• Share

    Share via...

    • Facebook
    • WhatsApp
    • LinkedIn
    • Twitter
    • E-Mail
    • Pinterest
  • Client areaClient Login
  • EN
  • DE
  • Career
  • Home
  • About us
  • Expertise
    • Audit
      • Audit and Assurance
      • Internal Audit and Compliance
      • Transaction Services
    • Legal
      • Corporate Governance
      • Mergers & Acquisitions
      • Employment Law
      • General Corporate Matters
      • Risk Advisory and Whistleblower
    • Tax
      • Tax Advisory
      • Tax Compliance Services
    • Bookkeeping
      • Accounting
      • Payroll
      • Treasury and secretarial services
      • Tax Filing
      • Financial Controlling
  • Team
  • News & Events
  • Get in touch
  • China Legal Advisory
  • Meta-Menu
    • Share

      Share via...

      • Facebook
      • WhatsApp
      • LinkedIn
      • Twitter
      • E-Mail
      • Pinterest
    • account_circle
    • Career

Ebner Stolz Asia

In this article

  • Executive Summary
  • Detailed Content
  • Practical Implications for Foreign Companies
  • Recommendations
China News

China’s New Regulation on the Protection of Trade Secrets

By Merlin Song July 16, 2026

Executive Summary

On February 24, 2026, the State Administration for Market Regulation (“SAMR”) promulgated the Regulation on the Protection of Trade Secrets (“Regulation”), which took effect on June 1, 2026, simultaneously repealing the Several Provisions on Prohibiting Infringement of Trade Secrets issued by the former State Administration for Industry and Commerce in 1995 (“1995 Provisions”). The Regulation expands from 12 articles to 31, transforming trade secret protection from a set of general prohibitions into a comprehensive regime built upon the Anti-Unfair Competition Law (“AUCL”). It modernizes trade secret law for the digital economy, expressly bringing data, algorithms, and code within scope, and addressing emerging scenarios such as electronic intrusion and remote-work security.

For foreign companies operating in or with China, the Regulation signals a shift toward proactive compliance, as enterprises are expected to establish internal trade secret management systems rather than relying solely on post-infringement remedies.

We recommend that foreign companies promptly assess their trade secret portfolios and protection measures against the Regulation’s standards, including reviewing their classification and protection frameworks, updating employment agreements and non-disclosure agreements, and ensuring that confidentiality provisions are sufficiently specific and aligned with applicable data security, cybersecurity, and export control regimes in China.

Detailed Content

1. Key Innovations

Prior Framework (1995 Provisions + AUCL)the Regulation
ScopeGeneral references to technical and business information “Practical utility” requiredData, algorithms, code, and computer programs expressly protected “Practical utility” abolished – commercial value alone suffices
Infringement categoriesBroadly statedSystematized across acquisition, disclosure/use, breach of duty, indirect infringement, third-party liability
Confidentiality measuresGenerally referencedEight enumerated categories with specific examples, including remote-work and cross-border scenarios
Rights holdersTrade secret ownersOwners, licensees, and authorized persons may independently file complaints
EnforcementNot procedurally specifiedFull procedural chain: complaint → preliminary evidence → filing → investigation → presumption mechanism → penalty
PenaltiesUp to RMB 200,000RMB 100,000–1,000,000 (standard) RMB 1,000,000–5,000,000 (serious) Confiscation of illegal gains
Extraterritorial reachNot addressedExpressly covers foreign conduct affecting China’s market
Enterprise dutiesNot specifiedEnterprises are encouraged to establish trade secret management systems

2. Expanded Definition of Trade Secrets

The Regulation defines trade secrets as technical information, business information, and other commercial information that meets the following criteria: 

  1. The information is not publicly known. 
  2. It possesses commercial value. 
  3. The rights holder has taken corresponding confidentiality measures to protect it.

