCBI

[82] Google Scholar

[ref31] 31. Li L, Li Z, Ding H, Gao M. How can digitalization be used to develop community resilience in public health emergencies?: A qualitative comparative analysis from China. PLoS One. 2024;19(12):e0315713. pmid:39715248
View Article
PubMed/NCBI
Google Scholar

[84] View Article

[85] PubMed/NCBI

[86] Google Scholar

[ref32] 32. Elliott IC, Puppim de Oliveira JA, Wu AM. Public administration and development in (historical) perspective. Public Administration and Development. 2024. p. 1–17.
View Article
Google Scholar

[88] View Article

[89] Google Scholar

[ref33] 33. Campbell Public Affairs Institute, National Security and Open Government. Striking the Right Balance. Syracuse (NY): Campbell Public Affairs Institute; 2003. p. 149–67.

[ref34] 34. Zhao YP, Fan B. Exploring open government data capacity of government agency: Based on the resource-based theory. Government Information Quarterly. 2018;35(1):1–12.
View Article
Google Scholar

[92] View Article

[93] Google Scholar

[ref35] 35. Jetzek T, Avital M, Bjorn-Andersen N. Data-driven innovation through open government data. Journal of Theoretical and Applied Electronic Commerce Research. 2014;9(2):100–20.
View Article
Google Scholar

[95] View Article

[96] Google Scholar

Figures

Abstract

1. Introduction

2. Literature review

2.1. Theoretical perspectives: openness and security as governance tension

2.2. Security risks in GID: macro and micro dimensions

2.3. Governance strategies: legal, institutional, and technological instruments

3. Research design and method

3.1. Data sources and sample criteria

3.2. Coding process and analytical framework

3.3. Inter-coder reliability and coding validity

4. Content analysis of GID security policies

4.1. Overview of GID security policy development

4.1.1. Policy release timing.

4.1.2. Policy types and legal authority.

4.1.3. Thematic emphases and lexical priorities.

4.2. Coding and thematic structure of policy content

4.2.1. Text coding and analytical approach.

4.2.2. X dimension: policy instrument types.

4.2.3. Y dimension: policy content stages.

4.2.4. X-Y interaction: instrument deployment by policy stage.

4.2.5. Integrative synthesis: strategic emphasis across dimensions.

5. Discussion

5.1. Theoretical enrichment: GPM and symbolic legitimacy

5.2. Strategic instrument biases and governance blind spots

5.3. International relevance: regime differences and comparative implications

6. Conclusions and future research

Highlights

References