Executive Summary
On February 24, 2026, the State Administration for Market Regulation (“SAMR”) promulgated the Regulation on the Protection of Trade Secrets (“Regulation”), which took effect on June 1, 2026, simultaneously repealing the Several Provisions on Prohibiting Infringement of Trade Secrets issued by the former State Administration for Industry and Commerce in 1995 (“1995 Provisions”). The Regulation expands from 12 articles to 31, transforming trade secret protection from a set of general prohibitions into a comprehensive regime built upon the Anti-Unfair Competition Law (“AUCL”). It modernizes trade secret law for the digital economy, expressly bringing data, algorithms, and code within scope, and addressing emerging scenarios such as electronic intrusion and remote-work security.
For foreign companies operating in or with China, the Regulation signals a shift toward proactive compliance, as enterprises are expected to establish internal trade secret management systems rather than relying solely on post-infringement remedies.
We recommend that foreign companies promptly assess their trade secret portfolios and protection measures against the Regulation’s standards, including reviewing their classification and protection frameworks, updating employment agreements and non-disclosure agreements, and ensuring that confidentiality provisions are sufficiently specific and aligned with applicable data security, cybersecurity, and export control regimes in China.

Detailed Content
1. Key Innovations
| Prior Framework (1995 Provisions + AUCL) | the Regulation | |
|---|---|---|
| Scope | General references to technical and business information “Practical utility” required | Data, algorithms, code, and computer programs expressly protected “Practical utility” abolished – commercial value alone suffices |
| Infringement categories | Broadly stated | Systematized across acquisition, disclosure/use, breach of duty, indirect infringement, third-party liability |
| Confidentiality measures | Generally referenced | Eight enumerated categories with specific examples, including remote-work and cross-border scenarios |
| Rights holders | Trade secret owners | Owners, licensees, and authorized persons may independently file complaints |
| Enforcement | Not procedurally specified | Full procedural chain: complaint → preliminary evidence → filing → investigation → presumption mechanism → penalty |
| Penalties | Up to RMB 200,000 | RMB 100,000–1,000,000 (standard) RMB 1,000,000–5,000,000 (serious) Confiscation of illegal gains |
| Extraterritorial reach | Not addressed | Expressly covers foreign conduct affecting China’s market |
| Enterprise duties | Not specified | Enterprises are encouraged to establish trade secret management systems |
2. Expanded Definition of Trade Secrets
The Regulation defines trade secrets as technical information, business information, and other commercial information that meets the following criteria:
- The information is not publicly known.
- It possesses commercial value.
- The rights holder has taken corresponding confidentiality measures to protect it.
The table below sets out the scope of technical information and business information under the Regulation:
| Technical Information | Business Information |
|---|---|
| information relating to technical activities, including but not limited to: Structures Raw materials Formulas Materials Samples Patterns Processes Methods Data Algorithms Computer programs Code | information relating to business activities, including but not limited to: Creative concepts Management Sales Finance Plans Samples Customer information (including customer names, addresses, contact details, transaction habits, and intentions) |
With respect to the technical information, the explicit inclusion of code is a new addition, enabling software companies to protect source code through trade secret law in addition to copyright registration. The inclusion of data and algorithms addresses the core assets of AI and data-driven enterprises.
An important conceptual shift from the 1995 Provisions is the abolition of the requirement that trade secrets possess “practical utility”. Under the Regulation, commercial value, whether actual or potential, is the sole value standard. This reflects the reality that in innovation-intensive industries, even information that does not yet have immediate practical application may confer significant competitive advantage.
3. The Three Elements of Trade Secrets
Under the Regulation, information qualifies as a trade secret only if all three elements are satisfied:
| Element | Core Test |
|---|---|
| 1. Not Publicly Known | Not generally known or easily accessible |
| 2. Commercial Value | Actual or potential economic value |
| 3. Confidentiality Measures | Reasonable measures taken to maintain secrecy |
3.1 Not publicly known
Core standard
- Not generally known to relevant personnel in the field.
- Not easily accessible through lawful means.