The table below sets out the scope of technical information and business information under the Regulation:

Technical InformationBusiness Information
information relating to technical activities, including but not limited to:

Structures
Raw materials
Formulas
Materials
Samples
Patterns
Processes
Methods
Data
Algorithms
Computer programs
Code
information relating to business activities, including but not limited to:

Creative concepts
Management
Sales
Finance
Plans
Samples
Customer information (including customer names, addresses, contact details, transaction habits, and intentions)

With respect to the technical information, the explicit inclusion of code is a new addition, enabling software companies to protect source code through trade secret law in addition to copyright registration. The inclusion of data and algorithms addresses the core assets of AI and data-driven enterprises.

An important conceptual shift from the 1995 Provisions is the abolition of the requirement that trade secrets possess “practical utility”. Under the Regulation, commercial value, whether actual or potential, is the sole value standard. This reflects the reality that in innovation-intensive industries, even information that does not yet have immediate practical application may confer significant competitive advantage.

3. The Three Elements of Trade Secrets

Under the Regulation, information qualifies as a trade secret only if all three elements are satisfied:

ElementCore Test
1. Not Publicly KnownNot generally known or easily accessible
2. Commercial ValueActual or potential economic value
3. Confidentiality MeasuresReasonable measures taken to maintain secrecy

3.1 Not publicly known

Core standard

  • Not generally known to relevant personnel in the field.
  • Not easily accessible through lawful means.

Key points

  • The Regulation assesses whether information is publicly known at the time of the alleged infringement, which means that subsequent public disclosure does not affect a prior finding of infringement.
  • General knowledge, industry practice, and information obtainable from marketed products or public channels (e.g., publications, media, exhibitions) are excluded.
  • Information derived from public channels may still qualify if it has been organized, improved, or processed.

3.2 Commercial value

Core standard

Commercial value includes both actual and potential economic benefits.

  • Actual value: increased assets, revenue or profit growth.
  • Potential value: user growth, cost reduction, shortened R&D timelines, increased transaction opportunities, and enhanced reputation.

Key points

Interim research results and failed experimental data or technical solutions may also has commercial value if they meet the above criteria of actual or potential value.

3.3 Confidentiality measures

Core standard

The right holder shall adopt reasonable and corresponding measures to maintain secrecy.

  • Includes contractual, organizational, physical, and technical measures:
    • Contractual: confidentiality agreements or clauses.
    • Organizational: Internal policies, training, and written notices.
    • Physical: restrictions on entry to facilities and differentiated management of sensitive areas.
    • Technical: role-based access, data anonymization, and log tracking.
    • Judicial practice insights

Merely executing a confidentiality agreement does not automatically ensure that the information will be recognized as a trade secret. Courts in certain regions have rejected claims where:

  • The scope of protected information is defined in overly broad or generic terms; or
  • Specific protected information is not clearly identified.

Companies must ensure that their agreements and internal policies identify protected information with sufficient specificity, clearly communicate the scope of confidentiality obligations, and implement measures that would, under normal circumstances, be adequate to prevent disclosure.

4. Systematized Infringement Framework

The Regulation define prohibited conduct across five dimensions, significantly refining the broadly worded framework under the 1995 Provisions.

CategoryKey Focus
Improper AcquisitionHow secrets are obtained
Disclosure and UseHow secrets are exploited
Breach of ObligationsViolation of confidentiality duties
Indirect InfringementInducing or assisting infringement
Third-party LiabilityLiability of downstream recipients

4.1 Improper acquisition

The Regulation prohibits obtaining trade secrets through theft, bribery, fraud, coercion, electronic intrusion, or other improper means. The improper means include the following:

  • Unauthorized or excessive contact with, possession of, or copying of documents, items, materials, or raw materials containing or from which trade secrets can be derived.

This rule extends the concept of “theft” beyond the direct carrier to indirect carriers.

  • Bribery, coercion, or deception of rights holders’ employees, former employees, or other persons to obtain trade secrets.
  • Unauthorized or excessive access to digital office systems, servers, email accounts, cloud drives, and application accounts, or obtaining trade secrets through malicious programs or vulnerability attacks. 

This definition is notably broader than traditional “hacking” and also covers employees using valid credentials for unauthorized purposes (e.g., bulk downloading before departure).

  • Downloading or transmitting trade secrets to electronic devices, email accounts, or cloud storage not controlled by the rights holder after authorization expires.

