With New Regulations, China Modernizes the Administrative Regime to Protect Trade Secrets

The State Administration for Market Regulation has issued new regulations to modernize the administrative regime for trade secret protection, which should benefit employers in protecting their trade secrets and enforce against trade secret theft and hacking. The new regulations take effect on June 1, 2026.

On February 24, 2026, the State Administration for Market Regulation (the SAMR) issued the Provisions on the Protection of Trade Secrets (the Provisions). The Provisions replace and repeal the Several Provisions on Prohibiting Infringement of Trade Secrets that were originally issued by the State Administration for Industry and Commerce (the agency that preceded the SAMR) in 1995. The new framework substantially modernizes China’s administrative trade secret protection regime by expanding the scope of protectable information, strengthening enforcement mechanisms, and introducing extraterritorial reach.

EXPANDED DEFINITION AND SCOPE OF TRADE SECRETS

The Provisions define a trade secret as any technical, business, or other commercial information that is not publicly known, carries commercial value, and is subject to confidentiality measures adopted by the rights holder. Notably, the Provisions provide a more granular enumeration of protectable subject matter. Technical information now expressly encompasses algorithms, computer programs, and source code. Business information is defined to include information relating to business operations such as ideas, management methods, sales strategies, financial data, plans, samples, and customer data. Customer information specifically covers names, addresses, and contact details as well as transaction habits, intentions, and content.

Reflecting more recent judicial precedent, the Provisions further clarify that interim results generated in the course of production and business activities, as well as data from failed experiments or abandoned technical proposals, qualify as protectable trade secrets provided they possess actual or potential commercial value—for example, by reducing R&D timelines, lowering costs, or conferring a competitive advantage for the rights holder.

CONFIDENTIALITY MEASURES

One of the core elements of trade secret protection is that the rights holder must adopt reasonable confidentiality measures commensurate with the nature and value of the information. The Provisions enumerate eight categories of recognized measures:

1. Entering into confidentiality agreements or incorporating confidentiality obligations into commercial contracts;
2. Establishing rules and regulations, conducting training, providing written notices and other means impose confidentiality requirements on employees, former employees, suppliers, customers, visitors, and other individuals who may have access to or obtain trade secrets;
3. Restricting or prohibiting access to sensitive facilities and implementing zoned management of production and business premises;
4. Adopting tiered access controls, data desensitization, and audit trail log for remote work and cross-border collaboration scenarios;
5. Marking, classifying, isolating, encrypting, sealing for storage, and restricting the scope of personnel who may access or obtain trade secrets and “trade secrets carriers” (商业秘密载体) so as to implement differentiated management of trade secrets and their carriers;
6. Prohibiting or imposing restrictions on the use, access, storage, and copying of computer, network, and storage devices and other facilities that may come into contact with or have access to trade secrets;
7. Requiring departing employees to register, return, delete, or destroy trade secrets and their carriers in their possession and to continue to observe their confidentiality obligations post-employment; and
8. Adopting other reasonable confidentiality measures.

The express recognition of technical safeguards for remote and cross-border settings, as well as the formalized post-employment carrier management obligations, are noteworthy additions that reflect current business realities.

INFRINGEMENT: HACKING OR UNAUTHORIZED ELECTRONIC ACCESS (电子侵入) AND THIRD-PARTY LIABILITY

For the first time at the regulatory level, the Provisions enumerate in detail the type of conduct that constitutes hacking or unauthorized electronic access. Examples include unauthorized access to a rights holder’s digital office systems, servers, or cloud storage; deploying malicious programs or exploiting vulnerabilities; and downloading trade secrets to devices or network storage beyond the rights holder’s control without authorization or in excess of authorized scope.

The Provisions also strengthen the framework for third-party liability: a third party who obtains or uses trade secrets with knowledge (or constructive knowledge) that the information was procured through infringing conduct is deemed to have committed infringement. Factors relevant to assessing a third party’s knowledge include the degree of confidentiality attached to the information, the reasonableness of the acquisition channel and method, the transaction price, the third party’s relationship with the rights holder, and applicable industry practice.

SAFE HARBORS: CONDUCT THAT DOES NOT CONSTITUTE INFRINGEMENT

For the first time at the regulatory level, the Provisions codify five categories of conduct that do not constitute trade secret infringement. Two safe harbors are particularly significant for employers and employees: (1) Former employee general knowledge exception: A former employee who draws upon general knowledge, skills, and industry experience accumulated during employment, or who relies on information obtainable through publicly available channels, does not infringe the former employer’s trade secrets; and (2) Whistleblower protection: Disclosure of trade secrets to state authorities or statutory bodies exercising administrative functions is not infringement if undertaken to report unlawful or criminal conduct or to safeguard national security or the public interest.

SIGNIFICANTLY ENHANCED ADMINISTRATIVE PENALTIES

The Provisions substantially increase the administrative penalties for trade secret infringement. Fines have been raised from the previous range of CNY 10,000–CNY 200,000 (about $1,450–$29,000) to CNY 100,000–CNY 1 million (about $14,500–$145,000) for standard violations. In serious cases, fines may reach CNY 1 million–CNY 5 million (about $145,000–$725,000) and unlawful gains are subject to confiscation.

On the enforcement front, market regulatory authorities are now expressly empowered to adopt compulsory measures including the seizure and impoundment of materials involved in an alleged infringement and the power to query bank accounts. Concurrently, enforcement authorities are required to maintain the confidentiality of any trade secrets they access during an investigation.

REPORTING AND BURDEN OF PROOF

The Provisions set out detailed requirements for the preliminary evidence and specific leads that a rights holder must submit when filing a complaint. This includes evidence of how the commercial information was developed, its nonpublic nature, the confidentiality measures adopted, and its commercial value, as well as specific leads regarding the alleged infringer’s access to and use of the trade secret(s).

The Provisions also refine the burden-shifting mechanism: if the rights holder produces evidence showing that the information used by the respondent is substantially identical to the rights holder’s trade secret and that the respondent had the opportunity to access it, infringement is presumed unless the respondent can demonstrate that its information was obtained through legitimate means.

EXTRATERRITORIAL APPLICATION

In a notable first, the Provisions expressly assert extraterritorial reach: trade secret infringement conducted outside the territory of the People’s Republic of China is subject to Chinese law if it disrupts market competition within China or harms the legitimate interests of domestic business operators.

RECOMMENDATIONS

In light of these Provisions that should make it easier for companies to establish the theft and misappropriation of trade secrets, companies should consider the following steps in advance of the June 1 effective date:

• Confidentiality framework: Review and update existing confidentiality policies, agreements, and internal protocols to ensure alignment with the newly enumerated measures.
• Technical safeguards: Implement or strengthen measures now expressly recognized under the Provisions as valid means to protect confidentiality.
• Offboarding procedures: Formalize exit protocols requiring departing employees to register, return, delete, or destroy all trade secrets—in whatever form—in their possession and control, and confirm their ongoing confidentiality obligations in writing.