Key points
- The Regulation assesses whether information is publicly known at the time of the alleged infringement, which means that subsequent public disclosure does not affect a prior finding of infringement.
- General knowledge, industry practice, and information obtainable from marketed products or public channels (e.g., publications, media, exhibitions) are excluded.
- Information derived from public channels may still qualify if it has been organized, improved, or processed.
3.2 Commercial value
Core standard
Commercial value includes both actual and potential economic benefits.
- Actual value: increased assets, revenue or profit growth.
- Potential value: user growth, cost reduction, shortened R&D timelines, increased transaction opportunities, and enhanced reputation.
Key points
Interim research results and failed experimental data or technical solutions may also has commercial value if they meet the above criteria of actual or potential value.
3.3 Confidentiality measures
Core standard
The right holder shall adopt reasonable and corresponding measures to maintain secrecy.
- Includes contractual, organizational, physical, and technical measures:
- Contractual: confidentiality agreements or clauses.
- Organizational: Internal policies, training, and written notices.
- Physical: restrictions on entry to facilities and differentiated management of sensitive areas.
- Technical: role-based access, data anonymization, and log tracking.
- Judicial practice insights
Merely executing a confidentiality agreement does not automatically ensure that the information will be recognized as a trade secret. Courts in certain regions have rejected claims where:
- The scope of protected information is defined in overly broad or generic terms; or
- Specific protected information is not clearly identified.
Companies must ensure that their agreements and internal policies identify protected information with sufficient specificity, clearly communicate the scope of confidentiality obligations, and implement measures that would, under normal circumstances, be adequate to prevent disclosure.
4. Systematized Infringement Framework
The Regulation define prohibited conduct across five dimensions, significantly refining the broadly worded framework under the 1995 Provisions.
| Category | Key Focus |
|---|---|
| Improper Acquisition | How secrets are obtained |
| Disclosure and Use | How secrets are exploited |
| Breach of Obligations | Violation of confidentiality duties |
| Indirect Infringement | Inducing or assisting infringement |
| Third-party Liability | Liability of downstream recipients |
4.1 Improper acquisition
The Regulation prohibits obtaining trade secrets through theft, bribery, fraud, coercion, electronic intrusion, or other improper means. The improper means include the following:
- Unauthorized or excessive contact with, possession of, or copying of documents, items, materials, or raw materials containing or from which trade secrets can be derived.
This rule extends the concept of “theft” beyond the direct carrier to indirect carriers.
- Bribery, coercion, or deception of rights holders’ employees, former employees, or other persons to obtain trade secrets.
- Unauthorized or excessive access to digital office systems, servers, email accounts, cloud drives, and application accounts, or obtaining trade secrets through malicious programs or vulnerability attacks.
This definition is notably broader than traditional “hacking” and also covers employees using valid credentials for unauthorized purposes (e.g., bulk downloading before departure).
- Downloading or transmitting trade secrets to electronic devices, email accounts, or cloud storage not controlled by the rights holder after authorization expires.
4.2 Disclosure and use
The Regulation prohibits disclosing improperly obtained trade secrets, using them, or allowing others to use them.
| Type | Scope |
|---|---|
| Disclosure | Direct useUse after modification or improvementPassive use (e.g., using a competitor’s trade secret to avoid failed research paths) |
| Use | Making information publicly known or readily accessible |
4.3 Breach of confidentiality obligations
The Regulation prohibits violating confidentiality obligations or the rights holder’s confidentiality requirements. Specifically, confidentiality obligations may arise from multiple sources:
| Source | Description |
|---|---|
| Contractual | Express confidentiality clauses |
| Implication | Based on the contract purpose, trade customs, and good faith |
| Express Demands | Specific confidentiality requests by the rights holder |
| Internal Rules | Company policies and internal regulations |
4.4 Indirect infringement
The Regulation prohibits instigating, inducing, or assisting others to infringe trade secrets. Detailed examples include:
- Explicitly or implicitly inciting or directing others to infringe.
- Explicitly or implicitly inducing others through material rewards or job promises.
- Providing funds, technology, or equipment with knowledge that the recipient is infringing.