4.2 Disclosure and use 

The Regulation prohibits disclosing improperly obtained trade secrets, using them, or allowing others to use them. 

TypeScope
DisclosureDirect useUse after modification or improvementPassive use (e.g., using a competitor’s trade secret to avoid failed research paths)
UseMaking information publicly known or readily accessible

4.3 Breach of confidentiality obligations 

The Regulation prohibits violating confidentiality obligations or the rights holder’s confidentiality requirements. Specifically, confidentiality obligations may arise from multiple sources: 

SourceDescription
ContractualExpress confidentiality clauses
ImplicationBased on the contract purpose, trade customs, and good faith
Express DemandsSpecific confidentiality requests by the rights holder
Internal RulesCompany policies and internal regulations

4.4 Indirect infringement 

The Regulation prohibits instigating, inducing, or assisting others to infringe trade secrets. Detailed examples include: 

  • Explicitly or implicitly inciting or directing others to infringe.
  • Explicitly or implicitly inducing others through material rewards or job promises.
  • Providing funds, technology, or equipment with knowledge that the recipient is infringing. 

This provision targets the common practice of poaching competitors’ employees to obtain trade secrets. The inclusion of “implicit” inducement, through suggestion rather than explicit instruction, is significant, though in practice its application will require careful factual assessment. Where a recipient has actually used trade secrets brought by a new employee, the finding of joint infringement will ordinarily follow, unless the recipient can provide evidence that it was misled by the employee and had no knowledge of the use of such trade secrets. Where no use has yet occurred, proving implicit inducement requires substantial evidence and the alleged inducer may rebut the presumption through alternative explanations.

4.5 Third-party liability 

The Regulation extends liability to third parties who knowingly acquire, use, or disclose infringed trade secrets, and applies to both operators and non-operators, including natural persons, legal persons, and non-legal person organizations. 

In assessing whether a third party “knew or should have known”, the Regulation requires a multi-factor analysis considering the following:

  • Degree of confidentiality of the information.
  • The reasonableness of the acquisition channel and method.
  • The transaction price.
  • The relationship between the third party and the rights holder.
  • Industry practice.

5. Safe Harbors

The Regulation codifies five circumstances that do not generally constitute trade secret infringement:

  • Independent discovery or self-development.
  • Reverse engineering, including disassembly, surveying, and analysis of products obtained through public channels. 

Notably, Chinese judicial practice establishes three conditions for a valid reverse-engineering defense: 

  • The product must have been lawfully obtained from public channels.
  • The person conducting the reverse engineering must not have had prior access to the trade secret.
  • The party asserting the defense must provide actual R&D evidence documenting the reverse-engineering process.
  • Former employees of the rights holder using general knowledge, skills, and industry experience acquired in the course of their employment. 

This provision protects employees’ fundamental right to earn a livelihood and change employment, while preventing employers from unduly restricting the use of employees’ general skills and experience. However, the boundary between permissible application of general skills and impermissible reproduction of trade secrets requires careful delineation: an employee who naturally applies broadly transferable professional experience does not infringe, but one who deliberately memorizes, reproduces, or replicates specific parameters, formulas, source code, or detailed business information of the former employer crosses the line into infringement.

  • Disclosure to state organs for the purpose of exposing illegal or criminal acts or safeguarding national security or the public interest.
  • Other circumstances not constituting infringement.

6. Administrative Enforcement System

The Regulation establishes a comprehensive administrative enforcement framework that addresses the traditional challenges of trade secret protection:

  • Difficulty in discovery.
  • High evidentiary burdens.
  • Inconsistent enforcement standards.

6.1 Expanded rights holders 

The Regulation defines rights holders to include not only trade secret owners but also licensees and authorized persons, who may independently file complaints with market supervision authorities. This significantly broadens access to administrative remedies, and a licensee discovering infringement no longer needs to rely on the owner to act.

6.2 Structured complaint and evidence framework 

When filing a complaint, rights holders should provide preliminary evidence demonstrating the formation process and timing of the commercial information, its non-public nature, its commercial value, and the confidentiality measures adopted. They can also provide specific leads, such as indications that confidentiality measures have been breached or that the trade secret has actually been obtained by the alleged infringer.

6.3 Presumption of infringement and burden shifting 

One of the Regulation’s most practically significant innovations is the codification of the “access +substantial similarity” rule developed in judicial practice. Where evidence shows that the alleged infringer’s information is substantially identical to the claimed trade secret and the alleged infringer had the opportunity to access it, competent authorities may presume infringement, unless the alleged infringer proves lawful acquisition or use. This mechanism substantially reduces the evidentiary burden on rights holders, who in practice often lack direct evidence of infringement.

7. Penalties

The Regulation establishes a two-tier penalty framework, representing a substantial increase over the prior maximum fine of RMB 200,000:

  • Standard infringement: Order to cease the unlawful conduct, confiscation of illegal gains, and a fine of RMB 100,000 to 1,000,000 (approximately EUR 13,000 to 130,000).
  • Serious circumstances: Fine of RMB 1,000,000 to 5,000,000 (approximately EUR 130,000 to 650,000). The Regulation defines serious circumstances to include significant direct losses to the rights holder, major adverse impact on business operations, harm to national or public interests, and repeat infringement within two years of a prior administrative penalty.

These penalties apply to both legal entities and individuals involved in the infringement, regardless of their role within the company or organization. 

8. Extraterritorial Application and Enterprise Compliance Obligations

8.1 Extraterritorial reach 

The Regulation expressly provides that infringing acts committed outside China that disrupt domestic market competition or harm the lawful rights and interests of domestic operators are subject to the Regulation. This means that foreign parent companies and entities with no physical presence in China may face administrative action if their conduct. For example, infringement of trade secrets from a Chinese joint venture partner may fall within the scope of the Regulation. 

While administrative enforcement with extraterritorial effect faces practical challenges, including evidence collection abroad, potential conflicts of law, and international comity considerations, the provision establishes a clear legal basis for action and signals China’s intent to protect domestic enterprises in cross-border scenarios.

8.2 Enterprise compliance obligations 

The Regulation establishes a multi-stakeholder governance model, shifting trade secret protection from a reactive, post-infringement approach toward proactive and preventive governance. The Regulation also encourages social supervision through whistleblowing while requiring authorities to maintain the confidentiality of whistleblower identities.

  • Market supervision authorities are required to guide enterprises in establishing trade secret protection systems through education, training, and compliance outreach. 
  • Enterprises themselves bear the primary responsibility for protecting their trade secrets, and shall, taking into account their industry, technology, and competitive environment, implement effective internal controls and compliance management systems. 
  • Industry organizations are encouraged to issue trade secret protection standards and compliance guidelines and to exercise self-regulatory functions.

Practical Implications for Foreign Companies

The Regulation materially reshapes the trade secret protection landscape for foreign companies operating in or with China.

Opportunities

Foreign companies benefit from a more predictable enforcement regime with lower evidentiary hurdles. The presumption of infringement mechanism makes it easier to prove misappropriation, While the recognition of digital assets provides a stronger legal basis for protecting software, algorithms, and data. The expanded definition of rights holders and higher penalties further enhance enforcement effectiveness.

Compliance Risks

At the same time, compliance expectations are significantly heightened. Companies must implement clear, specific, and well-documented confidentiality measures, as generic protections are unlikely to suffice.

In addition, a single dataset may trigger multiple regulatory regimes (e.g., trade secrets, data security, personal information, and export controls), requiring integrated compliance.

Recruitment from competitors carries increased risk under the indirect infringement rules, and foreign parent companies may face exposure under the extraterritoriality provisions even without a physical presence in China.