This provision targets the common practice of poaching competitors’ employees to obtain trade secrets. The inclusion of “implicit” inducement, through suggestion rather than explicit instruction, is significant, though in practice its application will require careful factual assessment. Where a recipient has actually used trade secrets brought by a new employee, the finding of joint infringement will ordinarily follow, unless the recipient can provide evidence that it was misled by the employee and had no knowledge of the use of such trade secrets. Where no use has yet occurred, proving implicit inducement requires substantial evidence and the alleged inducer may rebut the presumption through alternative explanations.
4.5 Third-party liability
The Regulation extends liability to third parties who knowingly acquire, use, or disclose infringed trade secrets, and applies to both operators and non-operators, including natural persons, legal persons, and non-legal person organizations.
In assessing whether a third party “knew or should have known”, the Regulation requires a multi-factor analysis considering the following:
- Degree of confidentiality of the information.
- The reasonableness of the acquisition channel and method.
- The transaction price.
- The relationship between the third party and the rights holder.
- Industry practice.
5. Safe Harbors
The Regulation codifies five circumstances that do not generally constitute trade secret infringement:
- Independent discovery or self-development.
- Reverse engineering, including disassembly, surveying, and analysis of products obtained through public channels.
Notably, Chinese judicial practice establishes three conditions for a valid reverse-engineering defense:
- The product must have been lawfully obtained from public channels.
- The person conducting the reverse engineering must not have had prior access to the trade secret.
- The party asserting the defense must provide actual R&D evidence documenting the reverse-engineering process.
- Former employees of the rights holder using general knowledge, skills, and industry experience acquired in the course of their employment.
This provision protects employees’ fundamental right to earn a livelihood and change employment, while preventing employers from unduly restricting the use of employees’ general skills and experience. However, the boundary between permissible application of general skills and impermissible reproduction of trade secrets requires careful delineation: an employee who naturally applies broadly transferable professional experience does not infringe, but one who deliberately memorizes, reproduces, or replicates specific parameters, formulas, source code, or detailed business information of the former employer crosses the line into infringement.
- Disclosure to state organs for the purpose of exposing illegal or criminal acts or safeguarding national security or the public interest.
- Other circumstances not constituting infringement.
6. Administrative Enforcement System
The Regulation establishes a comprehensive administrative enforcement framework that addresses the traditional challenges of trade secret protection:
- Difficulty in discovery.
- High evidentiary burdens.
- Inconsistent enforcement standards.
6.1 Expanded rights holders
The Regulation defines rights holders to include not only trade secret owners but also licensees and authorized persons, who may independently file complaints with market supervision authorities. This significantly broadens access to administrative remedies, and a licensee discovering infringement no longer needs to rely on the owner to act.
6.2 Structured complaint and evidence framework
When filing a complaint, rights holders should provide preliminary evidence demonstrating the formation process and timing of the commercial information, its non-public nature, its commercial value, and the confidentiality measures adopted. They can also provide specific leads, such as indications that confidentiality measures have been breached or that the trade secret has actually been obtained by the alleged infringer.
6.3 Presumption of infringement and burden shifting
One of the Regulation’s most practically significant innovations is the codification of the “access +substantial similarity” rule developed in judicial practice. Where evidence shows that the alleged infringer’s information is substantially identical to the claimed trade secret and the alleged infringer had the opportunity to access it, competent authorities may presume infringement, unless the alleged infringer proves lawful acquisition or use. This mechanism substantially reduces the evidentiary burden on rights holders, who in practice often lack direct evidence of infringement.
7. Penalties
The Regulation establishes a two-tier penalty framework, representing a substantial increase over the prior maximum fine of RMB 200,000:
- Standard infringement: Order to cease the unlawful conduct, confiscation of illegal gains, and a fine of RMB 100,000 to 1,000,000 (approximately EUR 13,000 to 130,000).
- Serious circumstances: Fine of RMB 1,000,000 to 5,000,000 (approximately EUR 130,000 to 650,000). The Regulation defines serious circumstances to include significant direct losses to the rights holder, major adverse impact on business operations, harm to national or public interests, and repeat infringement within two years of a prior administrative penalty.