Recommendations

We recommend that companies take the following steps:

  • Conduct a trade secret review
    Classify and inventory all technical and business information held in or accessible from China, including data, algorithms, code, interim R&D results, failed experimental data, and customer analytics. The broadened scope of protectable information means more assets than previously recognized may qualify and require protection.
  • Strengthen confidentiality agreements with specificity
    Review and update employment agreements, NDAs, and joint venture contracts to define protected trade secrets with sufficient particularity. Chinese courts have rejected claims where confidentiality clauses were overly broad or generic. Agreements should identify categories of protected information, specify confidentiality obligations, and address post-employment duties.
  • Implement the technical safeguards the Regulation expressly recognizes
    Deploy role-based access controls, permission tiers, data encryption, watermarking, download tracking, and operation log trails, particularly for remote work and cross-border collaboration scenarios. These measures serve both as protection and as evidence of compliance.
  • Review the recruitment and departure procedures
    When hiring from competitors, document legitimate recruitment processes and avoid incentive packages, whether explicit or implicit, that could be characterized as inducement to misappropriate trade secrets. For departing employees, implement timely access-right adjustments and exit protocols that document the return, deletion, or destruction of trade secret materials and confirm continuing confidentiality obligations.
  • Maintain evidence trails
    Record when and how information was developed, who had access, and what confidentiality measures were in place. This directly supports the preliminary evidence requirements of Article 18 and will be critical in any enforcement action.
  • Integrate compliance across regimes
    Treat trade secret protection not as a standalone IP function but as part of an integrated compliance framework that also covers data security, cybersecurity, export controls, and personal information protection. The overlapping regulatory treatment of digital assets under Chinese law make siloed compliance approaches increasingly difficult to sustain.

How can we help you?

Merlin Song

Associate

  • +86 21 6330 9962 ext. 839
  • merlin.song@cn.ebnerstolz.com
  • View Profile
  • All team members

News & events

All news & events

  • July 16, 2026 by Merlin Song

    China’s New Regulation on the Protection of Trade Secrets

    Read more

  • event

    September 11, 2026

    RSVP: Talks & Chanson with Alice Roche & Friends

    Read more

  • May 29, 2026 by Sharon Hu

    Simplified Measures for Small Scale Personal Information Handlers – Key Takeaways and Commercial Implications

    Read more

  • May 29, 2026 by Rachel Wang

    Key Changes to Input Tax Deduction under China’s New VAT Law

    Read more

  • May 29, 2026 by Eloise Yao

    Key Highlights of China’s New Export Tax Refund Regulation

    Read more

  • March 11, 2026 by Rita Yu

    Embracing the new era of delayed retirement in China

    Read more

  • March 11, 2026 by Dr. Gerald Neumann

    6× or Downgrade: Decoding China’s Tightened Enforcement of Foreign Work Permit Rules in 2026

    Read more

  • November 20, 2025 by Dr. Gerald Neumann

    Key Points Analysis of “Interpretation on Several Issues Concerning the Application of Law in the Trial of Labor Dispute Cases (II)”

    Read more

Sign up for our newsletter to receive news and insights on business in China

Check your inbox or spam folder to confirm your subscription.

Representing you through 4 offices in China and Southeast Asia

Shanghai
Room 3606
Sinar Mas Plaza
Dong Da Ming Road No. 501
200080, Shanghai

Bangkok
98 North Sathorn Road
Lvl 28 Sathorn Square Tower
Silom Bangrak
Bangkok
10500
Thailand

Beijing
Unit DOB-0401M, DRC
Liangmaqiao Diplomatic Office
Building
19 Dongfang East Road
Chaoyang District
100600 Beijing

Taicang
No.12 Wanda Plaza
East shanghai Road No.188
Room 1708
215400 Taicang

Get in touch
  • Site Links
    • Home
    • About us
    • Team
    • News & Events
    • Career
  • Expertise areas
    • Audit and Assurance
    • Internal Audit and Compliance
    • Transaction Services
    • Corporate Governance
    • Mergers & Acquisitions
    • Employment Law
    • General Corporate Matters
    • Risk Advisory and Whistleblower
    • Tax Advisory
    • Tax Compliance Services
    • Accounting
    • Payroll
    • Treasury and secretarial services
    • Tax Filing
    • Financial Controlling
  • News & Events
    • All News & Events
    • Our Events
    • Accounting News
    • China News
    • Law News
    • Ebner Stolz News
    • HR News
    • Tax News
  • Follow us on linked.in
  • Imprint
  • Privacy Policy