These penalties apply to both legal entities and individuals involved in the infringement, regardless of their role within the company or organization.
8. Extraterritorial Application and Enterprise Compliance Obligations
8.1 Extraterritorial reach
The Regulation expressly provides that infringing acts committed outside China that disrupt domestic market competition or harm the lawful rights and interests of domestic operators are subject to the Regulation. This means that foreign parent companies and entities with no physical presence in China may face administrative action if their conduct. For example, infringement of trade secrets from a Chinese joint venture partner may fall within the scope of the Regulation.
While administrative enforcement with extraterritorial effect faces practical challenges, including evidence collection abroad, potential conflicts of law, and international comity considerations, the provision establishes a clear legal basis for action and signals China’s intent to protect domestic enterprises in cross-border scenarios.
8.2 Enterprise compliance obligations
The Regulation establishes a multi-stakeholder governance model, shifting trade secret protection from a reactive, post-infringement approach toward proactive and preventive governance. The Regulation also encourages social supervision through whistleblowing while requiring authorities to maintain the confidentiality of whistleblower identities.
- Market supervision authorities are required to guide enterprises in establishing trade secret protection systems through education, training, and compliance outreach.
- Enterprises themselves bear the primary responsibility for protecting their trade secrets, and shall, taking into account their industry, technology, and competitive environment, implement effective internal controls and compliance management systems.
- Industry organizations are encouraged to issue trade secret protection standards and compliance guidelines and to exercise self-regulatory functions.
Practical Implications for Foreign Companies
The Regulation materially reshapes the trade secret protection landscape for foreign companies operating in or with China.
Opportunities
Foreign companies benefit from a more predictable enforcement regime with lower evidentiary hurdles. The presumption of infringement mechanism makes it easier to prove misappropriation, While the recognition of digital assets provides a stronger legal basis for protecting software, algorithms, and data. The expanded definition of rights holders and higher penalties further enhance enforcement effectiveness.
Compliance Risks
At the same time, compliance expectations are significantly heightened. Companies must implement clear, specific, and well-documented confidentiality measures, as generic protections are unlikely to suffice.
In addition, a single dataset may trigger multiple regulatory regimes (e.g., trade secrets, data security, personal information, and export controls), requiring integrated compliance.
Recruitment from competitors carries increased risk under the indirect infringement rules, and foreign parent companies may face exposure under the extraterritoriality provisions even without a physical presence in China.
Recommendations
We recommend that companies take the following steps:
- Conduct a trade secret review
Classify and inventory all technical and business information held in or accessible from China, including data, algorithms, code, interim R&D results, failed experimental data, and customer analytics. The broadened scope of protectable information means more assets than previously recognized may qualify and require protection. - Strengthen confidentiality agreements with specificity
Review and update employment agreements, NDAs, and joint venture contracts to define protected trade secrets with sufficient particularity. Chinese courts have rejected claims where confidentiality clauses were overly broad or generic. Agreements should identify categories of protected information, specify confidentiality obligations, and address post-employment duties. - Implement the technical safeguards the Regulation expressly recognizes
Deploy role-based access controls, permission tiers, data encryption, watermarking, download tracking, and operation log trails, particularly for remote work and cross-border collaboration scenarios. These measures serve both as protection and as evidence of compliance. - Review the recruitment and departure procedures
When hiring from competitors, document legitimate recruitment processes and avoid incentive packages, whether explicit or implicit, that could be characterized as inducement to misappropriate trade secrets. For departing employees, implement timely access-right adjustments and exit protocols that document the return, deletion, or destruction of trade secret materials and confirm continuing confidentiality obligations. - Maintain evidence trails
Record when and how information was developed, who had access, and what confidentiality measures were in place. This directly supports the preliminary evidence requirements of Article 18 and will be critical in any enforcement action. - Integrate compliance across regimes
Treat trade secret protection not as a standalone IP function but as part of an integrated compliance framework that also covers data security, cybersecurity, export controls, and personal information protection. The overlapping regulatory treatment of digital assets under Chinese law make siloed compliance approaches increasingly difficult to sustain.
How can we help you?
Merlin Song
Associate